๐ [ irsdl, Soroush Dalili ๐น ]
Burp Suite #Sharpener v3.0 is out in the GitHub repo: https://t.co/jB9KLTlora
Some bugs have been fixed and icons sizes are now bearable!
This is only compatible with Burp v2023.1 (early adaptor currently) as it is based on the new Montoya API v1.0.
๐ https://github.com/mdsecresearch/BurpSuiteSharpener/tree/main/release
๐ฅ [ tweet ]
Burp Suite #Sharpener v3.0 is out in the GitHub repo: https://t.co/jB9KLTlora
Some bugs have been fixed and icons sizes are now bearable!
This is only compatible with Burp v2023.1 (early adaptor currently) as it is based on the new Montoya API v1.0.
๐ https://github.com/mdsecresearch/BurpSuiteSharpener/tree/main/release
๐ฅ [ tweet ]
ะะะะะะ ะะะฏ ะะฃะ ะะ ะะฎะะ ะะะงะะะฃ ะฃ ะะะะฏ ะญะขะ ะะฉะ ะะ ะฃะกะขะะะะะะะะ๐ [ nikhil_mitt, Nikhil Mittal ]
[Blog] My non-tech post on "Our vision for Red Team Labs, Platform and Certifications (CRTP, CRTE, CARTP and more)"
#AlteredSecurity
https://t.co/D4fFL6RcwG
๐ https://www.alteredsecurity.com/post/redlabs
๐ฅ [ tweet ]
[Blog] My non-tech post on "Our vision for Red Team Labs, Platform and Certifications (CRTP, CRTE, CARTP and more)"
#AlteredSecurity
https://t.co/D4fFL6RcwG
๐ https://www.alteredsecurity.com/post/redlabs
๐ฅ [ tweet ]
IMG_5582.PNG
3.4 MB
๐ [ last0x00, last - @last0x00@infosec.exchange ]
I was today years old when I found out there is a #CrackMapExec reference in graphical PNG format with a resolution of more than 7000x10000 hosted here๐
https://t.co/Q7HgNqDK9Q
๐ https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/Crackmapexec/Crackmapexec%20HD.png
๐ฅ [ tweet ]
I was today years old when I found out there is a #CrackMapExec reference in graphical PNG format with a resolution of more than 7000x10000 hosted here๐
https://t.co/Q7HgNqDK9Q
๐ https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/Crackmapexec/Crackmapexec%20HD.png
๐ฅ [ tweet ]
๐คฏ2๐ฅ1
IMG_5583.PNG
2 MB
๐ [ Jenaye_fr, Jenaye ]
Hello everyone ! ๐
I would like to share with you a mindmap (v1) about bypassing AV/EDR.
In Redteam setup, I suggest the manual mode only.
Thanks to @Zabannn for his contribution
Link : https://t.co/2eOWcBMXzc
#BypassAV #BypassEDR #RT
๐ https://github.com/CMEPW/BypassAV
๐ฅ [ tweet ]
Hello everyone ! ๐
I would like to share with you a mindmap (v1) about bypassing AV/EDR.
In Redteam setup, I suggest the manual mode only.
Thanks to @Zabannn for his contribution
Link : https://t.co/2eOWcBMXzc
#BypassAV #BypassEDR #RT
๐ https://github.com/CMEPW/BypassAV
๐ฅ [ tweet ]
๐ฅ2
๐ [ 0x0SojalSec, Md Ismail ล ojal๎จ ]
Nuclei Automation.โ๏ธ
https://t.co/CDes83cCD0
Full Nuclei automation script with logic explanation
#bugbountytips #infosec #nuclei #automation
๐ https://github.com/iamthefrogy/nerdbug
๐ฅ [ tweet ]
Nuclei Automation.โ๏ธ
https://t.co/CDes83cCD0
Full Nuclei automation script with logic explanation
#bugbountytips #infosec #nuclei #automation
๐ https://github.com/iamthefrogy/nerdbug
๐ฅ [ tweet ]
๐ฅ1๐1
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
[#HackTip โ๏ธ] One idea for NTDS on-site dumping without VSS: NTFSCopy (thx @RedCursorSec) + #impacketโs RemoteOperations.getBootKey() + secretsdump[.]py (e.g., via a pre-compiled binary or @naksynโs awesome Pyramid) ๐คช
https://t.co/0UATJuJ1ob
๐ https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/credentials-dump/ntds#raw-ntds.dit-copy
๐ฅ [ tweet ][ quote ]
[#HackTip โ๏ธ] One idea for NTDS on-site dumping without VSS: NTFSCopy (thx @RedCursorSec) + #impacketโs RemoteOperations.getBootKey() + secretsdump[.]py (e.g., via a pre-compiled binary or @naksynโs awesome Pyramid) ๐คช
https://t.co/0UATJuJ1ob
๐ https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/credentials-dump/ntds#raw-ntds.dit-copy
๐ฅ [ tweet ][ quote ]
๐ [ filip_dragovic, Filip Dragovic ]
Another way to abuse SeImpersonate privilege.
