😈 [ SkelSec, SkelSec ]

Managed to create the exploit for @tiraniddo 's latest Kerberos findings!
#feelsaccomplished

🐥 [ tweet ]

😈 [ sensepost, Orange Cyberdefense's SensePost Team ]

Read @defte_'s Windows authentication token manipulation deep dive to compromise Active Directory in this new blog post. Includes a new tool and a CrackMapExec module using it as a, "token" of appreciation.

https://t.co/ML8FHoIi5f

🔗 https://sensepost.com/blog/2022/abusing-windows-tokens-to-compromise-active-directory-without-touching-lsass/

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

We worked together with @_zblurx to pull this new feature on CME ! CrackMapExec can now authenticate using kerberos with login/pass/nthash/aeskey without the need of a KRB5CCNAME ticket env 🚀

But wait there is more! by adding this feature we can now mimic kerbrute features 🔥🫡

🐥 [ tweet ]

😈 [ an0n_r0, an0n ]

here is a basic meterpreter protocol stager for PE stages using the libpeconv project by @hasherezade:

https://t.co/qsdb9XWvgj

no evasion included, using this only as a template. but already able to run it with a Sliver EXE beacon as a stage against Defender for Endpoint.

🔗 https://github.com/tothi/stager_libpeconv

🐥 [ tweet ]

😈 [ SkelSec, SkelSec ]

Since there seems to be a lot of interest, I implemented the exploit for the other CVE which uses a kerberos proxy for downgrade+session key recovery.

🐥 [ tweet ]

щас начнется, еще пара твитов и сорцы

🎃 [ vxunderground, vx-underground ]

From our headquarters underneath the Vatican, happy Halloween!

Today we release the first edition of our new publication Black Mass.

Special thanks to our Editor in Chief @h313n_0f_t0r for all of her hard work.

https://t.co/NbDen3RUOh

🔗 https://papers.vx-underground.org/papers/Other/VXUG%20Zines/Black%20Mass%20Halloween%202022.pdf

🐥 [ tweet ]

😈 [ SkelSec, SkelSec ]

The two exploits for
CVE-2022-33679
CVE-2022-33647
are now available for @porchetta_ind subscribers. It will be available on github for the wider public in a few weeks.

https://t.co/c30GqXjIcx

🔗 https://gitlab.porchetta.industries/Skelsec/minikerberos

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

Decided to check on this writeup from @0xdf_ when I read this sentence: "I wasn’t able to get crackmapexec to work either."

With the latest update on CrackMapExec let's go for a 'Scrambled vs Crackmapexec' ! Getting root only using CME in 5 minutes 🚀✌️

https://t.co/hpz9JWnhzQ

🔗 https://gist.github.com/mpgn/9fc08b0f0fde55e8c322518bc1f9c317

🐥 [ tweet ][ quote ]

🔑 Abuse Kerberos RC4 (CVE-2022-33679)

This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.

Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html

Exploit:
https://github.com/Bdenneu/CVE-2022-33679

#ad #kerberos #rc4 #exploit

😈 [ SEKTOR7net, SEKTOR7 Institute ]

How to avoid memory scanners?
@kyleavery_ brings the answer.

https://t.co/0azWrDcG2N

🔗 https://www.youtube.com/watch?v=edIMUcxCueA

🐥 [ tweet ]

😈 [ _RastaMouse, Rasta Mouse ]

Nim in 100 Seconds

https://t.co/GeYgqYsM8M

🔗 https://www.youtube.com/watch?v=WHyOHQ_GkNo

🐥 [ tweet ]

😈 [ icyguider, icyguider ]

After years of using the default examples, I've finally started writing my own custom scripts using Impacket. Wanted to share a few examples that helped me during the learning process. Hope you enjoy! https://t.co/Ya5PAhHAZC

🔗 https://github.com/icyguider/MoreImpacketExamples

🐥 [ tweet ]

😈 [ d3lb3_, Julien Bedel ]

Just released KeeFarce Reborn, yet another offensive KeePass extraction tool featuring a standalone DLL that exports databases in cleartext once injected in the KeePass process 🔓
https://t.co/uHc5I8RFVo

🔗 https://github.com/d3lb3/KeeFarceReborn

🐥 [ tweet ]

😈 [ hasherezade, hasherezade ]

New #PEsieve/#HollowsHunter (v0.3.5): https://t.co/12PiCkLtf8 & https://t.co/FBWjtKp8ez - with some bugfixes & improvements. Check it out!

🔗 https://github.com/hasherezade/pe-sieve/releases/
🔗 https://github.com/hasherezade/hollows_hunter/releases

🐥 [ tweet ]

😈 [ ShitSecure, S3cur3Th1sSh1t ]

Alternative use cases for SystemFunction032, what do other people think about at night? 🤓😅

https://t.co/pXKbbbemRR

🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/

🐥 [ tweet ]

😈 [ preemptdev, pre.empt.dev ]

The Maelstorm C2 Series has been summarised: https://t.co/WaZoAs1ct5
We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!

🔗 https://mez0.cc/posts/maelstrom/

🐥 [ tweet ]

😈 [ CaptMeelo, Meelo ]

I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg

🔗 https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

Execute commands as another user w/t dumping LSASS or touching the ADCS server ? Thanks to @Defte_ a new module has been added to CrackMapExec 🚀

The module will impersonate any logged on user to exec command as "this" user (system, domain user etc) 🔥

🐥 [ tweet ]

😈 [ M4yFly, Mayfly ]

Today, some lateral move inside GOAD.

https://t.co/N9s5JZ0Wv1

🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part9/

🐥 [ tweet ]

😈 [ SEKTOR7net, SEKTOR7 Institute ]

Halo's Gate is (almost) dead,
Long live ShellWasp!

"Weaponizing Windows Syscalls":
https://t.co/VU8KIsZNb9

🔗 https://www.youtube.com/watch?v=ME7IGHPcSKw

🐥 [ tweet ]

👹 [ snovvcrash, sn🥶vvcr💥sh ]

Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo

It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔

🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99

🐥 [ tweet ][ quote ]