๐ [ Synacktiv, Synacktiv ]
Our ninjas @yaumn_ and @mickaelweb recently assessed Microsoft Defender for Identity detection capabilities. In their recent blogpost, they describe the product's architecture, present some bypasses and give general Red Team advices. https://t.co/tuBoWYEVQ9
๐ https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
๐ฅ [ tweet ]
Our ninjas @yaumn_ and @mickaelweb recently assessed Microsoft Defender for Identity detection capabilities. In their recent blogpost, they describe the product's architecture, present some bypasses and give general Red Team advices. https://t.co/tuBoWYEVQ9
๐ https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
๐ฅ [ tweet ]
๐ [ _EthicalChaos_, Ceri ๐ด๓ ง๓ ข๓ ท๓ ฌ๓ ณ๓ ฟ ]
@_RastaMouse Python via choco is great, all fluid and just works. A Hyper-V VM with Windows 11 on + choco is awesome attacking machine. I have WSL on there as backup but rarely use, even for relaying
๐ฅ [ tweet ]
@_RastaMouse Python via choco is great, all fluid and just works. A Hyper-V VM with Windows 11 on + choco is awesome attacking machine. I have WSL on there as backup but rarely use, even for relaying
๐ฅ [ tweet ]
ั
ะพัะพัะธะน ัะพะฒะตั ะดะปั ะฒะธะฝะดะพัะตัะฐะฟะฐ ะพั ััะธะบะฐะป ั
ะฐะพัะฐX (formerly Twitter)
CCob๐ด๓ ง๓ ข๓ ท๓ ฌ๓ ณ๓ ฟ (@_EthicalChaos_) on X
Ceri Coburn: Hacker | Rฬทuฬทnฬทnฬทeฬทrฬท DIYer| Vizsla Fanboy and a Little Welsh Bull apparently ๐ด๓ ง๓ ข๓ ท๓ ฌ๓ ณ๓ ฟ
Author of poorly coded tools: https://t.co/P6tT2qQksC
Author of poorly coded tools: https://t.co/P6tT2qQksC
๐ฅ2
ะัะปััะพัะธ ะฟัะพ SPN-less RBCD ั ะะธะฝัะบัะฐ ะฑะตะท Rubeus ๐๐ป
https://threadreaderapp.com/thread/1595814518558543874.html
(ั Rubeus ััะพ ะฒะพั ัะฐะบ)
https://threadreaderapp.com/thread/1595814518558543874.html
(ั Rubeus ััะพ ะฒะพั ัะฐะบ)
Threadreaderapp
Thread by @snovvcrash on Thread Reader App
@snovvcrash: ๐งต (1/x) I know you love #pentest stories, so hereโs one of those โฌ๏ธ Thereโs a non-DC computer (Victim) that is a member of the Exchange Trusted Subsytem group and has DCSync privs. The WebClient...โฆ
๐คฏ2๐ฅ1
๐ [ i_bo0om, Bo0oM ]
Defending against automatization using nginx
https://t.co/MTsVPFxDsJ
๐ https://speakerdeck.com/bo0om/defending-against-automatization-using-nginx
๐ฅ [ tweet ]
Defending against automatization using nginx
https://t.co/MTsVPFxDsJ
๐ https://speakerdeck.com/bo0om/defending-against-automatization-using-nginx
๐ฅ [ tweet ]
๐คฏ1
๐ [ OutflankNL, Outflank ]
KerberosAsk is the latest addition to our OST offering. It is a fully inline BOF implementation of some of the core Kerberos commands from Rubeus/Kekeo.
Ask a TGT, a service ticket or exploit CVE-2022-33679. Also works with certs to support your ADCS magic.
Demo below. โฌ๏ธ (1/3)
๐ฅ [ tweet ]
KerberosAsk is the latest addition to our OST offering. It is a fully inline BOF implementation of some of the core Kerberos commands from Rubeus/Kekeo.
Ask a TGT, a service ticket or exploit CVE-2022-33679. Also works with certs to support your ADCS magic.
Demo below. โฌ๏ธ (1/3)
๐ฅ [ tweet ]
๐ [ an0n_r0, an0n ]
ntfsDump: just found this from @3gstudent (and used successfully for reading ntds.dit on a DC):
https://t.co/hFGhEg2eYH
similar to the powershell version Invoke-Ninjacopy, but this time it is a c++ binary. sometimes it is better to have a binary than a PS (for opsec reasons).
๐ https://github.com/3gstudent/ntfsDump
๐ฅ [ tweet ]
ntfsDump: just found this from @3gstudent (and used successfully for reading ntds.dit on a DC):
https://t.co/hFGhEg2eYH
similar to the powershell version Invoke-Ninjacopy, but this time it is a c++ binary. sometimes it is better to have a binary than a PS (for opsec reasons).
