๐ [ an0n_r0, an0n ]
1. remove disk from target laptop
2. virtualize system (VBoxManage convertfromraw)
3. abuse local admin (chntpw using alt booted system)
4. run mimikatz by reflective loading (bypass ESET :) )
5. extract machine cert / secrets
NEVER deploy company laptop without BitLocker.
๐ฅ [ tweet ]
1. remove disk from target laptop
2. virtualize system (VBoxManage convertfromraw)
3. abuse local admin (chntpw using alt booted system)
4. run mimikatz by reflective loading (bypass ESET :) )
5. extract machine cert / secrets
NEVER deploy company laptop without BitLocker.
๐ฅ [ tweet ]
๐5๐ฅ2๐ฅฑ1
๐ [ namazso, namazso ]
After being asked for it a few times in DMs, I decided to just publish my ptrace-less injector for x64 Linux
https://t.co/zqsP0xiJdZ
(via @namazso@mastodon.cloud)
๐ https://github.com/namazso/linux_injector
๐ฅ [ tweet ]
After being asked for it a few times in DMs, I decided to just publish my ptrace-less injector for x64 Linux
https://t.co/zqsP0xiJdZ
(via @namazso@mastodon.cloud)
๐ https://github.com/namazso/linux_injector
๐ฅ [ tweet ]
๐ [ _nwodtuhs, Charlie Bromberg โShutdownโ ]
๐ xmas contribution to one of the tools I used most in 2022. #BloodHound
https://t.co/KqJYEOfzOs
๐ https://github.com/BloodHoundAD/BloodHound/pull/625
๐ฅ [ tweet ]
๐ xmas contribution to one of the tools I used most in 2022. #BloodHound
https://t.co/KqJYEOfzOs
๐ https://github.com/BloodHoundAD/BloodHound/pull/625
๐ฅ [ tweet ]
๐ [ IKalendarov, Ilan Kalendarov ]
New research of mine about using hardware breakpoint for EDR evasion. Thanks to @rad9800 for the inspiration on this topic.
https://t.co/Ax2IZkSOI2
๐ https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints?utm_campaign=Oktopost-Research&utm_content=Oktopost-Twitter&utm_medium=Twitter&utm_source=Organic_Social
๐ฅ [ tweet ]
New research of mine about using hardware breakpoint for EDR evasion. Thanks to @rad9800 for the inspiration on this topic.
https://t.co/Ax2IZkSOI2
๐ https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints?utm_campaign=Oktopost-Research&utm_content=Oktopost-Twitter&utm_medium=Twitter&utm_source=Organic_Social
๐ฅ [ tweet ]
๐ [ mariuszbit, mgeeky | Mariusz Banach ]
โข๏ธ Recently we started seeing Threat Actors abusing MSI Windows Installation files for Initial Access & code execution
๐ฅ I now release Part 1 insights into how MSIs can be abused, PoCs for ๐ด & dissection utility for ๐ต
๐ฆ Let me know what you think!
https://t.co/X7vi6BGQg5
๐ https://mgeeky.tech/msi-shenanigans-part-1/
๐ https://github.com/mgeeky/msi-shenanigans
๐ https://github.com/mgeeky/msidump
๐ฅ [ tweet ]
โข๏ธ Recently we started seeing Threat Actors abusing MSI Windows Installation files for Initial Access & code execution
๐ฅ I now release Part 1 insights into how MSIs can be abused, PoCs for ๐ด & dissection utility for ๐ต
๐ฆ Let me know what you think!
https://t.co/X7vi6BGQg5
๐ https://mgeeky.tech/msi-shenanigans-part-1/
๐ https://github.com/mgeeky/msi-shenanigans
๐ https://github.com/mgeeky/msidump
๐ฅ [ tweet ]
X (formerly Twitter)
mgeeky | Mariusz Banach (@mariuszbit) on X
๐ด Red Team operator, ex-MWR/F-Secure pentester, ex-AV engine developer @ESET, green tea addict. ๐ซ @mgeeky@infosec.exchange
๐ [ _RastaMouse, Rasta Mouse ]
I've been trying to get NtCreateUserProcess working in C#, but no joy yet. If anyone wants to take a stab at fixing the code, it's here:
https://t.co/ma3iuCSFjj
๐ https://gist.github.com/rasta-mouse/2f6316083dd2f38bb91f160cca2088df
๐ฅ [ tweet ]
I've been trying to get NtCreateUserProcess working in C#, but no joy yet. If anyone wants to take a stab at fixing the code, it's here:
https://t.co/ma3iuCSFjj
๐ https://gist.github.com/rasta-mouse/2f6316083dd2f38bb91f160cca2088df
๐ฅ [ tweet ]
๐ [ M4yFly, Mayfly ]
Finally, the last part of GOAD writeups is done ! ๐ฅณ
Part 12 : Trusts
https://t.co/q6XDr8GTUD
๐ https://mayfly277.github.io/posts/GOADv2-pwning-part12/
๐ฅ [ tweet ]
Finally, the last part of GOAD writeups is done ! ๐ฅณ
Part 12 : Trusts
https://t.co/q6XDr8GTUD
๐ https://mayfly277.github.io/posts/GOADv2-pwning-part12/
๐ฅ [ tweet ]
ะะธัะฐะป ััั ะฝะฐ ะบะพะปะตะฝะบะต ัะบัะธะฟั ะดะปั ัะฝัะผะฐ ัััะตััะฒัััะธั
ะตะผะตะนะปะพะฒ ะฝะฐ Mail.ru ัะตัะตะท Tor. ะขะตะบััะพะผ ะฝะต ะพัะดะฐะผ, ะฟัะธะดะตััั ะฟะตัะตะฟะธััะฒะฐัั ๐
๐ฅ6
๐ [ sprocket_ed, ed ]
Not bad - https://t.co/RdbIsLfGRy
๐ https://github.com/m1guelpf/plz-cli
๐ฅ [ tweet ]
Not bad - https://t.co/RdbIsLfGRy
๐ https://github.com/m1guelpf/plz-cli
๐ฅ [ tweet ]
๐ฅ4
๐ [ an0n_r0, an0n ]
what a wonderful technique for stealing chrome/edge cookies without knowing the user password via chrome debug mode by @mangopdf:
https://t.co/T2ct1WI6e3
have not known it before (what a shame๐), although it is 4+ yrs old and still working.
