π [ Nicolas Krassas @Dinosn ]
PoC for using MS Windows printers for persistence / command and control via Internet Printing
π https://github.com/Diverto/IPPrintC2
π₯ [ tweet ]
PoC for using MS Windows printers for persistence / command and control via Internet Printing
π https://github.com/Diverto/IPPrintC2
π₯ [ tweet ]
π₯6π2
π [ CravateRouge @rouge_cravate ]
Performing kerberos cross domain authentication with impacket is not straightforward!
If you want to authenticate on domain A (trusting domain B) with a userB you must ask a ST to domain B for krbtgt/domainA and then use this ST to request new ST to domainA, e.g.:
π₯ [ tweet ]
Performing kerberos cross domain authentication with impacket is not straightforward!
If you want to authenticate on domain A (trusting domain B) with a userB you must ask a ST to domain B for krbtgt/domainA and then use this ST to request new ST to domainA, e.g.:
π₯ [ tweet ]
Π for ΠΠ°ΡΠ½π₯5
π [ sinusoid @the_bit_diddler ]
I'm intending to release an open-source Visual Studio Code extension to make writing BOFs easier for the community:
- Complete Nt/Zw function prototypes with tab completion (and correct typecasting for placeholder variables)
- MSDN header searching
PoC:
π https://www.youtube.com/watch?v=oWss4Ac9Pl8
π₯ [ tweet ]
I'm intending to release an open-source Visual Studio Code extension to make writing BOFs easier for the community:
- Complete Nt/Zw function prototypes with tab completion (and correct typecasting for placeholder variables)
- MSDN header searching
PoC:
π https://www.youtube.com/watch?v=oWss4Ac9Pl8
π₯ [ tweet ]
π₯3
π [ Steve S. @0xTriboulet ]
@vxunderground
BSides Talk on Writing malware in Nim w/o the Nim Runtime
π https://github.com/m4ul3r/writing_nimless/blob/main/Writing%20Nimless%20nim.pdf
π₯ [ tweet ]
@vxunderground
BSides Talk on Writing malware in Nim w/o the Nim Runtime
π https://github.com/m4ul3r/writing_nimless/blob/main/Writing%20Nimless%20nim.pdf
π₯ [ tweet ]
π€―3π₯2π€1
π [ CravateRouge @rouge_cravate ]
Having an AD with trusts you can reach?
bloodyAD can now retrieve the trusts of the trusts where you can connect to and print them as a nice ascii tree
π₯ [ tweet ]
Having an AD with trusts you can reach?
bloodyAD can now retrieve the trusts of the trusts where you can connect to and print them as a nice ascii tree
π₯ [ tweet ]
π₯8
π [ Binni Shah @binitamshah ]
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass : credits @Denis_Skvortcov
π https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
π₯ [ tweet ]
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass : credits @Denis_Skvortcov
π https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
π₯ [ tweet ]
π₯5π1
π [ Jonny Johnson @jsecurity101 ]
Without further ado - here is EtwInspector!
This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events.
π https://github.com/jsecurity101/ETWInspector
π₯ [ tweet ][ quote ]
Without further ado - here is EtwInspector!
This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events.
π https://github.com/jsecurity101/ETWInspector
π₯ [ tweet ][ quote ]
π5
π [ eversinc33 π©Έπ‘οΈ @eversinc33 ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
π₯ [ tweet ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
π₯ [ tweet ]
*ΡΠΌΠ΅ΡΠ½ΠΎΠΉ ΡΡΠ°Ρ Π² ΡΡΠ΅Π΄Π΅*π₯7π1
π [ NCV @nickvourd ]
This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!
π https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/
π₯ [ tweet ]
#Π΄Π»Ρ_ΡΠ°ΠΌΡΡ _ΠΌΠ°Π»Π΅Π½ΡΠΊΠΈΡ
This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!
