π [ 0xdf_, 0xdf ]
Shared from @hackthebox_eu has SQL injection in a cookie, iPython exploitation, some basic reverse enginnering, and Redis exploitation.
https://t.co/1ayMOYjPOw
π https://0xdf.gitlab.io/2022/11/12/htb-shared.html
π₯ [ tweet ]
Shared from @hackthebox_eu has SQL injection in a cookie, iPython exploitation, some basic reverse enginnering, and Redis exploitation.
https://t.co/1ayMOYjPOw
π https://0xdf.gitlab.io/2022/11/12/htb-shared.html
π₯ [ tweet ]
π [ M4yFly, Mayfly ]
Play with the ad lab goadv2 - part 10 : delegations
- constrained
- unconstrained (with and without protocol transition)
- resource based
https://t.co/47zFWSD7G9
π https://mayfly277.github.io/posts/GOADv2-pwning-part10/
π₯ [ tweet ]
Play with the ad lab goadv2 - part 10 : delegations
- constrained
- unconstrained (with and without protocol transition)
- resource based
https://t.co/47zFWSD7G9
π https://mayfly277.github.io/posts/GOADv2-pwning-part10/
π₯ [ tweet ]
π [ CaptMeelo, Meelo ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
π https://github.com/capt-meelo/laZzzy
π₯ [ tweet ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
π https://github.com/capt-meelo/laZzzy
π₯ [ tweet ]
π [ mpgn_x64, mpgn ]
CrackMapExec version 5.4.0 "Indestructible G0thm0g" is out for everyone and also available in @kalilinux π
β‘οΈ apt update
β‘οΈ apt install crackmapexec
Happy Hacking ! π₯πͺ
Release blog post π½
https://t.co/gtOA7tt8Ey
π https://wiki.porchetta.industries/news-2022/indestructible-g0thm0g
π₯ [ tweet ]
CrackMapExec version 5.4.0 "Indestructible G0thm0g" is out for everyone and also available in @kalilinux π
β‘οΈ apt update
β‘οΈ apt install crackmapexec
Happy Hacking ! π₯πͺ
Release blog post π½
https://t.co/gtOA7tt8Ey
π https://wiki.porchetta.industries/news-2022/indestructible-g0thm0g
π₯ [ tweet ]
π [ dec0ne, Mor Davidovich ]
Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market.
"Itβs all in the details: The curious case of an LSASS dumper gone undetected"
https://t.co/YoDUW8LwKy
π https://dec0ne.github.io/research/2022-11-14-Undetected-Lsass-Dump-Workflow/
π₯ [ tweet ]
Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market.
"Itβs all in the details: The curious case of an LSASS dumper gone undetected"
https://t.co/YoDUW8LwKy
π https://dec0ne.github.io/research/2022-11-14-Undetected-Lsass-Dump-Workflow/
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ PortSwiggerRes, PortSwigger Research ]
Stealing passwords from infosec Mastodon - without bypassing CSP
https://t.co/kXIqj3tpAU
π https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
π₯ [ tweet ]
Stealing passwords from infosec Mastodon - without bypassing CSP
https://t.co/kXIqj3tpAU
π https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
π₯ [ tweet ]
π [ cerbersec, Cerbersec ]
Here are the #SANSHackFest demos for my Kernel Karnage talk!
WinDbg: https://t.co/RicezA3tkG
Full attack chain: https://t.co/spIcXE27Wk
π https://youtu.be/QHEzyCGz-rk
π https://youtu.be/EQqxQk7ytjw
π₯ [ tweet ]
Here are the #SANSHackFest demos for my Kernel Karnage talk!
WinDbg: https://t.co/RicezA3tkG
Full attack chain: https://t.co/spIcXE27Wk
π https://youtu.be/QHEzyCGz-rk
π https://youtu.be/EQqxQk7ytjw
π₯ [ tweet ]
π [ _EthicalChaos_, Ceri π΄σ §σ ’σ ·σ ¬σ ³σ Ώ ]
Just pushed a small change for the recently released Volumiser tool. You can now read files directly al a NinjaCopy style from physical disk and volume handles. Handy for exfiltrating registry hives or ntds.dit on hosts with EDR's.
