π [ Scott Sutherland @_nullbind ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
π https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
π₯ [ tweet ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
π https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
π₯ [ tweet ]
π₯5π₯±1
π [ lazarusholic @lazarusholic ]
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs.
π https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages
π₯ [ tweet ]
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs.
π https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages
π₯ [ tweet ]
X (formerly Twitter)
lazarusholic (@lazarusholic) on X
a big fan of lazarus.
π3π€2
π [ Pen Test Partners @PenTestPartners ]
Discover how our @_EthicalChaos_ edited Group Policy Objects (GPOs) without being tied to a domain-joined system π This technical blog explores the challenges of manipulating GPOs from non-domain environments using native Windows tools β minimising IOCs and maximising stealth in your red teaming efforts π΄
@_EthicalChaos_ details the process of manipulating the Group Policy Manager MMC snap-in, diving into debugging techniques, function manipulation, and the strategic use of hooks to bypass typical domain checks.
Discover how to intercept and modify critical functions like GetUserNameExW to bypass domain checks and tackle further complexities in the Group Policy Editor using hooks with the DGPOEdit tool, which @_EthicalChaos_ has put on GitHub for free.
This blog covers the technical barriers, API call modifications, and the challenges in creating a seamless experience with native toolingβwithout compromising operational security. Perfect for those looking to leverage native Windows tools in their red teaming arsenal, this guide provides detailed insights into pushing beyond the limitations of standard approaches.
π οΈ Look at @_EthicalChaos_ methods and get access to the free DGPOEdit tool from the full blog now.
Read it here:
π https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
π₯ [ tweet ]
Discover how our @_EthicalChaos_ edited Group Policy Objects (GPOs) without being tied to a domain-joined system π This technical blog explores the challenges of manipulating GPOs from non-domain environments using native Windows tools β minimising IOCs and maximising stealth in your red teaming efforts π΄
@_EthicalChaos_ details the process of manipulating the Group Policy Manager MMC snap-in, diving into debugging techniques, function manipulation, and the strategic use of hooks to bypass typical domain checks.
Discover how to intercept and modify critical functions like GetUserNameExW to bypass domain checks and tackle further complexities in the Group Policy Editor using hooks with the DGPOEdit tool, which @_EthicalChaos_ has put on GitHub for free.
This blog covers the technical barriers, API call modifications, and the challenges in creating a seamless experience with native toolingβwithout compromising operational security. Perfect for those looking to leverage native Windows tools in their red teaming arsenal, this guide provides detailed insights into pushing beyond the limitations of standard approaches.
π οΈ Look at @_EthicalChaos_ methods and get access to the free DGPOEdit tool from the full blog now.
Read it here:
π https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
π₯ [ tweet ]
π₯6π4π1
This media is not supported in your browser
VIEW IN TELEGRAM
π [ konrad @konradgajdus ]
I made a donut using the C standard library:
π https://github.com/konrad-gajdus/donut
π₯ [ tweet ]
I made a donut using the C standard library:
π https://github.com/konrad-gajdus/donut
π₯ [ tweet ]
ΠΊΡΠ°ΡΠΈΠ²ΠΎΠ΅π15π₯±6π4π€―2π₯1
This media is not supported in your browser
VIEW IN TELEGRAM
π [ JiΕΓ Vinopal @vinopaljiri ]
Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be:
Executed as a normal #exe
Loaded as #dll + export function can be invoked