๐ https://github.com/3gstudent/ntfsDump
๐ฅ [ tweet ]
๐ [ SkelSec, SkelSec ]
minikerberos got a public update v0.3.5(pip+github):
Supports RC4_MD4 auth
CVE2022-33647 added
CVE2022-33679 added
RC4-TGS-REP ticket decryptor with NT hashes added (read: no need to know password)
Thx for @porchetta_ind supporters!
https://t.co/VdSkb0DEkv
๐ https://github.com/skelsec/minikerberos/
๐ฅ [ tweet ]
minikerberos got a public update v0.3.5(pip+github):
Supports RC4_MD4 auth
CVE2022-33647 added
CVE2022-33679 added
RC4-TGS-REP ticket decryptor with NT hashes added (read: no need to know password)
Thx for @porchetta_ind supporters!
https://t.co/VdSkb0DEkv
๐ https://github.com/skelsec/minikerberos/
๐ฅ [ tweet ]
๐ [ EmpireC2Project, Empire ]
Interested in all the features that #EmpireC2Project has to offer? Check out our docs to stay up-to-date!
https://t.co/rR7JV1C55s
๐ http://empirec2project.com
๐ฅ [ tweet ]
Interested in all the features that #EmpireC2Project has to offer? Check out our docs to stay up-to-date!
https://t.co/rR7JV1C55s
๐ http://empirec2project.com
๐ฅ [ tweet ]
๐ [ t3l3machus, Panagiotis Chartas ]
New & simple tool for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.
Also supports PUT requests so you can transfer files from victim to attacker box.
๐ https://github.com/t3l3machus/wwwtree
๐ฅ [ tweet ]
New & simple tool for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.
Also supports PUT requests so you can transfer files from victim to attacker box.
๐ https://github.com/t3l3machus/wwwtree
๐ฅ [ tweet ]
๐ฅ3
๐ [ sadreck, Pavel ]
Fresh out the oven, Spartacus DLL Hijacking Discovery all-in-one!
๐Utilises SysInternals ProcMon
๐Built-in ProcMon raw config/log parser/generator
๐Auto-generate DLL proxies including their Exports
๐Ability to process huge ProcMon outputs
https://t.co/GfVRULiE0R
๐ https://github.com/Accenture/Spartacus
๐ฅ [ tweet ]
Fresh out the oven, Spartacus DLL Hijacking Discovery all-in-one!
๐Utilises SysInternals ProcMon
๐Built-in ProcMon raw config/log parser/generator
๐Auto-generate DLL proxies including their Exports
๐Ability to process huge ProcMon outputs
https://t.co/GfVRULiE0R
๐ https://github.com/Accenture/Spartacus
๐ฅ [ tweet ]
๐ [ jdu2600, John U ]
@_xpn_ ๐ Published a blog with an updated script that should detect each (known) class of bypass.
https://t.co/TmkBL2oWlE
๐ https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
๐ฅ [ tweet ]
@_xpn_ ๐ Published a blog with an updated script that should detect each (known) class of bypass.
https://t.co/TmkBL2oWlE
๐ https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
๐ฅ [ tweet ]
ะฒ ะฟัะพะดะพะปะถะตะฝะธะต https://blog.xpnsec.com/undersanding-and-evading-get-injectedthread/๐ [ aceb0nd, Acebond (acebond@infosec.exchange) ]
@an0n_r0 @3gstudent https://t.co/nTA2o87ies I made this and it works with execute-assembly to stay in memory.
๐ https://github.com/RedCursorSecurityConsulting/NTFSCopy
๐ฅ [ tweet ]
@an0n_r0 @3gstudent https://t.co/nTA2o87ies I made this and it works with execute-assembly to stay in memory.
๐ https://github.com/RedCursorSecurityConsulting/NTFSCopy
๐ฅ [ tweet ]
๐ [ ustayready, Mike Felch ]
Want to create great phishing links using an open-redirect on https://t.co/PMEpjfi11c? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! https://t.co/au1tGZgHQ1 Follow the ๐งตfor how it works..
๐ http://www.google.com
๐ https://gist.github.com/ustayready/3ba2e4b1a4ec3cdad188f0f7d0dc4b73
๐ฅ [ tweet ]
Want to create great phishing links using an open-redirect on https://t.co/PMEpjfi11c? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! https://t.co/au1tGZgHQ1 Follow the ๐งตfor how it works..
๐ http://www.google.com
๐ https://gist.github.com/ustayready/3ba2e4b1a4ec3cdad188f0f7d0dc4b73
๐ฅ [ tweet ]
๐ [ _choisec, Sunggwan Choi ]
Finished the RTO2 course and passed the CRTL exam the during Thanksgiving break. Wrote a review blog post on the course, lab, and the exam.
https://t.co/hkxthto8wL
Thank you @_RastaMouse for yet another great course. Wonder when the "RTO3 when" meme will start.