This time using RasMan service.
https://t.co/FmWTBrKkCy
๐ https://github.com/crisprss/RasmanPotato
๐ฅ [ tweet ]
Another way to abuse SeImpersonate privilege.
This time using RasMan service.
https://t.co/FmWTBrKkCy
๐ https://github.com/crisprss/RasmanPotato
๐ฅ [ tweet ]
๐ฅฑ1
๐ [ pdiscoveryio, ProjectDiscovery.io ]
Learn all about SSL and TLS certificates in our hacker's guide! Get up to speed with TLSx from ProjectDiscovery, the fast & configurable tool for finding vulnerabilities & reconnaissance. #hackwithautomation #cybersecuritytips
https://t.co/uKhaSB90Nq
๐ https://blog.projectdiscovery.io/a-hackers-guide-to-ssl-certificates-featuring-tlsx/
๐ฅ [ tweet ]
Learn all about SSL and TLS certificates in our hacker's guide! Get up to speed with TLSx from ProjectDiscovery, the fast & configurable tool for finding vulnerabilities & reconnaissance. #hackwithautomation #cybersecuritytips
https://t.co/uKhaSB90Nq
๐ https://blog.projectdiscovery.io/a-hackers-guide-to-ssl-certificates-featuring-tlsx/
๐ฅ [ tweet ]
๐ [ garrfoster, Garrett ]
New blog post building on @Oddvarmoe 's original research with pre-created computer accounts. I share how sysadmins are inadvertently creating them and how they can be used to circumvent domain join restrictions.
https://t.co/tezVz1caxU
๐ https://www.optiv.com/insights/source-zero/blog/diving-deeper-pre-created-computer-accounts
๐ฅ [ tweet ]
New blog post building on @Oddvarmoe 's original research with pre-created computer accounts. I share how sysadmins are inadvertently creating them and how they can be used to circumvent domain join restrictions.
https://t.co/tezVz1caxU
๐ https://www.optiv.com/insights/source-zero/blog/diving-deeper-pre-created-computer-accounts
๐ฅ [ tweet ]
ะะตะผะฝะพะณะพ ัััะปะพะบ ะฟัะพ DCSync, ะผะตัะพะดั ะตะณะพ ะดะตัะตะบัะฐ ะธ ะพะฑั
ะพะด ัะตัะตะฒะพะน ัะธะณะฝะฐัััั IDS ั
https://habr.com/ru/company/rvision/blog/709866/
https://habr.com/ru/company/rvision/blog/709942/
https://threadreaderapp.com/thread/1622684071473123351.html
#dcsync
secretsdump.py:https://habr.com/ru/company/rvision/blog/709866/
https://habr.com/ru/company/rvision/blog/709942/
https://threadreaderapp.com/thread/1622684071473123351.html
#dcsync
๐ [ bohops, bohops ]
Just wanted to thank @snovvcrash for contributing a PowerShell DLL assembly loader to the DynamicDotNet repo! ๐
https://t.co/RRx7eneF5o
๐ https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyDllLoader.ps1
๐ฅ [ tweet ][ quote ]
Just wanted to thank @snovvcrash for contributing a PowerShell DLL assembly loader to the DynamicDotNet repo! ๐
https://t.co/RRx7eneF5o
๐ https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyDllLoader.ps1
๐ฅ [ tweet ][ quote ]
๐ฅ3
๐ [ PortSwiggerRes, PortSwigger Research ]
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022!
https://t.co/NXiHK9eUjT
๐ https://portswigger.net/research/top-10-web-hacking-techniques-of-2022
๐ฅ [ tweet ]
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022!
