๐ [ KlezVirus, d3adc0de ]
[Video] The 4th episode of my series about Inceptor is out: "Empowering Donut with Direct and Indirect Syscalls".
In this video, we'll show how it is possible to improve the donut loader by intergating it with SW3.
https://t.co/xNK4HNz9qS
๐ https://youtu.be/ypX7N4498xE
๐ฅ [ tweet ]
[Video] The 4th episode of my series about Inceptor is out: "Empowering Donut with Direct and Indirect Syscalls".
In this video, we'll show how it is possible to improve the donut loader by intergating it with SW3.
https://t.co/xNK4HNz9qS
๐ https://youtu.be/ypX7N4498xE
๐ฅ [ tweet ]
๐ [ ippsec, ippsec ]
Starting to play more with Elastic, so just published a video installing v8 it on Ubuntu 22. Really impressed with Fleet so far, the last time I played with Elastic it was a PITA keeping all the agent configs in sync. Fleet's auto update of agents is magic https://t.co/fbQkWgbJKW
๐ https://www.youtube.com/watch?v=Ts-ofIVRMo4
๐ฅ [ tweet ]
Starting to play more with Elastic, so just published a video installing v8 it on Ubuntu 22. Really impressed with Fleet so far, the last time I played with Elastic it was a PITA keeping all the agent configs in sync. Fleet's auto update of agents is magic https://t.co/fbQkWgbJKW
๐ https://www.youtube.com/watch?v=Ts-ofIVRMo4
๐ฅ [ tweet ]
๐ [ dec0ne, Mor Davidovich ]
Introducing ShadowSpray, it's like password spray but with shadow credentials. More info in the repo.
Huge thanks to @elad_shamir for the amazing technique and to @harmj0y (and others) for the implementation in Rubeus from which a lot of code was taken.
https://t.co/nIsnmaitfw
๐ https://github.com/Dec0ne/ShadowSpray/
๐ฅ [ tweet ]
Introducing ShadowSpray, it's like password spray but with shadow credentials. More info in the repo.
Huge thanks to @elad_shamir for the amazing technique and to @harmj0y (and others) for the implementation in Rubeus from which a lot of code was taken.
https://t.co/nIsnmaitfw
๐ https://github.com/Dec0ne/ShadowSpray/
๐ฅ [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
ะะพะฒะพะปัะฝะพ ะธะฝัะตัะตัะฝะฐั ััะฐััั, ะบะฐะบ ะพะฑั
ะพะดะธัั EDR ั ะฟะพะผะพััั python)))
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
#redteam #pentest #bypass
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
#redteam #pentest #bypass
๐ [ n00py1, n00py ]
Web vulns you should look for on an internal pentest: XXE.
We often think of XXE as a way to read local files, but you can also use it to coerce auth. HTTP NTLM does not request signing so you can easily relay it to LDAP. Web service accounts are often over permissioned.
๐ฅ [ tweet ]
Web vulns you should look for on an internal pentest: XXE.
We often think of XXE as a way to read local files, but you can also use it to coerce auth. HTTP NTLM does not request signing so you can easily relay it to LDAP. Web service accounts are often over permissioned.
๐ฅ [ tweet ]
๐ [ HackerGautam, Frooti ]
Not only crawling but you can do Subdomain Enumeration using Wayback.
โฌ๏ธ
curl --insecure --silent "http://web.archive.org/cdx/search/cdx" | sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sed "/@/d" | sed -e 's/\.$//' | sort -u
#bugbounty #hacking #infosec
๐ฅ [ tweet ]
Not only crawling but you can do Subdomain Enumeration using Wayback.
โฌ๏ธ
curl --insecure --silent "http://web.archive.org/cdx/search/cdx" | sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sed "/@/d" | sed -e 's/\.$//' | sort -u
#bugbounty #hacking #infosec
๐ฅ [ tweet ]
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
This is how easter eggs are found ๐ @_nwodtuhs @podalirius_
๐ฅ [ tweet ]
This is how easter eggs are found ๐ @_nwodtuhs @podalirius_
๐ฅ [ tweet ]
๐ฅ2
๐ [ ORCx41, ORCA ]
decided to release this, a highly capable pe packer, with a lot of nice features
https://t.co/iedhKbTlzm
๐ https://github.com/ORCx41/AtomPePacker
๐ฅ [ tweet ]
decided to release this, a highly capable pe packer, with a lot of nice features
https://t.co/iedhKbTlzm
๐ https://github.com/ORCx41/AtomPePacker
๐ฅ [ tweet ]
๐ [ g0h4n_0, g0h4n ]
Today I share with you #RustHound๐ฆ. A new AD collector written in #Rust for #BloodHound!
It is cross-platform, cross-compiled and generates all json files needed.
Other modules will be available as under development!๐ฅ
Hope you will enjoy it!
https://t.co/bxjCVyocfv https://t.co/8jEcSuEdEj
๐ https://github.com/OPENCYBER-FR/RustHound
๐ฅ [ tweet ][ quote ]
Today I share with you #RustHound๐ฆ. A new AD collector written in #Rust for #BloodHound!