Run via "rundll32.exe"
Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub
π https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
π₯ [ tweet ]
Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be:
Executed as a normal #exe
Loaded as #dll + export function can be invoked
Run via "rundll32.exe"
Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub
π https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
π₯ [ tweet ]
π5π€1
π [ Sam βοΈπͺ΅ @Sam0x90 ]
Interesting ZIP trick with
zip > docx LNK > ftp.exe > disguised pythonw.exe > CS shellcode
π https://www.ctfiot.com/203334.html
π₯ [ tweet ]
Interesting ZIP trick with
__Macosx__ folder and LNK executing ftp script to execute embedded pythonw.exe zip > docx LNK > ftp.exe > disguised pythonw.exe > CS shellcode
π https://www.ctfiot.com/203334.html
π₯ [ tweet ]
π10
π [ Het Mehta @hetmehtaa ]
Reversing a VPN client to hijack sessions
π https://rotarydrone.medium.com/decrypting-and-replaying-vpn-cookies-4a1d8fc7773e
π₯ [ tweet ]
Reversing a VPN client to hijack sessions
π https://rotarydrone.medium.com/decrypting-and-replaying-vpn-cookies-4a1d8fc7773e
π₯ [ tweet ]
π₯9
This media is not supported in your browser
VIEW IN TELEGRAM
π [ John Hammond @_JohnHammond ]
Well, this was a stupid insomnia project, but... π
Playground code is here:
π https://github.com/JohnHammond/recaptcha-phish
π₯ [ tweet ][ quote ]
Well, this was a stupid insomnia project, but... π
Playground code is here:
π https://github.com/JohnHammond/recaptcha-phish
π₯ [ tweet ][ quote ]
Π·Π°Π²ΠΈΡΡΡΠΈΠ»ΠΎΡΡ, ΠΏΡΠΈΠΊΠΎΠ»ΡΠ½ΠΎπ18π1π₯±1
Offensive Xwitter
π [ JiΕΓ Vinopal @vinopaljiri ] Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be: Executed as a normal #exe Loaded as #dll + export function can be invoked Run via "rundll32.exe" Executed as #shellcode right from the DOS (MZ) headerβ¦
π [ Kurosh Dabbagh @_Kudaes_ ]
Somebody asked if you can run a dll directly without rundll32 as you would do with an exe. You just need to remove the IMAGE_FILE_DLL flag from IMAGE_FILE_HEADER->Characteristics, which can be done with the option -e. Don't see much use for it tho ^^
π https://github.com/Kudaes/CustomEntryPoint
π₯ [ tweet ]
Somebody asked if you can run a dll directly without rundll32 as you would do with an exe. You just need to remove the IMAGE_FILE_DLL flag from IMAGE_FILE_HEADER->Characteristics, which can be done with the option -e. Don't see much use for it tho ^^
π https://github.com/Kudaes/CustomEntryPoint
π₯ [ tweet ]
π18
π [ Usman Sikander @UsmanSikander13 ]
Basics to advanced process injection. Covering 25 techniques:
π https://github.com/Offensive-Panda/ProcessInjectionTechniques
π₯ [ tweet ]
Basics to advanced process injection. Covering 25 techniques:
π https://github.com/Offensive-Panda/ProcessInjectionTechniques
π₯ [ tweet ]
π14
π [ Aleem Ladha @LadhaAleem ]
I've fully automated the lab used for @_leHACK_ Active Directory 2024 workshop done by @mpgn_x64 and it's available for everyone ! π₯
Also big kudos to @M4yFly for the playbooks and NetExec dev teams for this awesome tool !
Hope you enjoy, more to come
π https://github.com/Pennyw0rth/NetExec-Lab
π₯ [ tweet ]
I've fully automated the lab used for @_leHACK_ Active Directory 2024 workshop done by @mpgn_x64 and it's available for everyone ! π₯
Also big kudos to @M4yFly for the playbooks and NetExec dev teams for this awesome tool !
Hope you enjoy, more to come
π https://github.com/Pennyw0rth/NetExec-Lab
π₯ [ tweet ]
π9π₯7π€2π€―2
π [ Koen Van Impe β @cudeso ]
Interesting approach shared by @Wietze on manipulating
π https://www.wietzebeukema.nl/blog/why-bother-with-argv0
π₯ [ tweet ]
Interesting approach shared by @Wietze on manipulating
argv[0] to mislead security tools and analysts. A clever tactic for obfuscation!π https://www.wietzebeukema.nl/blog/why-bother-with-argv0
π₯ [ tweet ]
π12π₯1π€―1
π [ Nikhil Hegde @ka1do9 ]
In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions.