π₯ [ tweet ]
Just pushed a small change for the recently released Volumiser tool. You can now read files directly al a NinjaCopy style from physical disk and volume handles. Handy for exfiltrating registry hives or ntds.dit on hosts with EDR's.
π₯ [ tweet ]
π [ zux0x3a, Lawrence εε«ζ― | ΩΩΨ±Ψ§ΩΨ³ ]
https://t.co/nOAPMLpyhw
π https://www.cyberwarfare.live/blog/vectored-syscall-poc
π₯ [ tweet ]
https://t.co/nOAPMLpyhw
π https://www.cyberwarfare.live/blog/vectored-syscall-poc
π₯ [ tweet ]
π [ t3l3machus, Panagiotis Chartas ]
Using ππ’π₯π₯ππ’π§, the evolution of ππ¨ππ±ππ‘ππ₯π₯ to generate an auto-obfuscated PowerShell backdoor payload, bypass Defender and gain access to a Windows 11 Enterprise machine.
Download, install, connect with others & enjoy hacking as a team: https://t.co/PNuUQLhV6J
π https://github.com/t3l3machus/Villain
π₯ [ tweet ]
Using ππ’π₯π₯ππ’π§, the evolution of ππ¨ππ±ππ‘ππ₯π₯ to generate an auto-obfuscated PowerShell backdoor payload, bypass Defender and gain access to a Windows 11 Enterprise machine.
Download, install, connect with others & enjoy hacking as a team: https://t.co/PNuUQLhV6J
π https://github.com/t3l3machus/Villain
π₯ [ tweet ]
Offensive Xwitter
π [ t3l3machus, Panagiotis Chartas ] Using ππ’π₯π₯ππ’π§, the evolution of ππ¨ππ±ππ‘ππ₯π₯ to generate an auto-obfuscated PowerShell backdoor payload, bypass Defender and gain access to a Windows 11 Enterprise machine. Download, install, connect with others & enjoyβ¦
π₯3
π [ cyb3rops, Florian Roth β‘ ]
Imagine you'd get access to an unknown SIEM of a new customer & would be given 10min to find malicious activity by using keyword searches on raw data, what would you search for?
I'll start
'.dmp full'
'whoami'
'delete shadows'
'FromBase64String'
'save HKLM\SAM'
' -w hidden '
π₯ [ tweet ]
Imagine you'd get access to an unknown SIEM of a new customer & would be given 10min to find malicious activity by using keyword searches on raw data, what would you search for?
I'll start
'.dmp full'
'whoami'
'delete shadows'
'FromBase64String'
'save HKLM\SAM'
' -w hidden '
π₯ [ tweet ]
π€1
π [ jack_halon, Jack Halon ]
Today I am releasing part 2 of my 3-part browser exploitation series on Chrome!
In part 2, we take a deep dive into the V8 compiler pipeline by understanding what happens under the hood in Ignition, Sparkplug, and TurboFan!
Enjoy!
https://t.co/XAnbzdnjeQ
π https://jhalon.github.io/chrome-browser-exploitation-2/
π₯ [ tweet ]
Today I am releasing part 2 of my 3-part browser exploitation series on Chrome!
In part 2, we take a deep dive into the V8 compiler pipeline by understanding what happens under the hood in Ignition, Sparkplug, and TurboFan!