It is cross-platform, cross-compiled and generates all json files needed.
Other modules will be available as under development!๐ฅ
Hope you will enjoy it!
https://t.co/bxjCVyocfv https://t.co/8jEcSuEdEj
๐ https://github.com/OPENCYBER-FR/RustHound
๐ฅ [ tweet ][ quote ]
๐ [ pdiscoveryio, ProjectDiscovery.io ]
The Ultimate Guide to Finding Bugs With Nuclei by @v3natoris
https://t.co/2GY3QZlTft
#hackwithautomation #cybersecurity #infosec #bugbounty
๐ https://blog.projectdiscovery.io/ultimate-nuclei-guide/
๐ฅ [ tweet ]
The Ultimate Guide to Finding Bugs With Nuclei by @v3natoris
https://t.co/2GY3QZlTft
#hackwithautomation #cybersecurity #infosec #bugbounty
๐ https://blog.projectdiscovery.io/ultimate-nuclei-guide/
๐ฅ [ tweet ]
๐ [ FortaliceLLC, Fortalice Solutions ]
NTLM Relaying to SCCM for the win ๐๐๐ Fortalice's @Tw1sm just added SCCM support to NtlmRelayX. Check out the PR at: https://t.co/hWfNeiuqxp
๐ https://github.com/SecureAuthCorp/impacket/pull/1425
๐ฅ [ tweet ]
NTLM Relaying to SCCM for the win ๐๐๐ Fortalice's @Tw1sm just added SCCM support to NtlmRelayX. Check out the PR at: https://t.co/hWfNeiuqxp
๐ https://github.com/SecureAuthCorp/impacket/pull/1425
๐ฅ [ tweet ]
๐ [ mpgn_x64, mpgn ]
New update on CrackMapExec ๐ฝ
โก๏ธ Upload/download with MSSQL -guervild
โก๏ธ Exploit KeePass (discover, trigger) @d3lb3_ ๐ฅ
โก๏ธ ACL read with LDAP @BlWasp_
โก๏ธ Check ntlmv1 (postex) @Tw1sm
โก๏ธ Check alwayselevated (postex) -bogey3
โก๏ธ Improved export on cmedb @gray_sec
๐ช
๐ฅ [ tweet ]
New update on CrackMapExec ๐ฝ
โก๏ธ Upload/download with MSSQL -guervild
โก๏ธ Exploit KeePass (discover, trigger) @d3lb3_ ๐ฅ
โก๏ธ ACL read with LDAP @BlWasp_
โก๏ธ Check ntlmv1 (postex) @Tw1sm
โก๏ธ Check alwayselevated (postex) -bogey3
โก๏ธ Improved export on cmedb @gray_sec
๐ช
๐ฅ [ tweet ]
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
Based on @dec0neโs work on ShadowSpray Iโve pushed a small update to #pywhisker of @_nwodtuhs and @podalirius_ implementing the โsprayโ action. Now you can pass a list of users and try to add the same Shadow Credentials for each of them with pywhisker from Linux ๐๐ป
๐ฅ [ tweet ]
Based on @dec0neโs work on ShadowSpray Iโve pushed a small update to #pywhisker of @_nwodtuhs and @podalirius_ implementing the โsprayโ action. Now you can pass a list of users and try to add the same Shadow Credentials for each of them with pywhisker from Linux ๐๐ป
๐ฅ [ tweet ]
๐ฅ1
This media is not supported in your browser
VIEW IN TELEGRAM
๐ [ zux0x3a, Lawrence ๅๅซๆฏ ]
Ported the pascal version to C#, and becomes even better while smuggling the payload using Created Service DisplayName
https://t.co/EhR9yNybF2
what's new? => https://t.co/t7Tkv2AW4O
๐ https://github.com/0xsp-SRD/0xsp.com/tree/main/chopper
๐ https://ired.dev/discussion/13/chopper-payload-smuggling/p1?new=1
๐ฅ [ tweet ]
Ported the pascal version to C#, and becomes even better while smuggling the payload using Created Service DisplayName
https://t.co/EhR9yNybF2
what's new? => https://t.co/t7Tkv2AW4O
๐ https://github.com/0xsp-SRD/0xsp.com/tree/main/chopper
๐ https://ired.dev/discussion/13/chopper-payload-smuggling/p1?new=1
๐ฅ [ tweet ]
๐ [ 0xdf_, 0xdf ]
Perspective from @hackthebox_eu is all about exploitation of a ASP.NET application. There's file read, ssrf, cookie signing, crypto, deserialization, and much more. Beyond Root has JuicyPotatoNG that's almost blocked but not.
๐ https://0xdf.gitlab.io/2022/10/15/htb-perspective.html
๐ฅ [ tweet ]
Perspective from @hackthebox_eu is all about exploitation of a ASP.NET application. There's file read, ssrf, cookie signing, crypto, deserialization, and much more. Beyond Root has JuicyPotatoNG that's almost blocked but not.
๐ https://0xdf.gitlab.io/2022/10/15/htb-perspective.html
๐ฅ [ tweet ]