π https://nikhilh-20.github.io/blog/peb_phobos_ransomware/
π₯ [ tweet ]
In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions.
π https://nikhilh-20.github.io/blog/peb_phobos_ransomware/
π₯ [ tweet ]
π9π₯6
π [ Justin Elze @HackingLZ ]
Pwning C2 frameworks
π https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/
π₯ [ tweet ]
Pwning C2 frameworks
π https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/
π₯ [ tweet ]
π6π₯3
π [ konrad @konradgajdus ]
From Theory to Code: Implementing a Neural Network in 200 Lines of C
π http://x.com/i/article/1837064930832404482
π₯ [ tweet ]
From Theory to Code: Implementing a Neural Network in 200 Lines of C
π http://x.com/i/article/1837064930832404482
π₯ [ tweet ]
π€―3
π [ Orange Cyberdefense Switzerland @orangecyberch ]
π»π‘οΈ In this series of blog posts, ClΓ©ment Labro (itm4n) one of our ethical hacker, explores yet another avenue for bypassing LSA Protection in Userland.
Blog series:
π https://itm4n.github.io/ghost-in-the-ppl-part-1/
π https://itm4n.github.io/ghost-in-the-ppl-part-2/
π https://itm4n.github.io/ghost-in-the-ppl-part-3/
Code:
π https://github.com/itm4n/PPLrevenant
π https://github.com/itm4n/Pentest-Windows/tree/main/NdrServerCallAll
π₯ [ tweet ]
π»π‘οΈ In this series of blog posts, ClΓ©ment Labro (itm4n) one of our ethical hacker, explores yet another avenue for bypassing LSA Protection in Userland.
Blog series:
π https://itm4n.github.io/ghost-in-the-ppl-part-1/
π https://itm4n.github.io/ghost-in-the-ppl-part-2/
π https://itm4n.github.io/ghost-in-the-ppl-part-3/
Code:
π https://github.com/itm4n/PPLrevenant
π https://github.com/itm4n/Pentest-Windows/tree/main/NdrServerCallAll
π₯ [ tweet ]
π10π₯3
π [ Remko Weijnen @RemkoWeijnen ]
Proof of Concept to leverage Windows App to create an LSASS dump
π https://github.com/rweijnen/createdump
π₯ [ tweet ]
Proof of Concept to leverage Windows App to create an LSASS dump
π https://github.com/rweijnen/createdump
π₯ [ tweet ]
π₯±5π₯4π1
π [ DSAS by INJECT @DevSecAS ]
Recursive Loader
Explanation of code: The following code is inspired by APT Linux/Kobalos. Kobalos was malware, suspected to be tied to the Chinese government, which was fully recursive. It was novel malware.
π https://github.com/Evi1Grey5/Recursive-Loader
π₯ [ tweet ]
Recursive Loader
Explanation of code: The following code is inspired by APT Linux/Kobalos. Kobalos was malware, suspected to be tied to the Chinese government, which was fully recursive. It was novel malware.
π https://github.com/Evi1Grey5/Recursive-Loader
π₯ [ tweet ]
π11
π [ Will @BushidoToken ]
I am happy to share another new resource I recently made called The Russian APT Tool Matrix π·πΊ
π https://blog.bushidotoken.net/2024/09/the-russian-apt-tool-matrix.html
π https://github.com/BushidoUK/Russian-APT-Tool-Matrix
π₯ [ tweet ]
I am happy to share another new resource I recently made called The Russian APT Tool Matrix π·πΊ
π https://blog.bushidotoken.net/2024/09/the-russian-apt-tool-matrix.html
π https://github.com/BushidoUK/Russian-APT-Tool-Matrix
π₯ [ tweet ]
ΠΈΡΠ΅ΠΌ ΡΠ΅Π±Ρ, ΠΏΠ°ΡΠ°Π½Ρπ8π₯±6π3π3π’1