Offensive Xwitter
BloodHound Unleashed.pdf
๐ [ n00py1, n00py ]
Slide from the CactusCon talk on all the ways to get data populated into BloodHound. Any that I missed? Which is your favorite?
๐ฅ [ tweet ]
Slide from the CactusCon talk on all the ways to get data populated into BloodHound. Any that I missed? Which is your favorite?
๐ฅ [ tweet ]
๐ค2
๐ [ metasploit, Metasploit Project ]
Metasploit Framework 6.3 is out now๐
New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats. https://t.co/Ucwrtmzt9W
๐ https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/
๐ฅ [ tweet ]
Metasploit Framework 6.3 is out now๐
New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats. https://t.co/Ucwrtmzt9W
๐ https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/
๐ฅ [ tweet ]
๐ [ SkelSec, SkelSec ]
First version of pySnaffler is uploaded to @porchetta_ind git!
It is the python port of the well-known Snaffler tool from @mikeloss and @sh3r4_hax.
pySnaffler is compatible with the TOML classifiers of the original project. More info below
https://t.co/76Dfren3TC
๐ https://gitlab.porchetta.industries/Skelsec/pysnaffler
๐ฅ [ tweet ]
First version of pySnaffler is uploaded to @porchetta_ind git!
It is the python port of the well-known Snaffler tool from @mikeloss and @sh3r4_hax.
pySnaffler is compatible with the TOML classifiers of the original project. More info below
https://t.co/76Dfren3TC
๐ https://gitlab.porchetta.industries/Skelsec/pysnaffler
๐ฅ [ tweet ]
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
I got curious about how easy it would be to bypass some of the static detections for the RemComSvc binary (which is over 10 years old) and yeahโฆ Pretty easy ๐
https://t.co/U44Ik5RxFQ
#psexec #impacket #remcom
๐ https://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb
๐ฅ [ tweet ][ quote ]
I got curious about how easy it would be to bypass some of the static detections for the RemComSvc binary (which is over 10 years old) and yeahโฆ Pretty easy ๐
https://t.co/U44Ik5RxFQ
#psexec #impacket #remcom
๐ https://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb
๐ฅ [ tweet ][ quote ]
๐ [ bohops, bohops ]
[DynamicDotNet Tooling] Added a POC "Dynamic Assembly Loader" to the repo that loads and executes an assembly using a dynamic method and emitted MSIL instructions (C#).
System.Reflection.Emit is quite powerful (maybe more to come in a future blog post)
https://t.co/i801jA3gGh
๐ https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyLoader.cs
๐ฅ [ tweet ]
[DynamicDotNet Tooling] Added a POC "Dynamic Assembly Loader" to the repo that loads and executes an assembly using a dynamic method and emitted MSIL instructions (C#).
System.Reflection.Emit is quite powerful (maybe more to come in a future blog post)
https://t.co/i801jA3gGh
๐ https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyLoader.cs
๐ฅ [ tweet ]
๐ [ zux0x3a, Lawrence ๅๅซๆฏ | ููุฑุงูุณ ]
https://t.co/Oa8giJvjNq Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
๐ https://github.com/OmriBaso/RToolZ
๐ฅ [ tweet ]
https://t.co/Oa8giJvjNq Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
๐ https://github.com/OmriBaso/RToolZ
๐ฅ [ tweet ]
๐ [ n00py1, n00py ]
Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit
https://t.co/IWuIKiiMzF
๐ https://www.n00py.io/2023/01/exploiting-resource-based-constrained-delegation-rbcd-with-pure-metasploit/
๐ฅ [ tweet ]
Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit
https://t.co/IWuIKiiMzF
๐ https://www.n00py.io/2023/01/exploiting-resource-based-constrained-delegation-rbcd-with-pure-metasploit/
๐ฅ [ tweet ]
๐ [ 0x0SojalSec, Md Ismail ล ojal๎จ ]
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside โถ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this๐
๐ https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075
#bugbountyTips #bugbounty
๐ฅ [ tweet ]
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside โถ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this๐
๐ https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075
#bugbountyTips #bugbounty
๐ฅ [ tweet ]
Forwarded from APT
โญ๏ธ Privileger
Privilger allows you to work with privileges in Windows as easily as possible. There are three modes:
โ Add privileges to an account;
โ Start a process by adding a specific privilege to its token;
โ Remove privilege from the user.
Thanks to:
@Michaelzhm
https://github.com/MzHmO/Privileger
#ad #windows #privilege #lsa
Privilger allows you to work with privileges in Windows as easily as possible. There are three modes:
โ Add privileges to an account;
โ Start a process by adding a specific privilege to its token;
โ Remove privilege from the user.
