This media is not supported in your browser
VIEW IN TELEGRAM
π [ Outflank @OutflankNL ]
Let's explore the intricate dance of virtual to physical memory mapping in BYOVD tooling development! π»
In @c3c's latest blog we delve into resolving addresses using Superfetch, unlocking control over physical memory.
Dive into the details now π
π https://outflank.nl/blog/2023/12/14/mapping-virtual-to-physical-adresses-using-superfetch/
π₯ [ tweet ]
Let's explore the intricate dance of virtual to physical memory mapping in BYOVD tooling development! π»
In @c3c's latest blog we delve into resolving addresses using Superfetch, unlocking control over physical memory.
Dive into the details now π
π https://outflank.nl/blog/2023/12/14/mapping-virtual-to-physical-adresses-using-superfetch/
π₯ [ tweet ]
π1
π [ Dylan Tran @d_tranman ]
Wrote up on module stomping and modding AceLdr to implement it at rest
π https://dtsec.us/2023-11-04-ModuleStompin/
π₯ [ tweet ]
Wrote up on module stomping and modding AceLdr to implement it at rest
π https://dtsec.us/2023-11-04-ModuleStompin/
π₯ [ tweet ]
π [ LuemmelSec @theluemmel ]
One Box To Rule Them All
Little write up of my way to tackle remote pentesting situations with a dropbox.
This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network.
π https://luemmelsec.github.io/One-Box-To-Rule-Them-All/
π₯ [ tweet ]
One Box To Rule Them All
Little write up of my way to tackle remote pentesting situations with a dropbox.
This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network.
π https://luemmelsec.github.io/One-Box-To-Rule-Them-All/
π₯ [ tweet ]
π€1
π [ S3cur3Th1sSh1t @ShitSecure ]
My talk βPlaying Chess as Red Teamsβ from @MCTTP_Con got published now:
π https://youtu.be/XAvAVKXXC_8?si=W2UKCYYd0Ukf3sDF
π₯ [ tweet ]
My talk βPlaying Chess as Red Teamsβ from @MCTTP_Con got published now:
π https://youtu.be/XAvAVKXXC_8?si=W2UKCYYd0Ukf3sDF
π₯ [ tweet ]
YouTube
MCTTP 2023 | Talk by Fabian Mosch
Playing Chess as Red Teams
https://www.mcttp.de
https://www.mcttp.de
π₯4
This media is not supported in your browser
VIEW IN TELEGRAM
π [ Jonny Johnson @jsecurity101 ]
Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below.
π https://github.com/jsecurity101/PowerParse
π₯ [ tweet ]
Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below.
π https://github.com/jsecurity101/PowerParse
π₯ [ tweet ]
π1
π [ ed @sprocket_ed ]
Blog coming soon... #ffuf
π https://github.com/puzzlepeaches/ffufw
π₯ [ tweet ]
Blog coming soon... #ffuf
π https://github.com/puzzlepeaches/ffufw
π₯ [ tweet ]
ΡΡΠΎ-ΡΠΎ ΠΈΠ½ΡΠ΅ΡΠ΅ΡΠ½ΠΎΠ΅..?π₯±3π€1
π [ Akamai Security Intelligence Group @akamai_research ]
Did you hear that?
Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows.
Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook.
Full write-up:
π https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one
π₯ [ tweet ]
Did you hear that?
Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows.
Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook.
Full write-up:
π https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one
π₯ [ tweet ]
ΠΡΠ°Π²ΠΈΡΡΡ dns-ΡΡΠ»ΠΊΠΈΡ ΠΌΠ½ΠΎΠ³ΠΎΡΠ²Π°ΠΆΠ°Π΅ΠΌΠΎΠ³ΠΎ @s0i37, Π½ΠΎ Ρ Π²ΡΠ΅ Π²ΡΠ΅ΠΌΡ Π·Π°Π±ΡΠ²Π°Ρ, ΠΊΠ°ΠΊ ΡΠ°ΠΌ ΠΏΡΠ°Π²ΠΈΠ»ΡΠ½ΠΎ Π½Π°ΡΡΡΠ°ΠΈΠ²Π°ΡΡ Π·Π°ΠΏΠΈΡΠΈ ΠΈ ΡΡΠΎ ΠΌΠ΅Π½ΡΡΡ Π² ΠΊΠΎΠ΄Π΅, ΠΏΠΎΡΡΠΎΠΌΡ ΡΠΎΡΠΊΠ½ΡΠ» Ρ QoL-ΠΌΠΎΠ΄Π°ΠΌΠΈ Π΄Π»Ρ dns_upload.py:
* ΠΠΎΠΌΠ΅Π½ ΠΌΠΎΠΆΠ½ΠΎ ΡΠΊΠ°Π·ΡΠ²Π°ΡΡ Π² Π²ΠΈΠ΄Π΅ Π°ΡΠ³ΡΠΌΠ΅Π½ΡΠ°.
