Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes
#dirkjanm
Temporary Access Passes are a method for Microsoft Entra ID (formerly Azure AD) administrators to configure a temporary password for user accounts, which will also satisfy Multi Factor Authentication controls. They can be a useful tool in setting up passwordless authentication methods such as FIDO keys and Windows Hello. In this blog, we take a closer look at the options attackers have to abuse Temporary Access Passes for lateral movement, showing how they can be used for passwordless persistence and even to recover on-premises Active Directory passwords in certain hybrid configurations.
via Dirk-jan Blog (author: Dirk-jan Mollema)
#dirkjanm
Temporary Access Passes are a method for Microsoft Entra ID (formerly Azure AD) administrators to configure a temporary password for user accounts, which will also satisfy Multi Factor Authentication controls. They can be a useful tool in setting up passwordless authentication methods such as FIDO keys and Windows Hello. In this blog, we take a closer look at the options attackers have to abuse Temporary Access Passes for lateral movement, showing how they can be used for passwordless persistence and even to recover on-premises Active Directory passwords in certain hybrid configurations.
via Dirk-jan Blog (author: Dirk-jan Mollema)
Survivorship Bias and How Red Teams Can Handle It
#bcsecurity
If you have spent any time on our Discord, you have almost certainly seen some discussions about the prevalence of PowerShell and how it’s still used in most modern attacks. After all, we are still big fans of it in threat emulation and still publish research on it. Inevitably though, [...]
via BC Security Blog (author: Hubbl3)
#bcsecurity
If you have spent any time on our Discord, you have almost certainly seen some discussions about the prevalence of PowerShell and how it’s still used in most modern attacks. After all, we are still big fans of it in threat emulation and still publish research on it. Inevitably though, [...]
via BC Security Blog (author: Hubbl3)
Custom Beacon Artifacts
#rastamouse
If you’re an experienced Cobalt Strike user, you will already know what roll the artifact kit plays in customising its binary (executable and DLL) payload artifacts (artefacts for the British). If not, here’s a tl;dr: Beacon is a reflective DLL that needs to be loaded into memory to run.
via Rasta Mouse Blog
#rastamouse
If you’re an experienced Cobalt Strike user, you will already know what roll the artifact kit plays in customising its binary (executable and DLL) payload artifacts (artefacts for the British). If not, here’s a tl;dr: Beacon is a reflective DLL that needs to be loaded into memory to run.
via Rasta Mouse Blog
XZ Utils Made Me Paranoid
#trustedsec
On March 28, 2024, the news about the XZ Utils backdoor came out. Since then, I’ve been thinking about how we could identify these backdoors before packages are released or, at the very least, how to identify them after…
via TrustedSec Blog (author: Kevin Haubris)
#trustedsec
On March 28, 2024, the news about the XZ Utils backdoor came out. Since then, I’ve been thinking about how we could identify these backdoors before packages are released or, at the very least, how to identify them after…
via TrustedSec Blog (author: Kevin Haubris)
One month of Burp Suite in the Cloud - how are AppSec teams using it?
#portswigger
It’s now been a month since we launched the new Cloud-based Burp Suite Enterprise Edition, and we’re taking a look at the benefits our users have seen so far.
via PortSwigger Blog
#portswigger
It’s now been a month since we launched the new Cloud-based Burp Suite Enterprise Edition, and we’re taking a look at the benefits our users have seen so far.
via PortSwigger Blog
Hacking Apple - SQL Injection to Remote Code Execution
#projectdiscovery
Introduction
In our last blog post, we delved into the inner workings of Lucee and took a look at the source code of Masa/Mura CMS, and the vastness of the potential attack surface struck us. It became evident that investing time in understanding the code could pay off. After
via ProjectDiscovery Research Blog (author: Harsh Jaiswal)
#projectdiscovery
Introduction
In our last blog post, we delved into the inner workings of Lucee and took a look at the source code of Masa/Mura CMS, and the vastness of the potential attack surface struck us. It became evident that investing time in understanding the code could pay off. After
via ProjectDiscovery Research Blog (author: Harsh Jaiswal)
Most Reported Web Findings of 2023
#trustedsec
I reviewed the findings from the application and API assessments that the TrustedSec Software Security Team conducted during 2023 to see what issues we were seeing most often. I put them into categories that I thought…
via TrustedSec Blog (author: Aaron James)
#trustedsec
I reviewed the findings from the application and API assessments that the TrustedSec Software Security Team conducted during 2023 to see what issues we were seeing most often. I put them into categories that I thought…
via TrustedSec Blog (author: Aaron James)
Extend Your Browser
#redsiege
by Ian Briley, Security Consultant In my last blog, I discussed using only a browser for web application testing, emphasizing how useful built-in browser tools like the Inspector and Console […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Ian Briley, Security Consultant In my last blog, I discussed using only a browser for web application testing, emphasizing how useful built-in browser tools like the Inspector and Console […]
via RedSiege Blog (author: Red Siege)
Emulation with Qiling
#nettitude
Introduction Qiling is an emulation framework that builds upon the Unicorn emulator by providing higher level functionality such as support for dynamic library loading, syscall interception and more. In this Labs post, we are going to look into Qiling and how it can be used to emulate a HTTP server binary from a router. The [...]
