π [ dec0ne, Mor Davidovich ]
Me and @idov31 are happy to introduce HWSyscalls, a new method to execute indirect syscalls using Hardware Breakpoints without calling directly to ntdll.dll, therefore bypassing the current way to detect it.
A detailed blog post will follow soon.
https://t.co/4u9DI7U4pX
π https://github.com/Dec0ne/HWSyscalls/
π₯ [ tweet ]
Me and @idov31 are happy to introduce HWSyscalls, a new method to execute indirect syscalls using Hardware Breakpoints without calling directly to ntdll.dll, therefore bypassing the current way to detect it.
A detailed blog post will follow soon.
https://t.co/4u9DI7U4pX
π https://github.com/Dec0ne/HWSyscalls/
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ BlackArrowSec, BlackArrow ]
Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc @antuache @_Kudaes_
β‘οΈ https://t.co/8XMvewhgFn
π https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
π₯ [ tweet ]
Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc @antuache @_Kudaes_
β‘οΈ https://t.co/8XMvewhgFn
π https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
π₯ [ tweet ]
π₯2
π [ splinter_code, Antonio Cocomazzi ]
Cool discovery π
Can be used also to weaponize arbitrary file write vulnerabilities.
As a bonus, check the screenshot on how to weaponize #LocalPotato with this StorSvc DLL hijacking to get a SYSTEM shell.
π₯ [ tweet ][ quote ]
Cool discovery π
Can be used also to weaponize arbitrary file write vulnerabilities.
As a bonus, check the screenshot on how to weaponize #LocalPotato with this StorSvc DLL hijacking to get a SYSTEM shell.
π₯ [ tweet ][ quote ]
π [ joehowwolf, William Burgess ]
My first blog at CS - Dynamically spoofing call stacks with timers: https://t.co/qxsVkesDWZ
PoC: https://t.co/QB1I9R3zI3
π https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/
π https://github.com/Cobalt-Strike/CallStackMasker
π₯ [ tweet ]
My first blog at CS - Dynamically spoofing call stacks with timers: https://t.co/qxsVkesDWZ
PoC: https://t.co/QB1I9R3zI3
π https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/
π https://github.com/Cobalt-Strike/CallStackMasker
π₯ [ tweet ]
ΠΠΎΠ»? https://youtu.be/4F1XGsvB2iA
YouTube
Deep Dive into Parsing SSH Keys To Exploit Improperly Sanitized Screenshots
00:00 - Intro
00:55- Generating our SSH Key and Base64 Decoding it
02:15 - Opening the SSH Key in Bless
03:45 - Showing information from the SSH RFC which will tell us what we are parsing
04:25 - Start of parsing the SSH Key
07:00 - Opening an Encrypted Keyβ¦
00:55- Generating our SSH Key and Base64 Decoding it
02:15 - Opening the SSH Key in Bless
03:45 - Showing information from the SSH RFC which will tell us what we are parsing
04:25 - Start of parsing the SSH Key
07:00 - Opening an Encrypted Keyβ¦
π1
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
[BLOG π] Some notes on how to automate the generation of Position Independent Shellcodes (without msfvenom windows/x64/exec) from object files in memory (by @NinjaParanoid) to be used in Threadless Process Injection (by @_EthicalChaos_) β¬οΈ
https://t.co/OFdHn7lR7I
π https://snovvcrash.rocks/2023/02/14/pic-generation-for-threadless-injection.html
π₯ [ tweet ]
[BLOG π] Some notes on how to automate the generation of Position Independent Shellcodes (without msfvenom windows/x64/exec) from object files in memory (by @NinjaParanoid) to be used in Threadless Process Injection (by @_EthicalChaos_) β¬οΈ
https://t.co/OFdHn7lR7I
π https://snovvcrash.rocks/2023/02/14/pic-generation-for-threadless-injection.html
π₯ [ tweet ]
π₯6
π [ Threatlabz, Zscaler ThreatLabz ]
π΅οΈZscaler ThreatLabz has observed a campaign targeting a government organization with a new post exploitation framework named #Havoc. During this attack, the threat actors have made several #opsec failures: https://t.co/TcupRUwAYi
IOCs are available here: https://t.co/PD8vP73AKV
π https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
π https://github.com/threatlabz/iocs/tree/main/havoc
π₯ [ tweet ]
π΅οΈZscaler ThreatLabz has observed a campaign targeting a government organization with a new post exploitation framework named #Havoc. During this attack, the threat actors have made several #opsec failures: https://t.co/TcupRUwAYi
IOCs are available here: https://t.co/PD8vP73AKV
π https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
π https://github.com/threatlabz/iocs/tree/main/havoc
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ D1rkMtr, D1rkMtr ]
Github as C2 Demonstration , free API = free C2 Infrastructure
https://t.co/cZc2RtAJxn
π https://github.com/TheD1rkMtr/GithubC2
π₯ [ tweet ]
Github as C2 Demonstration , free API = free C2 Infrastructure
https://t.co/cZc2RtAJxn
π https://github.com/TheD1rkMtr/GithubC2
π₯ [ tweet ]
π [ PortSwiggerRes, PortSwigger Research ]
Server-side prototype pollution: Black-box detection without the DoS
https://t.co/6guKOcUmdS
π https://portswigger.net/research/server-side-prototype-pollution
π₯ [ tweet ]
Server-side prototype pollution: Black-box detection without the DoS
https://t.co/6guKOcUmdS
π https://portswigger.net/research/server-side-prototype-pollution
π₯ [ tweet ]
π [ _zblurx, Thomas Seigneuret ]
https://t.co/1AxsR43O5Z
In order to learn Rust, I made a complete rewrite of @Defte_ Impersonate in plain Rust, and thanks to @g0h4n_0 it is now also usable as a dependency in your Rust projects (and he also made my code readable tho).