* ΠΠΎΠ±Π°Π²ΠΈΠ» ΠΊΡΠ΅Π΄Π» Π½Π° PS, ΠΏΠΎΡΠΎΠΌΡ ΡΡΠΎ ΡΠΏΠ°Π²Π½ΠΈΡΡ 100500 child-ΠΏΡΠΎΡΠ΅ΡΡΠΎΠ²
* Π ΠΈΠ΄Π΅Π°Π»Π΅ Π»ΡΡΡΠ΅ ΠΎΠ±ΡΠ°ΡΠ°ΡΡΡΡ ΠΊ ΡΡΠΎΡΠΎΠ½Π½Π΅ΠΌΡ ΡΠ΅ΡΠ²Π΅ΡΡ Π΄Π»Ρ ΡΠ΅Π·ΠΎΠ»Π²Π°, ΠΏΠΎΡΠΎΠΌΡ ΡΡΠΎ ΠΊΠ»ΠΈΠ΅Π½ΡΡ ΠΌΠΎΠ³ΡΡ ΠΊΠ΅ΡΠΈΡΠΎΠ²Π°ΡΡ Π·Π°ΠΏΠΈΡΠΈ ΠΎΡ ΠΊΠΎΡΠΏΠΎΡΠ°ΡΠΈΠ²Π½ΡΡ DNS-ΠΎΠ², ΡΡΠΎ ΠΌΠΎΠΆΠ΅Ρ ΠΏΡΠΈΠ²Π΅ΡΡΠΈ ΠΊ Π½Π΅ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ±ΠΎΡΠΊΠ΅ Π·Π°Π³ΡΡΠΆΠ°Π΅ΠΌΡΡ Π΄Π°Π½Π½ΡΡ .
π https://github.com/snovvcrash/exfiltrate
* ΠΠΎΠΌΠ΅Π½ ΠΌΠΎΠΆΠ½ΠΎ ΡΠΊΠ°Π·ΡΠ²Π°ΡΡ Π² Π²ΠΈΠ΄Π΅ Π°ΡΠ³ΡΠΌΠ΅Π½ΡΠ°.
* ΠΠΎΠ±Π°Π²ΠΈΠ» ΠΊΡΠ΅Π΄Π» Π½Π° PS, ΠΏΠΎΡΠΎΠΌΡ ΡΡΠΎ ΡΠΏΠ°Π²Π½ΠΈΡΡ 100500 child-ΠΏΡΠΎΡΠ΅ΡΡΠΎΠ²
nslookup.exe ΠΈΠ· VBS Π½Π΅ Π²ΡΠ΅Π³Π΄Π° ΠΊΠΎΠΌΠΈΠ»ΡΡΠΎ.* Π ΠΈΠ΄Π΅Π°Π»Π΅ Π»ΡΡΡΠ΅ ΠΎΠ±ΡΠ°ΡΠ°ΡΡΡΡ ΠΊ ΡΡΠΎΡΠΎΠ½Π½Π΅ΠΌΡ ΡΠ΅ΡΠ²Π΅ΡΡ Π΄Π»Ρ ΡΠ΅Π·ΠΎΠ»Π²Π°, ΠΏΠΎΡΠΎΠΌΡ ΡΡΠΎ ΠΊΠ»ΠΈΠ΅Π½ΡΡ ΠΌΠΎΠ³ΡΡ ΠΊΠ΅ΡΠΈΡΠΎΠ²Π°ΡΡ Π·Π°ΠΏΠΈΡΠΈ ΠΎΡ ΠΊΠΎΡΠΏΠΎΡΠ°ΡΠΈΠ²Π½ΡΡ DNS-ΠΎΠ², ΡΡΠΎ ΠΌΠΎΠΆΠ΅Ρ ΠΏΡΠΈΠ²Π΅ΡΡΠΈ ΠΊ Π½Π΅ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ±ΠΎΡΠΊΠ΅ Π·Π°Π³ΡΡΠΆΠ°Π΅ΠΌΡΡ Π΄Π°Π½Π½ΡΡ .
π https://github.com/snovvcrash/exfiltrate
π7
Offensive Xwitter
π [ Akamai Security Intelligence Group @akamai_research ] Turns out, sometimes it isn't DNS... it's DHCP π See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise. Worst part? No credentialsβ¦
π [ Akamai Security Intelligence Group @akamai_research ]
Earlier this month we released research by @oridavid123 on using DHCP to spoof DNS. But wait, there's more!
We are proud to release DDSpoof: a Python-based tool that enables red and blue teams to perform and study DHCP DNS attacks.
Learn how to use it:
π https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide?filter=123
π₯ [ tweet ]
Earlier this month we released research by @oridavid123 on using DHCP to spoof DNS. But wait, there's more!
We are proud to release DDSpoof: a Python-based tool that enables red and blue teams to perform and study DHCP DNS attacks.
Learn how to use it:
π https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide?filter=123
π₯ [ tweet ]
π₯6
π [ Grzegorz Tworek @0gtweet ]
Do you store your "DNS dynamic update registration credentials" in a DHCP?