Thanks to:
@Michaelzhm
https://github.com/MzHmO/Privileger
#ad #windows #privilege #lsa
๐ฅ2
๐ [ 0xdf_, 0xdf ]
There's a new(ish) technique for exploiting PHP LFI to get RCE without uploading a webshell. I showed it in Beyond Root on UpDown, but wanted to go into more detail. We'll look at LFI2RCE and how it uses PHP filters to generate executed PHP from nothing.
https://t.co/dp3YYcPxks
๐ https://www.youtube.com/watch?v=TnLELBtmZ24
๐ฅ [ tweet ]
There's a new(ish) technique for exploiting PHP LFI to get RCE without uploading a webshell. I showed it in Beyond Root on UpDown, but wanted to go into more detail. We'll look at LFI2RCE and how it uses PHP filters to generate executed PHP from nothing.
https://t.co/dp3YYcPxks
๐ https://www.youtube.com/watch?v=TnLELBtmZ24
๐ฅ [ tweet ]
๐ [ _zblurx, Thomas Seigneuret ]
New technique to dump NTDS remotely WITHOUT DSRUAPI: https://t.co/pMY2mwtB8N (Golden Certificates + UnPAC the hash automation)
Thanks @ly4k_ for certipy, which my script heavily relies on.
๐ https://github.com/zblurx/certsync
๐ฅ [ tweet ]
New technique to dump NTDS remotely WITHOUT DSRUAPI: https://t.co/pMY2mwtB8N (Golden Certificates + UnPAC the hash automation)
Thanks @ly4k_ for certipy, which my script heavily relies on.
๐ https://github.com/zblurx/certsync
๐ฅ [ tweet ]
๐ [ aas_s3curity, aas ]
https://t.co/oNT7MPw9pA
๐ https://github.com/bananabr/TimeException
๐ฅ [ tweet ]
https://t.co/oNT7MPw9pA
๐ https://github.com/bananabr/TimeException
๐ฅ [ tweet ]
๐ [ JoelGMSec, Joel GM ]
Nueva herramienta (con la colaboraciรณn de @3v4Si0N) y entrada en el #blog!๐
Transfiriendo ficheros en entornos restringidos con #InvokeTransfer
https://t.co/rJYxbvdOgm
https://t.co/0ZEgI0TTK2
#Darkbyte #Hacking #PowerShell #Clipboard #DataTransfer
๐ https://darkbyte.net/transfiriendo-ficheros-en-entornos-restringidos-con-invoke-transfer
๐ https://github.com/JoelGMSec/Invoke-Transfer
๐ฅ [ tweet ]
Nueva herramienta (con la colaboraciรณn de @3v4Si0N) y entrada en el #blog!๐
Transfiriendo ficheros en entornos restringidos con #InvokeTransfer
https://t.co/rJYxbvdOgm
https://t.co/0ZEgI0TTK2
#Darkbyte #Hacking #PowerShell #Clipboard #DataTransfer
๐ https://darkbyte.net/transfiriendo-ficheros-en-entornos-restringidos-con-invoke-transfer
๐ https://github.com/JoelGMSec/Invoke-Transfer
๐ฅ [ tweet ]
๐ [ _nwodtuhs, Charlie Bromberg โShutdownโ ]
โ I nominated @_dirkjan @exploitph and @SkelSec for their awesome contributions and guidance in the past months and years. I wished I could nominate other awesome contributors like @snovvcrash @ly4k_ @mpgn_x64 @_wald0 @podalirius_ @elad_shamir and more, but I was limited to 3
๐ฅ [ tweet ]
โ I nominated @_dirkjan @exploitph and @SkelSec for their awesome contributions and guidance in the past months and years. I wished I could nominate other awesome contributors like @snovvcrash @ly4k_ @mpgn_x64 @_wald0 @podalirius_ @elad_shamir and more, but I was limited to 3
๐ฅ [ tweet ]
ะบะพะณะดะฐ ัะตะฑั ัะตะณะฐัั ะฒ ะพะดะฝะพะผ ัะฒะธัะต ั ัะพะฟะพะฒัะผะธ ัะตัะตััะตัะฐะผะธ, ะฟัะพััะฟะฐะตััั ัะธะฝะดัะพะผ ัะฐะผะพะทะฒะฐะฝัะฐ ๐
๐ฅ3๐2
๐ [ Octoberfest73, Octoberfest7 ]
I came accross @the_bit_diddler 's github and he has an impressive collection of CobaltStrike BOF's that are worth checking out. I've already found a few functions within some of their projects I can envision a use for in mine. https://t.co/bLijq0fNDv
๐ https://github.com/EspressoCake
๐ฅ [ tweet ]
I came accross @the_bit_diddler 's github and he has an impressive collection of CobaltStrike BOF's that are worth checking out. I've already found a few functions within some of their projects I can envision a use for in mine. https://t.co/bLijq0fNDv
๐ https://github.com/EspressoCake
๐ฅ [ tweet ]