BREAKDEV RED - Red Team Community
#kgretzky
Join the vetted Discord community, oriented around using Evilginx and ethical phishing, where everyone can safely share their phishing tips and tricks without worrying about them being misused by unknown parties.
via BREAKDEV Blog (author: Kuba Gretzky)
#kgretzky
Join the vetted Discord community, oriented around using Evilginx and ethical phishing, where everyone can safely share their phishing tips and tricks without worrying about them being misused by unknown parties.
via BREAKDEV Blog (author: Kuba Gretzky)
Leveraging VSCode Extensions for Initial Access
#mdsec
Introduction On a recent red team engagement, MDSec were tasked with crafting a phishing campaign for initial access. The catch was that the in-scope phishing targets were developers with technical...
via MDSec Blog (author: Admin)
#mdsec
Introduction On a recent red team engagement, MDSec were tasked with crafting a phishing campaign for initial access. The catch was that the in-scope phishing targets were developers with technical...
via MDSec Blog (author: Admin)
Crafting Emails with HTML Injection
#trustedsec
Have you ever wanted to send an email from a domain you don’t have SMTP credentials for? With some HTML injection, we may be able to do just that. From time to time, applications have a need to notify users that an action has occurred or that something in the application needs attention. This may...
via TrustedSec Blog (author: Roza Maille)
#trustedsec
Have you ever wanted to send an email from a domain you don’t have SMTP credentials for? With some HTML injection, we may be able to do just that. From time to time, applications have a need to notify users that an action has occurred or that something in the application needs attention. This may...
via TrustedSec Blog (author: Roza Maille)
Lord Of The Ring0 - Part 5 | Saruman’s Manipulation
#idov31
via Ido Veltzman Blog (author: Ido Veltzman (idov3110@gmail.com))
#idov31
via Ido Veltzman Blog (author: Ido Veltzman (idov3110@gmail.com))
Creative Process Enumeration
#trustedsec
Very often in engagements, you’ll want to list out processes running on a host. One thing that is beneficial is to know is if the processes is a 64-bit or 32-bit process. Why do you need to know the process architecture, you might ask? The reasons are many, but one common example is that you...
via TrustedSec Blog (author: Roza Maille)
#trustedsec
Very often in engagements, you’ll want to list out processes running on a host. One thing that is beneficial is to know is if the processes is a 64-bit or 32-bit process. Why do you need to know the process architecture, you might ask? The reasons are many, but one common example is that you...
via TrustedSec Blog (author: Roza Maille)
This media is not supported in your browser
VIEW IN TELEGRAM
GPOddity: exploiting Active Directory GPOs through NTLM relaying, and more!
#synacktiv
via Synacktiv Blog (author: Quentin Roland)
#synacktiv
via Synacktiv Blog (author: Quentin Roland)
Shadow Wizard Registry Gang: Structured Registry Querying
#specterops
via SpecterOps Team Medium (author: Max Harley)
#specterops
via SpecterOps Team Medium (author: Max Harley)
Medium
Shadow Wizard Registry Gang: Structured Registry Querying
We love casting spells
Building a (slightly) better Melkor
#rastamouse
Melkor is a C# POC written by FuzzySec to simulate a TTP employed by InvisiMole. The concept is that post-ex assemblies are loaded into a payload/implant and kept encrypted using DPAPI whilst at rest. They are decrypted on demand and executed in a separate AppDomain. The AppDomain is unloaded once execution completes and only the
via Rasta Mouse Blog
#rastamouse
Melkor is a C# POC written by FuzzySec to simulate a TTP employed by InvisiMole. The concept is that post-ex assemblies are loaded into a payload/implant and kept encrypted using DPAPI whilst at rest. They are decrypted on demand and executed in a separate AppDomain. The AppDomain is unloaded once execution completes and only the
via Rasta Mouse Blog
Supporting Sprocket Security's offensive security testing with BChecks, from Burp Suite
#portswigger
The US-based organization Sprocket Security provides continuous penetration testing services to customers by monitoring clients’ attack surfaces and searching for new and novel exploitation techniques
via PortSwigger Blog
#portswigger
The US-based organization Sprocket Security provides continuous penetration testing services to customers by monitoring clients’ attack surfaces and searching for new and novel exploitation techniques
via PortSwigger Blog
CVE-2022-41099 - Analysis of a BitLocker Drive Encryption Bypass
#itm4n
In November 2022, an advisory was published by Microsoft about a BitLocker bypass. This vulnerability caught my attention because the fix required a manual operation by users and system administrators, even after installing all the security updates. Couple this with the fact that the procedure was not well documented initially, and you have the perfect recipe for disaster. This is typically th...
via Itm4n Blog (author: itm4n)
#itm4n
In November 2022, an advisory was published by Microsoft about a BitLocker bypass. This vulnerability caught my attention because the fix required a manual operation by users and system administrators, even after installing all the security updates. Couple this with the fact that the procedure was not well documented initially, and you have the perfect recipe for disaster. This is typically th...