Cute, it means I have a new tool for you ππ
Enjoy the DHCP Server DNS Password Stealer. The C source code, and the compiled exe, as usual:
π https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP
π₯ [ tweet ]
Do you store your "DNS dynamic update registration credentials" in a DHCP?
Cute, it means I have a new tool for you ππ
Enjoy the DHCP Server DNS Password Stealer. The C source code, and the compiled exe, as usual:
π https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP
π₯ [ tweet ]
π€―2π₯1
π [ Synacktiv @Synacktiv ]
One of our ninjas (@_ixty_) wrote a series of articles explaining how to write a win32 keylogger that supports all input languages (that don't use input method editors). Here is the first part which focuses on capturing keyboard events!
π https://www.synacktiv.com/publications/writing-a-decent-win32-keylogger-13
π₯ [ tweet ]
One of our ninjas (@_ixty_) wrote a series of articles explaining how to write a win32 keylogger that supports all input languages (that don't use input method editors). Here is the first part which focuses on capturing keyboard events!
π https://www.synacktiv.com/publications/writing-a-decent-win32-keylogger-13
π₯ [ tweet ]
π₯2
π [ rvrsh3ll @424f424f ]
@chvancooten is a certified #OST badass π«‘
π https://github.com/cobbr/Covenant/issues/391#issuecomment-1859177527
π₯ [ tweet ]
@chvancooten is a certified #OST badass π«‘
π https://github.com/cobbr/Covenant/issues/391#issuecomment-1859177527
π₯ [ tweet ]
ΡΠΌΠ΅ΡΠ½ΡΠ²ΠΊΠ°π8π1π₯±1
π [ VβοΈ @vincenzosantuc1 ]
What's better for Christmas than a nice read about Reflective DLL Injection? π
π https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/
#reflectivedll #oldbutgold #cplusplus #code #belloblog
π₯ [ tweet ]
What's better for Christmas than a nice read about Reflective DLL Injection? π
π https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/
#reflectivedll #oldbutgold #cplusplus #code #belloblog
π₯ [ tweet ]
π5π2
This media is not supported in your browser
VIEW IN TELEGRAM
π [ Alex neff @al3x_n3ff ]
A small gift: NetExec now supports Tab-Completion π
Made by @Adamkadaban
Merry Christmas!π
π₯ [ tweet ]
A small gift: NetExec now supports Tab-Completion π
Made by @Adamkadaban
Merry Christmas!π
π₯ [ tweet ]
π₯10π₯±1
π [ Ido Veltzman @Idov31 ]
There was no update for a while and the reason being a massive bug fixes, feature checking and a new feature (fun fact: it is the 23th feature!).
Now, you can use Nidhogg to dump credentials from LSASS!
Go check it out:
π https://github.com/Idov31/Nidhogg/tree/dev
#infosec #CyberSecurity
π₯ [ tweet ]
There was no update for a while and the reason being a massive bug fixes, feature checking and a new feature (fun fact: it is the 23th feature!).
Now, you can use Nidhogg to dump credentials from LSASS!
Go check it out:
π https://github.com/Idov31/Nidhogg/tree/dev
#infosec #CyberSecurity
π₯ [ tweet ]
π3π3
π [ Josh @passthehashbrwn ]
THIS is an APT. No "cmd /c net user", just technical capability that's almost indistinguishable from magic
π https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
π https://koeln.ftp.media.ccc.de/congress/2023/h264-hd/37c3-11859-eng-Operation_Triangulation_What_You_Get_When_Attack_iPhones_of_Researchers.mp4
TL;DR
π https://xakep.ru/2023/12/27/operation-triangulation-hardware-mystery/
π₯ [ tweet ]
THIS is an APT. No "cmd /c net user", just technical capability that's almost indistinguishable from magic
π https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
π https://koeln.ftp.media.ccc.de/congress/2023/h264-hd/37c3-11859-eng-Operation_Triangulation_What_You_Get_When_Attack_iPhones_of_Researchers.mp4
TL;DR
π https://xakep.ru/2023/12/27/operation-triangulation-hardware-mystery/
π₯ [ tweet ]
π€―14π₯1
π [ an0n @an0n_r0 ]
OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here it is by @netero_1010:
π https://github.com/netero1010/EDRSilencer
π₯ [ tweet ]
OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here it is by @netero_1010:
π https://github.com/netero1010/EDRSilencer
π₯ [ tweet ]
π₯2
Offensive Xwitter
π [ an0n @an0n_r0 ] OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here itβ¦
π [ Diego Capriotti @naksyn ]
The shutter project has been hiding in plain sight for quite some time. I've been happily using this for nearly 2 years:
π https://github.com/dsnezhkov/shutter
π₯ [ tweet ]
The shutter project has been hiding in plain sight for quite some time. I've been happily using this for nearly 2 years:
π https://github.com/dsnezhkov/shutter
π₯ [ tweet ]
π3