https://t.co/NXiHK9eUjT
๐ https://portswigger.net/research/top-10-web-hacking-techniques-of-2022
๐ฅ [ tweet ]
๐ [ BHinfoSecurity, Black Hills Information Security ]
BHIS | Tester's Blog
Rogue RDP โ Revisiting Initial Access Methods
by: @ustayready
Published: 2/28/2022
Learn More: https://t.co/Uaps11rLlF
๐ https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
๐ฅ [ tweet ]
BHIS | Tester's Blog
Rogue RDP โ Revisiting Initial Access Methods
by: @ustayready
Published: 2/28/2022
Learn More: https://t.co/Uaps11rLlF
๐ https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
๐ฅ [ tweet ]
๐ [ aetsu, ๐ฌ๐๐๐๐ ]
Offphish - Phishing revisited in 2023 https://t.co/IQj5QfoXj8
๐ https://www.securesystems.de/blog/offphish-phishing-revisited-in-2023/
๐ฅ [ tweet ]
Offphish - Phishing revisited in 2023 https://t.co/IQj5QfoXj8
๐ https://www.securesystems.de/blog/offphish-phishing-revisited-in-2023/
๐ฅ [ tweet ]
๐ [ mrgretzky, Kuba Gretzky ]
Great post by @m417z on overcoming difficulties with the implementation of system-wide process DLL injection.
https://t.co/QHS4E0rL3P
๐ https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
๐ฅ [ tweet ]
Great post by @m417z on overcoming difficulties with the implementation of system-wide process DLL injection.
https://t.co/QHS4E0rL3P
๐ https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
๐ฅ [ tweet ]
๐ [ splinter_code, Antonio Cocomazzi ]
๐ฅ Brace yourself #LocalPotato is out ๐ฅ
Our new NTLM reflection attack in local authentication allows for arbitrary file read/write & elevation of privilege.
Patched by Microsoft, but other protocols may still be vulnerable.
cc @decoder_it
Enjoy! ๐
https://t.co/3Lge45hb7L
๐ https://www.localpotato.com/localpotato_html/LocalPotato.html
๐ https://github.com/decoder-it/LocalPotato
๐ฅ [ tweet ]
๐ฅ Brace yourself #LocalPotato is out ๐ฅ
Our new NTLM reflection attack in local authentication allows for arbitrary file read/write & elevation of privilege.
Patched by Microsoft, but other protocols may still be vulnerable.
cc @decoder_it
Enjoy! ๐
https://t.co/3Lge45hb7L
๐ https://www.localpotato.com/localpotato_html/LocalPotato.html
๐ https://github.com/decoder-it/LocalPotato
๐ฅ [ tweet ]
๐ [ OtterHacker, OtterHacker ]
I published my Kerberos experiments. The code is here for educational use only. Do not use it for pentest as it is neither OPSEC nor stable and kinda messy.
But if you want to see how to play with #Kerberos with #Windows, it can be a starting point ! ๐
https://t.co/CPP2EfSKCb
๐ https://github.com/OtterHacker/Cerbere
๐ฅ [ tweet ]
I published my Kerberos experiments. The code is here for educational use only. Do not use it for pentest as it is neither OPSEC nor stable and kinda messy.
But if you want to see how to play with #Kerberos with #Windows, it can be a starting point ! ๐
https://t.co/CPP2EfSKCb
๐ https://github.com/OtterHacker/Cerbere
๐ฅ [ tweet ]
๐ฅ2
๐ [ d3lb3_, Julien Bedel ]
(2/3) If you are interested in the subject, make sure to have a look at @quarkslab's article. It demonstrate how to abuse KeePass plugin cache's access right and load DLLs in a low privilege context.
https://t.co/xHTqby9xO9
๐ https://blog.quarkslab.com/post-exploitation-abusing-the-keepass-plugin-cache.html
๐ฅ [ tweet ]
(2/3) If you are interested in the subject, make sure to have a look at @quarkslab's article. It demonstrate how to abuse KeePass plugin cache's access right and load DLLs in a low privilege context.
https://t.co/xHTqby9xO9
๐ https://blog.quarkslab.com/post-exploitation-abusing-the-keepass-plugin-cache.html
๐ฅ [ tweet ]
๐ค1