via Itm4n Blog (author: itm4n)
Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking
#cobaltstrike
This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging of custom loaders and introduced the User-Defined Reflective Loader Visual Studio (UDRL-VS) template. In this installment, we’ll build upon the original UDRL-VS loader and explore how to apply our own [...]
via Cobalt Strike Blog (author: Robert Bearsby)
#cobaltstrike
This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging of custom loaders and introduced the User-Defined Reflective Loader Visual Studio (UDRL-VS) template. In this installment, we’ll build upon the original UDRL-VS loader and explore how to apply our own [...]
via Cobalt Strike Blog (author: Robert Bearsby)
Finding a POP chain on a common Symfony bundle : part 1
#synacktiv
via Synacktiv Blog (author: Rémi Matasse)
#synacktiv
via Synacktiv Blog (author: Rémi Matasse)
New learning paths, from the Web Security Academy
#portswigger
When you're starting out in the world of web security, it can be overwhelming trying to work out where to begin. There are dozens of vulnerability classes, and numerous exploit techniques to learn abo
via PortSwigger Blog
#portswigger
When you're starting out in the world of web security, it can be overwhelming trying to work out where to begin. There are dozens of vulnerability classes, and numerous exploit techniques to learn abo
via PortSwigger Blog
Forwarded from r0 Crew (Channel)
Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.
https://www.loldrivers.io/
#redteam #loldrivers #windows
https://www.loldrivers.io/
#redteam #loldrivers #windows
🏆1
Forwarded from r0 Crew (Channel)
Finding and exploiting process killer drivers with LOL for 3000$
In this article, I will introduce some kernel driver/internals theory and explain how to use the data in LOLDrivers to find interesting drivers. Finally, I will present 2 examples of vulnerable drivers and explain how to quickly reverse them and create a PoC to exploit them.
https://alice.climent-pommeret.red/posts/process-killer-driver/
#redteam #loldrivers #windows
In this article, I will introduce some kernel driver/internals theory and explain how to use the data in LOLDrivers to find interesting drivers. Finally, I will present 2 examples of vulnerable drivers and explain how to quickly reverse them and create a PoC to exploit them.
https://alice.climent-pommeret.red/posts/process-killer-driver/
#redteam #loldrivers #windows
Okta for Red Teamers
#trustedsec
For a long time, Red Teamers have been preaching the mantra “Don’t make Domain Admin the goal of the assessment” and it appears that customers are listening. Now, you’re much more likely to see objectives focused on services critical to an organization, with many being hosted in the cloud. With this shift in delegating some...
via TrustedSec Blog (author: Roza Maille)
#trustedsec
For a long time, Red Teamers have been preaching the mantra “Don’t make Domain Admin the goal of the assessment” and it appears that customers are listening. Now, you’re much more likely to see objectives focused on services critical to an organization, with many being hosted in the cloud. With this shift in delegating some...
via TrustedSec Blog (author: Roza Maille)
TrustedSec
Okta for Red Teamers
Okta Delegated Authentication We’ll start with a technology offered to users deploying their Okta tenant alongside traditional on-prem Active Directory…
The Not So Pleasant Password Manager
#mdsec
Overview During a recent adversary simulation, the MDSec ActiveBreach red team were asked to investigate the organisation’s Password Manager solution, with the key objective of compromising stored credentials, ideally from...
via MDSec Blog (author: Admin)
#mdsec
Overview During a recent adversary simulation, the MDSec ActiveBreach red team were asked to investigate the organisation’s Password Manager solution, with the key objective of compromising stored credentials, ideally from...
via MDSec Blog (author: Admin)
Cobalt Strike 4.9: Take Me To Your Loader
#cobaltstrike
Cobalt Strike 4.9 is now available. This release sees an overhaul to Cobalt Strike’s post exploitation capabilities to support user defined reflective loaders (UDRLs), the ability to export Beacon without a reflective loader which adds official support for prepend-style UDRLs, support for callbacks in a number of built-in functions, a new in-Beacon data store and [...]
via Cobalt Strike Blog (author: Greg Darwin)
#cobaltstrike
Cobalt Strike 4.9 is now available. This release sees an overhaul to Cobalt Strike’s post exploitation capabilities to support user defined reflective loaders (UDRLs), the ability to export Beacon without a reflective loader which adds official support for prepend-style UDRLs, support for callbacks in a number of built-in functions, a new in-Beacon data store and [...]
via Cobalt Strike Blog (author: Greg Darwin)
Reactive Progress and Tradecraft Innovation
#specterops
via SpecterOps Team Medium (author: Michael Barclay)
#specterops
via SpecterOps Team Medium (author: Michael Barclay)
Medium
Reactive Progress and Tradecraft Innovation
Detection as Prediction
Ghostwriter v4: 2FA, RBAC, and Logging, Oh My!
#specterops
via SpecterOps Team Medium (author: Christopher Maddalena)
#specterops
via SpecterOps Team Medium (author: Christopher Maddalena)
Medium
Ghostwriter v4: 2FA, RBAC, and Logging, Oh My!
Ghostwriter v4 is officially here! Technically, it’s been available as a release candidate for a while, but we have arrived at its final…