here it is, demo using Sliver C2.๐ฅ
๐ https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
๐ฅ [ tweet ]
what a wonderful technique for stealing chrome/edge cookies without knowing the user password via chrome debug mode by @mangopdf:
https://t.co/T2ct1WI6e3
have not known it before (what a shame๐), although it is 4+ yrs old and still working.
here it is, demo using Sliver C2.๐ฅ
๐ https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
๐ฅ [ tweet ]
๐ [ splinter_code, Antonio Cocomazzi ]
Excited to share my latest research about the Vice Society Ransomware group and the growing threat of custom-branded ransomware! ๐ฅ
https://t.co/5gMHUwBtcS
๐ https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
๐ฅ [ tweet ]
Excited to share my latest research about the Vice Society Ransomware group and the growing threat of custom-branded ransomware! ๐ฅ
https://t.co/5gMHUwBtcS
๐ https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
๐ฅ [ tweet ]
๐ [ _RastaMouse, Rasta Mouse ]
I pushed all the NtCreateUserProcess stuff to my D/Invoke wiki.
https://t.co/tcv8vKrE86
๐ https://dinvoke.net/en/ntdll/NtCreateUserProcess
๐ฅ [ tweet ]
I pushed all the NtCreateUserProcess stuff to my D/Invoke wiki.
https://t.co/tcv8vKrE86
๐ https://dinvoke.net/en/ntdll/NtCreateUserProcess
๐ฅ [ tweet ]
๐ [ zux0x3a, Lawrence ๅๅซๆฏ | ููุฑุงูุณ ]
https://t.co/iBYhtXgMnn Comprehensive Rust Course
๐ https://google.github.io/comprehensive-rust/
๐ฅ [ tweet ]
https://t.co/iBYhtXgMnn Comprehensive Rust Course
๐ https://google.github.io/comprehensive-rust/
๐ฅ [ tweet ]
๐ [ JulioUrena, Julio Ureรฑa ]
We released the #Kraken
#CrackMapExec module it's ready in @hackthebox_eu #Academy
Thank @mpgn_x64 for building the baseline for this module, helping me out, answering questions, and providing feedback along the way. @mpgn_x64 and #CME Rocks
https://t.co/DbiGMaiE0E
๐ https://academy.hackthebox.com/module/details/84
๐ฅ [ tweet ]
We released the #Kraken
#CrackMapExec module it's ready in @hackthebox_eu #Academy
Thank @mpgn_x64 for building the baseline for this module, helping me out, answering questions, and providing feedback along the way. @mpgn_x64 and #CME Rocks
https://t.co/DbiGMaiE0E
๐ https://academy.hackthebox.com/module/details/84
๐ฅ [ tweet ]
๐ฅ1๐คฏ1
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
(1/2) Despite being busy on an RT engagement, Iโve also played with the NtCreateUserProcess PoC in C# and if youโve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
๐ฅ [ tweet ][ quote ]
(1/2) Despite being busy on an RT engagement, Iโve also played with the NtCreateUserProcess PoC in C# and if youโve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
๐ฅ [ tweet ][ quote ]
๐ [ hasherezade, hasherezade ]
Just a reminder: this is free and doesnโt send anything to a server, nor requires passwords synchronization: https://t.co/4SPywdPC9K
๐ https://hasherezade.github.io/passcrambler/
๐ฅ [ tweet ]
Just a reminder: this is free and doesnโt send anything to a server, nor requires passwords synchronization: https://t.co/4SPywdPC9K
๐ https://hasherezade.github.io/passcrambler/
๐ฅ [ tweet ]
๐ฅ2
๐ [ ly4k_, Oliver Lyak ]
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
https://t.co/euNIyX2dwW
๐ https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
๐ฅ [ tweet ]
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
https://t.co/euNIyX2dwW
๐ https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
๐ฅ [ tweet ]
๐ฅ3