Enjoy!
https://t.co/XAnbzdnjeQ
π https://jhalon.github.io/chrome-browser-exploitation-2/
π₯ [ tweet ]
π [ aetsu, π¬ππππ ]
TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
https://t.co/jZ8KQnSUxs
π https://github.com/h3xduck/TripleCross
π₯ [ tweet ]
TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
https://t.co/jZ8KQnSUxs
π https://github.com/h3xduck/TripleCross
π₯ [ tweet ]
π [ testanull, Janggggg ]
You guys must be waiting for this,
So this is the working PoC script of the Exchange 0day exploited ITW
https://t.co/XGx0fYJygm
π https://github.com/testanull/ProxyNotShell-PoC
π₯ [ tweet ]
You guys must be waiting for this,
So this is the working PoC script of the Exchange 0day exploited ITW
https://t.co/XGx0fYJygm
π https://github.com/testanull/ProxyNotShell-PoC
π₯ [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
ΠΠΎΠ²ΡΠ΅ ΡΡΡΠΏΡΠΈΠ·Ρ Π² AD CS... ΠΠΎΠ±Π°Π²ΠΈΠΌ ΡΠ΅Ρ
Π½ΠΈΠΊΡ ESC11π
https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
#ad #pentest #redteam
https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
#ad #pentest #redteam
π [ Ben0xA, Ben Ten (0xA) ]
Releasing a new tool: Orpheus! Bypasses most Kerberoast Detections (including my own). Blog post and video is up at @TrustedSec! Even used @HackingDave's old alias in the demo. https://t.co/qhP8r28s4K #infosec #security #kerberoast
π https://trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/
π₯ [ tweet ]
Releasing a new tool: Orpheus! Bypasses most Kerberoast Detections (including my own). Blog post and video is up at @TrustedSec! Even used @HackingDave's old alias in the demo. https://t.co/qhP8r28s4K #infosec #security #kerberoast
π https://trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/
π₯ [ tweet ]
π [ BushidoToken, Will | Darknet Diaries #126 ]
πNew Blog: I have attempted to track what happened to Conti this year after the leaks and collapse of the group. Here are my findings, largely based on #OSINT. Enjoy!
https://t.co/0jSd1ZFkLf #Conti #Quantum #BlackBasta #Royal #WizardSpider #CTI
π https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
π₯ [ tweet ]
πNew Blog: I have attempted to track what happened to Conti this year after the leaks and collapse of the group. Here are my findings, largely based on #OSINT. Enjoy!
https://t.co/0jSd1ZFkLf #Conti #Quantum #BlackBasta #Royal #WizardSpider #CTI
π https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
π₯ [ tweet ]
π [ splinter_code, Antonio Cocomazzi ]
A bad news for all potato lovers π
Starting from Windows 11 22H2 a new code change in lsasrv.dll broke the trick to recover the INTERACTIVE sid group through the logon type New Credentials (9).
More details here π
https://t.co/hfhZxk3zMg
cc @decoder_it
π https://github.com/antonioCoco/JuicyPotatoNG/issues/4
π₯ [ tweet ]
A bad news for all potato lovers π
Starting from Windows 11 22H2 a new code change in lsasrv.dll broke the trick to recover the INTERACTIVE sid group through the logon type New Credentials (9).
More details here π
https://t.co/hfhZxk3zMg
cc @decoder_it
π https://github.com/antonioCoco/JuicyPotatoNG/issues/4
π₯ [ tweet ]
π’1
π [ 0xdf_, 0xdf ]
Hathor from @hackthebox_eu was a monster Windows box. My favorite parts were being forced to understand the AppLocker rules, and finding the code signing cert in the recycle bin and using it to bypass applocker. Lots of tricky steps on this one.
https://t.co/thTyAtHW9p
π https://0xdf.gitlab.io/2022/11/19/htb-hathor.html
π₯ [ tweet ]
Hathor from @hackthebox_eu was a monster Windows box. My favorite parts were being forced to understand the AppLocker rules, and finding the code signing cert in the recycle bin and using it to bypass applocker. Lots of tricky steps on this one.
https://t.co/thTyAtHW9p
π https://0xdf.gitlab.io/2022/11/19/htb-hathor.html
π₯ [ tweet ]