๐ https://blog.sunggwanchoi.com/red-team-ops-2-review/
๐ฅ [ tweet ]
Finished the RTO2 course and passed the CRTL exam the during Thanksgiving break. Wrote a review blog post on the course, lab, and the exam.
https://t.co/hkxthto8wL
Thank you @_RastaMouse for yet another great course. Wonder when the "RTO3 when" meme will start.
๐ https://blog.sunggwanchoi.com/red-team-ops-2-review/
๐ฅ [ tweet ]
๐ [ ShitSecure, S3cur3Th1sSh1t ]
Found an vhdx/vmdk/vhd file in a network share? Volumiser from @_EthicalChaos_ gets you covered to exfiltrate e.G. SAM/SYSTEM to compromise the system via Administrator Pass-The-Hash:
https://t.co/OMiWBOVaS8
Really easy and intuitive to use ๐
๐ https://github.com/CCob/Volumiser
๐ฅ [ tweet ]
Found an vhdx/vmdk/vhd file in a network share? Volumiser from @_EthicalChaos_ gets you covered to exfiltrate e.G. SAM/SYSTEM to compromise the system via Administrator Pass-The-Hash:
https://t.co/OMiWBOVaS8
Really easy and intuitive to use ๐
๐ https://github.com/CCob/Volumiser
๐ฅ [ tweet ]
๐ [ dafthack, Beau Bullock ]
"We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo"
https://t.co/KjHlNpHbLb
๐ https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
๐ฅ [ tweet ]
"We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo"
https://t.co/KjHlNpHbLb
๐ https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
๐ฅ [ tweet ]
๐ [ mhskai2017, kiwids ]
I wrote a blog post that talks about how we can abuse yet another Chrome Remote Debugging feature to "stalk" end users. https://t.co/xPHw3j4Qrb
๐ https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
๐ฅ [ tweet ]
I wrote a blog post that talks about how we can abuse yet another Chrome Remote Debugging feature to "stalk" end users. https://t.co/xPHw3j4Qrb
๐ https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
๐ฅ [ tweet ]
๐ [ sensepost, Orange Cyberdefense's SensePost Team ]
In this post @Sant0rryu shows an attack chain where you can abuse ADCS to escalate from a Virtual Account / Service account to local SYSTEM. As homage to other *potato tools, it could even be called CertPotato. ๐
https://t.co/5vD4a00P0G
๐ https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/
๐ฅ [ tweet ]
In this post @Sant0rryu shows an attack chain where you can abuse ADCS to escalate from a Virtual Account / Service account to local SYSTEM. As homage to other *potato tools, it could even be called CertPotato. ๐
https://t.co/5vD4a00P0G
๐ https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/
๐ฅ [ tweet ]
๐ [ _nwodtuhs, Charlie Bromberg ]
Icymi, I'm now maintaining an Impacket fork which merges PRs a bit quicker than the official repo. This fork is dedicated to the Exegol project but can be used elsewhere if needed. You can PR there as well if you'd like and I'll do my best to review asap https://t.co/1newB3iqgs
๐ https://github.com/ThePorgs/impacket
๐ฅ [ tweet ]
Icymi, I'm now maintaining an Impacket fork which merges PRs a bit quicker than the official repo. This fork is dedicated to the Exegol project but can be used elsewhere if needed. You can PR there as well if you'd like and I'll do my best to review asap https://t.co/1newB3iqgs
๐ https://github.com/ThePorgs/impacket
๐ฅ [ tweet ]
ะฝะฐะบะพะฝะตั-ัะพ, ะฑะปะตะฐัั๐ฅ2
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
[#HackTip โ๏ธ] A simple post-exploitation tip when youโve added a GitLab admin from a compomised gitlab-rails console: if thereโs only LDAP auth available and you cannot sign in even when you possess valid creds, do this to enable password auth for web ๐ค
https://t.co/uJCcbhQZNz
๐ https://ppn.snovvcrash.rocks/pentest/infrastructure/devops/gitlab#gitlab-rails
๐ฅ [ tweet ]
[#HackTip โ๏ธ] A simple post-exploitation tip when youโve added a GitLab admin from a compomised gitlab-rails console: if thereโs only LDAP auth available and you cannot sign in even when you possess valid creds, do this to enable password auth for web ๐ค
https://t.co/uJCcbhQZNz
๐ https://ppn.snovvcrash.rocks/pentest/infrastructure/devops/gitlab#gitlab-rails
๐ฅ [ tweet ]
๐ฅ2