Microsoft Shift F10 bypass + Autopilot privilege escalation
๐ฃk4m1ll0
Am i missing something, or could you just as easily pop out the harddisk and put it in another machine to remove the DisableCMDRequest.TAG file/do whatever you want?
๐คBl00dsoul
There are ways to disable it: https://call4cloud.nl/2022/01/the-oobe-massacre-the-beginning-of-shift-f10/
Another attack vector would be audit mode at beginning of setup. After creating admin accounts or whatever sysprep back to OOBE to continue with autopilot
๐คHankMardukasNY
This vuln is fairly well-known in the Intune community, but mostly theoretical - great to see a writeup and full attack chain. Do you have any recommendations for mitigating it? I've focused on using preprovisioning to lock down the system and defaultuser0, but being able to alt-tab and modify system state at all seems like a huge attack surface
๐คPl4nty
๐@malwr
๐ฃk4m1ll0
Am i missing something, or could you just as easily pop out the harddisk and put it in another machine to remove the DisableCMDRequest.TAG file/do whatever you want?
๐คBl00dsoul
There are ways to disable it: https://call4cloud.nl/2022/01/the-oobe-massacre-the-beginning-of-shift-f10/
Another attack vector would be audit mode at beginning of setup. After creating admin accounts or whatever sysprep back to OOBE to continue with autopilot
๐คHankMardukasNY
This vuln is fairly well-known in the Intune community, but mostly theoretical - great to see a writeup and full attack chain. Do you have any recommendations for mitigating it? I've focused on using preprovisioning to lock down the system and defaultuser0, but being able to alt-tab and modify system state at all seems like a huge attack surface
๐คPl4nty
๐@malwr
K4M1Ll0
Shift F10 bypass and Autopilot privilege escalation - Microsoft
Shift + F10 bypass and privilege escalation
๐1
Process Memory Basics for Reverse Engineers - Tracking Memory With A Debugger (OALABS Tutorial)
๐ฃherrcore
๐@malwr
๐ฃherrcore
๐@malwr
YouTube
Process Memory Basics for Reverse Engineers - Tracking Memory With A Debugger [ Patreon Unlocked ]
Full Patreon tutorial (with examples):
https://www.patreon.com/posts/process-memory-1-72454056
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
httโฆ
https://www.patreon.com/posts/process-memory-1-72454056
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
httโฆ
Poseidonโs Offspring: Charybdis and Scylla - The attacks target a number of advertising SDKs within apps available via both Googleโs Play Store and Appleโs App Store.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
HUMAN Security
Poseidonโs Offspring: Charybdis and Scylla - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered a network of 89 Android and iOS apps committing various flavors of ad fraud.
Tips and tricks for reversing foreign architecture games
๐ฃjeandrew
Um, no, the 6809 is not the same as m68k. The latter is the later 68000 series.
๐คohmantics
๐@malwr
๐ฃjeandrew
Um, no, the 6809 is not the same as m68k. The latter is the later 68000 series.
๐คohmantics
๐@malwr
mahaloz.re
Tips and tricks for reversing foreign architecture games
Some common techniques used while reversing unknown architectures seen through the lens of an 80's game hacking challenge from 0CTF22
Hardware encrypted usb suggestions??
What products are we using for hardware encrypted drives to move data around and store forensic data securely?
๐ฃdfzachary
Iโve used Aegis and SiForce. I much prefer the latter as they are more reliable and less prone to disconnection due to power consumption issues.
๐คucfmsdf
Apricorn Aegis Padlock drives are the best!
๐คno_sushi_4_u
๐@malwr
What products are we using for hardware encrypted drives to move data around and store forensic data securely?
๐ฃdfzachary
Iโve used Aegis and SiForce. I much prefer the latter as they are more reliable and less prone to disconnection due to power consumption issues.
๐คucfmsdf
Apricorn Aegis Padlock drives are the best!
๐คno_sushi_4_u
๐@malwr
reddit
Hardware encrypted usb suggestions??
What products are we using for hardware encrypted drives to move data around and store forensic data securely?
Whatโs In A Bit โ Designing, Using And Reverse-engineering Binary File Formats - Peter Bindels
๐ฃmttd
๐@malwr
๐ฃmttd
๐@malwr
YouTube
Whatโs In A Bit โ Designing, Using And Reverse-engineering Binary File Formats - Peter Bindels
C++ on Sea Website: https://cpponsea.uk/
C++ on Sea Twitter: https://twitter.com/cpponsea
---
Whatโs in a Bit โ Peter Bindels - C++ on Sea 2022
Slides: https://github.com/philsquared/cpponsea-slides/tree/master/2022
Ever tried to create a .COM program byโฆ
C++ on Sea Twitter: https://twitter.com/cpponsea
---
Whatโs in a Bit โ Peter Bindels - C++ on Sea 2022
Slides: https://github.com/philsquared/cpponsea-slides/tree/master/2022
Ever tried to create a .COM program byโฆ
Blue Team Lab guide 7 - End Devices
Hello everyone, after a small break I wrote another article in my series for Blue Team Home Lab, this time the focus was on end devices, that represent the corporate devices. Hope you'll like it. :)
https://facyber.me/posts/blue-team-lab-guide-part-7/
๐ฃfacyber
๐@malwr
Hello everyone, after a small break I wrote another article in my series for Blue Team Home Lab, this time the focus was on end devices, that represent the corporate devices. Hope you'll like it. :)
https://facyber.me/posts/blue-team-lab-guide-part-7/
๐ฃfacyber
๐@malwr
facyber
Building Blue Team Home Lab Part 7 - Corporate LAN (End Devices)
After a while, I returned with a new tutorial, a continuation of my Blue Team Home Lab series, and this time itโs about adding the end devices to our lab. For this part, we are going to use Windows 7 and Windows 10 evaluation images, which can be downloadedโฆ
NETSCOUT DDoS Threat Intelligence Report: ISSUE 9: FINDINGS FROM 1ST HALF 2022
๐ฃjnazario
๐@malwr
๐ฃjnazario
๐@malwr
Latest Cyber Threat Intelligence Report
NETSCOUT Threat Intelligence Report
NETSCOUTโs latest DDoS Cyber Threat Intelligence Report showcases the latest trends in cyber attacks. Learn more from our latest cyber threat intelligence report.
monomorph: MD5-Monomorphic Shellcode Packer - Pack arbitrary shellcode into an executable that always has the same MD5 hash
๐ฃsanitybit
Itโs interesting though, next step is to cause collisions with system files hashes and see what happens with AVs ๐
๐คmrdantesque
Lmao
๐คEvenIfIWantedTo
The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401
Well there we go AV vendorsโฆ
๐คlittlejob
๐@malwr
๐ฃsanitybit
Itโs interesting though, next step is to cause collisions with system files hashes and see what happens with AVs ๐
๐คmrdantesque
Lmao
๐คEvenIfIWantedTo
The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401
Well there we go AV vendorsโฆ
๐คlittlejob
๐@malwr
GitHub
GitHub - DavidBuchanan314/monomorph: MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash
MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash - DavidBuchanan314/monomorph
๐ฅ2๐1
MAR-10400779-1.v1 โ Zimbra 1 - CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
www.cisa.gov
MAR-10400779-1.v1 โ Zimbra 1 | CISA
Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial productโฆ