SwampThing

SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state, rewrite the PEB, resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones. Think for example about launching a wmic xsl stylesheet for code execution but faking an innocuous wmic command.


https://github.com/FuzzySecurity/Sharp-Suite

Pwning computers using Telegram bot API


https://0x00-0x00.github.io/tools/2018/12/10/Pwning-Computers-using-Telegram-bot-API.html

flare-emu

flare-emu marries IDA Pro’s binary analysis capabilities with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks.

https://github.com/fireeye/flare-emu

Office VBA + AMSI: Parting the veil on malicious macros


https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/

#malware Persistence Techniques


https://azeria-labs.com/persistence/

What the HELK? SIGMA integration via Elastalert


https://posts.specterops.io/what-the-helk-sigma-integration-via-elastalert-6edf1715b02

PowerShell Strict Mode http://bit.ly/2Cw8BXE #PowerShell

Using Empire with a Reverse Proxy

https://glanfield.co.uk/using-empire-with-a-reverse-proxy/

Gerix WiFi Cracker 2018

https://github.com/kimocoder/gerix-wifi-cracker


#wifi
#network
#pentest

@sec_nerd

A 9-step recipe to crack a NTLMv2 Hash from a freshly acquired .pcap


https://research.801labs.org/cracking-an-ntlmv2-hash/

Want to bypass Powershell/.Net AMSI, but don't want your bypass code to be inspected? .Net Profilers to the rescue! This nifty little feature allows you to inject a (native) dll into new .Net processes using an env variable.


https://github.com/djhohnstein/.NET-Profiler-DLL-Hijack