π https://github.com/zblurx/impersonate-rs
π₯ [ tweet ]
https://t.co/1AxsR43O5Z
In order to learn Rust, I made a complete rewrite of @Defte_ Impersonate in plain Rust, and thanks to @g0h4n_0 it is now also usable as a dependency in your Rust projects (and he also made my code readable tho).
π https://github.com/zblurx/impersonate-rs
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ EmpireC2Project, Empire ]
How about pop-out windows and a process tab? Only 6 more days until Empire 5.0.
π₯ [ tweet ]
How about pop-out windows and a process tab? Only 6 more days until Empire 5.0.
π₯ [ tweet ]
Π²ΡΠ³Π»ΡΠ΄ΠΈΡ ΠΊΡΡΡΠΎ, ΠΊΠΎΠ½Π΅ΡΠ½ΠΎ, Π½ΠΎ ΡΠ°ΠΊΠΎΠΉ ΠΎΠ½ Β«ΠΈΠ³ΡΡΡΠ΅ΡΠ½ΡΠΉΒ» Π²ΡΠ΅-ΡΠ°ΠΊΠΈπΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
Feeling guilty about steeling #DInvoke version of #RunPE from @_RastaMouseβs #SharpC2 for DInjector, but man this looks so π₯π€€
π₯ [ tweet ][ quote ]
Feeling guilty about steeling #DInvoke version of #RunPE from @_RastaMouseβs #SharpC2 for DInjector, but man this looks so π₯π€€
π₯ [ tweet ][ quote ]
π₯5
π [ 0x6d69636b, Michael Schneider ]
I wrote about the Microsoft Defender configuration with Microsoft Intune and what's different compared to GPO.
Surprise: Non-admin users can read exclusion lists! https://t.co/50zkrFKkSC
π https://www.scip.ch/en/?labs.20230216
π₯ [ tweet ]
I wrote about the Microsoft Defender configuration with Microsoft Intune and what's different compared to GPO.
Surprise: Non-admin users can read exclusion lists! https://t.co/50zkrFKkSC
π https://www.scip.ch/en/?labs.20230216
π₯ [ tweet ]
π [ decoder_it, ap ]
Short blog post on security issue in Windows group policy processing, fixed in CVE-2022-37955 https://t.co/fhoYftdOhQ
π http://decoder.cloud/2023/02/16/eop-via-arbitrary-file-write-overwite-in-group-policy-client-gpsvc-cve-2022-37955/
π₯ [ tweet ]
Short blog post on security issue in Windows group policy processing, fixed in CVE-2022-37955 https://t.co/fhoYftdOhQ
π http://decoder.cloud/2023/02/16/eop-via-arbitrary-file-write-overwite-in-group-policy-client-gpsvc-cve-2022-37955/
π₯ [ tweet ]
π [ pdiscoveryio, ProjectDiscovery.io ]
Our very own @olearycrew is new to the security engineering game - but he was able to use ProjectDiscovery tools to get his first bug bounty (from a Fortune 50 company no less).
Learn how: https://t.co/G64avj7AFM
#hackwithautomation #pdteam
π https://blog.projectdiscovery.io/using-pd-tools-to-find-my-first-subdomain-takeover/
π₯ [ tweet ]
Our very own @olearycrew is new to the security engineering game - but he was able to use ProjectDiscovery tools to get his first bug bounty (from a Fortune 50 company no less).
Learn how: https://t.co/G64avj7AFM
#hackwithautomation #pdteam
π https://blog.projectdiscovery.io/using-pd-tools-to-find-my-first-subdomain-takeover/
π₯ [ tweet ]
π [ biskopp3n, biskopp3n ]
Released a new Backup Operator to Domain Admin tool. It contains 4 different methods for escalation, more methods will be added: https://t.co/UytiiAipIO
π https://github.com/improsec/BackupOperatorToolkit
π₯ [ tweet ]
Released a new Backup Operator to Domain Admin tool. It contains 4 different methods for escalation, more methods will be added: https://t.co/UytiiAipIO
π https://github.com/improsec/BackupOperatorToolkit
π₯ [ tweet ]
π [ 0x0SojalSec, Md Ismail Ε ojalξ¨ ]
#oneliner
β Subdomain enumeration
β Full port scan
β HTTP web server detection
#security #bugbountytips #portscan #subdomain #chaos
π₯ [ tweet ]
#oneliner
β Subdomain enumeration
β Full port scan
β HTTP web server detection
#security #bugbountytips #portscan #subdomain #chaos
π₯ [ tweet ]