π https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/
π₯ [ tweet ]
#Π΄Π»Ρ_ΡΠ°ΠΌΡΡ _ΠΌΠ°Π»Π΅Π½ΡΠΊΠΈΡ
π2
Offensive Xwitter
*ΡΠΌΠ΅ΡΠ½ΠΎΠΉ ΡΡΠ°Ρ Π² ΡΡΠ΅Π΄Π΅*
ΠΠ°ΠΊ ΡΠΊΡΠ°ΡΠΈΡΡ ΡΠ²ΠΎΠΉ Π²Π΅ΡΠ΅Ρ: ΠΈΠ΄Π΅ΠΌ Π² https://x.com/studentofthings, ΠΎΡΠΊΡΡΠ²Π°Π΅ΠΌ ΠΡΠ²Π΅ΡΡ, ΡΠΈΡΠ°Π΅ΠΌ ΡΡΠ΅Π΄Ρ, ΡΠΎΡΠ»ΠΈΡΡΠ΅ΠΌ.
π₯4π3π₯±2π1
π [ VirusTotal @virustotal ]
"YARA is dead, long live YARA-X!" π
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by @plusvic :
π https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html
π₯ [ tweet ]
"YARA is dead, long live YARA-X!" π
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by @plusvic :
π https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html
π₯ [ tweet ]
π₯8π€1π’1
π [ Thomas Rinsma @thomasrinsma ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
π https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
π₯ [ tweet ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
π https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
π₯ [ tweet ]
π4
π [ Amal Murali @amalmurali47 ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
π https://amalmurali.me/posts/git-rce/
π₯ [ tweet ][ quote ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
π https://amalmurali.me/posts/git-rce/
π₯ [ tweet ][ quote ]
Forwarded from PT SWARM
𧧠Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT!
Bounty: $28,000 πΈ
Here is the write-up π https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
Bounty: $28,000 πΈ
Here is the write-up π https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
π€―15π4π₯±2π€1
π [ Lsec @lsecqt ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
π https://www.youtube.com/watch?v=2agrRX4fD_I
π₯ [ tweet ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
π https://www.youtube.com/watch?v=2agrRX4fD_I
π₯ [ tweet ]
π3
π [ Ptrace Security GmbH @ptracesecurity ]
Nmap Dashboard with Grafana:
π https://hackertarget.com/nmap-dashboard-with-grafana/
π₯ [ tweet ]
Nmap Dashboard with Grafana:
π https://hackertarget.com/nmap-dashboard-with-grafana/
π₯ [ tweet ]
ΠΏΡΠΈΠΊΠΎΠ»ΡΠ½Π°Ρ ΠΈΠ΄Π΅Ρπ12π€1
π [ es3n1n @es3n1n ]
i did a thing
π https://github.com/es3n1n/no-defender
π₯ [ tweet ]
i did a thing
π https://github.com/es3n1n/no-defender
π₯ [ tweet ]
ΡΠ²Π΅ΠΆΠ°ΠΊπ₯9
π [ Slowerzs @slowerzs ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
π https://blog.slowerzs.net/posts/pplsystem/
π₯ [ tweet ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
π https://blog.slowerzs.net/posts/pplsystem/
π₯ [ tweet ]
π5π₯±1
π [ slonser @slonser_ ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
π https://blog.slonser.info/posts/email-attacks/
π₯ [ tweet ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
π https://blog.slonser.info/posts/email-attacks/
π₯ [ tweet ]
π10π₯±2
π [ spencer @techspence ]
I'm gonna start calling this THE FABULOUS FOUR! π
π https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-scripts/
π https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
π https://github.com/TrimarcJake/Locksmith
π https://www.pingcastle.com/
π₯ [ tweet ]
I'm gonna start calling this THE FABULOUS FOUR! π
π https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-scripts/
π https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
π https://github.com/TrimarcJake/Locksmith
π https://www.pingcastle.com/
π₯ [ tweet ]
π₯8