via Nettitude Labs Blog (author: Connor Ford)
#nettitude
Introduction Qiling is an emulation framework that builds upon the Unicorn emulator by providing higher level functionality such as support for dynamic library loading, syscall interception and more. In this Labs post, we are going to look into Qiling and how it can be used to emulate a HTTP server binary from a router. The [...]
via Nettitude Labs Blog (author: Connor Ford)
Kerberos Delegation Test App
#rastamouse
I have been quietly working on some new Kerberos course content, and although it’s not complete yet, I wanted to take a small segue to write this post. My approach to tackling the content required capturing and decrypting legitimate Kerberos traffic on the wire, so that readers could understand the protocol at the packet level.
via Rasta Mouse Blog
#rastamouse
I have been quietly working on some new Kerberos course content, and although it’s not complete yet, I wanted to take a small segue to write this post. My approach to tackling the content required capturing and decrypting legitimate Kerberos traffic on the wire, so that readers could understand the protocol at the packet level.
via Rasta Mouse Blog
🏆1
Introducing Meta-Detector
#trustedsec
In this blog post, I’m going to discuss a new Open-Source Intelligence (OSINT) tool I created to assist with collecting information about target organizations during penetration testing engagements. I call it,…
via TrustedSec Blog (author: Joe Sullivan)
#trustedsec
In this blog post, I’m going to discuss a new Open-Source Intelligence (OSINT) tool I created to assist with collecting information about target organizations during penetration testing engagements. I call it,…
via TrustedSec Blog (author: Joe Sullivan)
Phish Sticks; Hate the Smell, Love the Taste
#specterops
via SpecterOps Team Medium (author: Forrest Kasler)
#specterops
via SpecterOps Team Medium (author: Forrest Kasler)
Medium
Phish Sticks; Hate the Smell, Love the Taste
I’ll Make You Great at Phishing or Your Money Back
JS-Tap Mark II: Now with C2 Shenanigans
#trustedsec
JS-Tap is a tool intended to help red teams attack web applications. I recently blogged about the data collection capabilities in JS-Tap version 1.0, and data collection is still the primary purpose of JS-Tap. However,…
via TrustedSec Blog (author: Drew Kirkpatrick)
#trustedsec
JS-Tap is a tool intended to help red teams attack web applications. I recently blogged about the data collection capabilities in JS-Tap version 1.0, and data collection is still the primary purpose of JS-Tap. However,…
via TrustedSec Blog (author: Drew Kirkpatrick)
Burp Suite Enterprise Edition spring update 2024
#portswigger
We understand the unique challenges AppSec teams face—from navigating the rapid pace of development to achieving comprehensive coverage against new vulnerabilities. That’s why we’ve focused our latest
via PortSwigger Blog
#portswigger
We understand the unique challenges AppSec teams face—from navigating the rapid pace of development to achieving comprehensive coverage against new vulnerabilities. That’s why we’ve focused our latest
via PortSwigger Blog
Introducing SignSaboteur: forge signed web tokens with ease
#portswigger
Signed web tokens are widely used for stateless authentication and authorization throughout the web. The most popular format is JSON Web Tokens (JWT) which we've already covered in depth, but beyond t
via PortSwigger Research
#portswigger
Signed web tokens are widely used for stateless authentication and authorization throughout the web. The most popular format is JSON Web Tokens (JWT) which we've already covered in depth, but beyond t
via PortSwigger Research
Hijacking GitHub runners to compromise the organization
#synacktiv
via Synacktiv Blog (author: Hugo Vincent)
#synacktiv
via Synacktiv Blog (author: Hugo Vincent)
Assumed Breach: The Evolution of Offensive Security Testing
#trustedsec
The goal of this post is singular: inform you (innocent reader, client, or competitor) about how we at TrustedSec are attempting to meet specific industry needs that have been growing over time pertaining to Assumed…
via TrustedSec Blog (author: Jason Lang)
#trustedsec
The goal of this post is singular: inform you (innocent reader, client, or competitor) about how we at TrustedSec are attempting to meet specific industry needs that have been growing over time pertaining to Assumed…
via TrustedSec Blog (author: Jason Lang)
Inside the iOS bug that made deleted photos reappear
#synacktiv
via Synacktiv Blog (author: Webmaster)
#synacktiv
via Synacktiv Blog (author: Webmaster)
Refining your HTTP perspective, with bambdas
#portswigger
When you open a HTTP request or response, what do you instinctively look for? Suspicious parameter names? CORS headers? Some clue as to the request's origin or underlying purpose? A single HTTP messag
via PortSwigger Research
#portswigger
When you open a HTTP request or response, what do you instinctively look for? Suspicious parameter names? CORS headers? Some clue as to the request's origin or underlying purpose? A single HTTP messag
via PortSwigger Research