Forwarded from road to OSCP
Introducing Bambdas
#portswigger
You've might have heard of Lambdas. But have you heard of Bambdas? They're a unique new way to customize Burp Suite directly from the UI, using only small snippets of Java. Changing the face of Burp Suite
via PortSwigger Blog
#portswigger
You've might have heard of Lambdas. But have you heard of Bambdas? They're a unique new way to customize Burp Suite directly from the UI, using only small snippets of Java. Changing the face of Burp Suite
via PortSwigger Blog
Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic
#specterops
via SpecterOps Team Medium (author: Russel Van Tuyl)
#specterops
via SpecterOps Team Medium (author: Russel Van Tuyl)
Medium
Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic
Over the past year, I’ve been working on making significant updates to Merlin in my free time. Today, I’m ready to release version 2 of…
Magento Template Engine, a story of CVE-2022-24086
#synacktiv
via Synacktiv Blog (author: Antoine Gicquel)
#synacktiv
via Synacktiv Blog (author: Antoine Gicquel)
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
#specterops
via SpecterOps Team Medium (author: Cody Thomas)
#specterops
via SpecterOps Team Medium (author: Cody Thomas)
Medium
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
New UI and quality of life updates!
It's Turtles All The Way Down
#objectivesee
Yet more ransomware targeting macOS! In this post we analyze the newly discovered "Turtle" ransomware and provide both a decryptor and a method to procactively thwart it.
via Objective-See Blog
#objectivesee
Yet more ransomware targeting macOS! In this post we analyze the newly discovered "Turtle" ransomware and provide both a decryptor and a method to procactively thwart it.
via Objective-See Blog
The SOCKS We Have at Home
#trustedsec
When performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our attacking system is connected to. This is often the case when…
via TrustedSec Blog (author: Esteban Rodriguez)
#trustedsec
When performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our attacking system is connected to. This is often the case when…
via TrustedSec Blog (author: Esteban Rodriguez)
Blind CSS Exfiltration: exfiltrate unknown web pages
#portswigger
This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... Why would we want to do blind CSS exfiltration? I
via PortSwigger Research
#portswigger
This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... Why would we want to do blind CSS exfiltration? I
via PortSwigger Research
Using ntdissector to extract secrets from ADAM NTDS files
#synacktiv
via Synacktiv Blog (author: Julien Legras)
#synacktiv
via Synacktiv Blog (author: Julien Legras)
Finding that one weird endpoint, with Bambdas
#portswigger
Security research involves a lot of failure. It's a perpetual balancing act between taking small steps with a predictable but boring outcome, and trying out wild concepts that are so crazy they might
via PortSwigger Research
#portswigger
Security research involves a lot of failure. It's a perpetual balancing act between taking small steps with a predictable but boring outcome, and trying out wild concepts that are so crazy they might
via PortSwigger Research
The future of Bambdas
#portswigger
Bambdas, a unique new way to customize Burp Suite on the fly with small snippets of code, were first introduced in the form of a custom filter for the Proxy HTTP history. This is just the first of man
via PortSwigger Blog
#portswigger
Bambdas, a unique new way to customize Burp Suite on the fly with small snippets of code, were first introduced in the form of a custom filter for the Proxy HTTP history. This is just the first of man
via PortSwigger Blog
Unmasking Business Email Compromise: Safeguarding Organizations in the Digital Age
#trustedsec
Business Email Compromises (BEC) within the Microsoft 365 environment are a large threat with nearly $500 Million reported in stolen funds in 2022[1]. Attackers are targeting both company and personal email accounts.…
via TrustedSec Blog (author: Steven Erwin)
#trustedsec
Business Email Compromises (BEC) within the Microsoft 365 environment are a large threat with nearly $500 Million reported in stolen funds in 2022[1]. Attackers are targeting both company and personal email accounts.…
via TrustedSec Blog (author: Steven Erwin)
Mapping Virtual to Physical Adresses Using Superfetch
#outflank
With the Bring Your Own Vulnerable Driver (BYOVD) technique popping up in Red Teaming arsenals, we have seen additional capabilities being added like the ability to kill (EDR) processes or read protected memory (LSASS), all being performed by leveraging drivers operating in kernel land.
Sooner or later during BYOVD tooling development, you will run into the issue of needing to resolve virtual to physical memory addresses. Some drivers may expose routines that allow control over physical address ranges. While this is a powerful capability, how do we make the mapping between virtual and physical addresses? Mistakes can be costly and result in BSODs. That’s what we’re exploring in this blog post. We will document a technique that relies on a Windows feature referred to as “Superfetch”.
via Outflank Blog (author: Cedric Van Bockhaven)
#outflank
With the Bring Your Own Vulnerable Driver (BYOVD) technique popping up in Red Teaming arsenals, we have seen additional capabilities being added like the ability to kill (EDR) processes or read protected memory (LSASS), all being performed by leveraging drivers operating in kernel land.
Sooner or later during BYOVD tooling development, you will run into the issue of needing to resolve virtual to physical memory addresses. Some drivers may expose routines that allow control over physical address ranges. While this is a powerful capability, how do we make the mapping between virtual and physical addresses? Mistakes can be costly and result in BSODs. That’s what we’re exploring in this blog post. We will document a technique that relies on a Windows feature referred to as “Superfetch”.
via Outflank Blog (author: Cedric Van Bockhaven)
#tool #sandbox
Found interesting tool that aggregates and implements a lot of VM-detection techniques in C++. Also it provides an easy-to-use interface to run all techniques in a row.
May be useful for sandbox/vm detection and evasion in your operations.
🔗 https://github.com/kernelwernel/VMAware
Found interesting tool that aggregates and implements a lot of VM-detection techniques in C++. Also it provides an easy-to-use interface to run all techniques in a row.
May be useful for sandbox/vm detection and evasion in your operations.
🔗 https://github.com/kernelwernel/VMAware
Release v1.8 - Mirage - Evading Every EDR On The Planet Part 2
#bruteratel
Brute Ratel v1.8 [codename Mirage] is now available for download. This release provides a heavy update towards evasion and other feature requests by the community. Customers using v1.7 release should note that the Badgers of v1.7 will not support v1.8. Do not upgrade to this release if you are in an active engagement. Release notes have been disabled from here on out as we’ve noticed that it helps various security solutions to build detection capabilities on them. All blog updates/documentation will only contain minimalistic information on the internals starting from this release. Customers wanting further information can reach out to us on the dedicated email or discord support channel.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))
#bruteratel
Brute Ratel v1.8 [codename Mirage] is now available for download. This release provides a heavy update towards evasion and other feature requests by the community. Customers using v1.7 release should note that the Badgers of v1.7 will not support v1.8. Do not upgrade to this release if you are in an active engagement. Release notes have been disabled from here on out as we’ve noticed that it helps various security solutions to build detection capabilities on them. All blog updates/documentation will only contain minimalistic information on the internals starting from this release. Customers wanting further information can reach out to us on the dedicated email or discord support channel.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))