This media is not supported in your browser
VIEW IN TELEGRAM
This is a simple SOCKS proxy that helps avoid Smart Lockout by load-balancing your requests between multiple IP addresses. It accomplishes this with built-in Linux features -- no complex OpenVPN setups or strange firewall configurations.
There are two techniques that TREVORproxy can use to spread your requests across multiple IP addresses: an SSH Proxy and a Subnet Proxy.
— SSH Proxy
You give TREVORproxy some hosts that support SSH, and it sends your traffic through them, making sure to balance equally between all the hosts.
— Subnet Proxy
If you have access to a
/64 IPv6 subnet (Linode is perfect for this), TREVORproxy will load-balance your requests across eighteen quintillion (18,446,744,073,709,551,616) unique source addresses.🔗 Source:
https://github.com/blacklanternsecurity/TREVORproxy
#ip #ssh #rotation #waf #bypass
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12👍2👎2❤1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-30088: Windows LPE
PATCHED: June 11, 2024
https://github.com/tykawaii98/CVE-2024-30088
P.S. Протестил на Win11, работает
#git #exploit #lpe #pentest #redteam
PATCHED: June 11, 2024
https://github.com/tykawaii98/CVE-2024-30088
P.S. Протестил на Win11, работает
#git #exploit #lpe #pentest #redteam
❤🔥7🔥1
Forwarded from PT SWARM
🔥 Our researcher Arseniy Sharoglazov has discovered two unauthenticated RCE vulnerabilities in Xerox WorkCentre!
Read more: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Read more: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
PT SWARM
Inside Xerox WorkCentre: Two Unauthenticated RCEs
Every organization has printers. In this writeup, I will cover two unauthenticated RCE vulnerabilities that I discovered in Xerox WorkCentre.
👍7🔥7
ItsNotASecurityBoundary is an exploit that leverages False File Immutability assumptions in Windows Code Integrity (ci.dll) to trick it into accepting an improperly-signed security catalog containing fraudulent authentihashes. With attacker-controlled authentihashes loaded and trusted by CI, the kernel will load any driver of the attacker's choosing, even unsigned ones.
🔗 https://github.com/gabriellandau/ItsNotASecurityBoundary
#driver #signature #bypass #ffi #windows
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/acrono/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥22❤1👍1
This media is not supported in your browser
VIEW IN TELEGRAM
🤖 DojoLoader — Generic PE Loader for Prototyping Evasion Techniques
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
🔗 Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
🔗 Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
🔗 Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
🔗 Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
🔥9❤2👍1
This media is not supported in your browser
VIEW IN TELEGRAM
📄 Evading ETW Based Detections
In this post, Event Tracing for Windows (ETW) will be explored along with various evasion techniques used to evade detections based on this Windows event tracking and collection mechanism.
🔗 https://s4dbrd.com/evading-etw-based-detections/
#etw #bypass #windows
In this post, Event Tracing for Windows (ETW) will be explored along with various evasion techniques used to evade detections based on this Windows event tracking and collection mechanism.
🔗 https://s4dbrd.com/evading-etw-based-detections/
#etw #bypass #windows
👍5❤2
🔑 RockYou2024: 10 billion passwords leaked in the largest compilation of all time
Researchers discovered what appears to be the largest password compilation with a staggering 9,948,575,739 unique plaintext password
🔗 Source:
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
🔗 Source archive:
https://fastupload.io/1824d409732f30be
https://disk.yandex.ru/d/1spMBmxcEnN95g
https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip
#wordlist #rockyou #passwords
Researchers discovered what appears to be the largest password compilation with a staggering 9,948,575,739 unique plaintext password
🔗 Source:
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
🔗 Source archive:
https://disk.yandex.ru/d/1spMBmxcEnN95g
https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip
#wordlist #rockyou #passwords
❤21🔥6❤🔥4👍2
Forwarded from Похек (Сергей Зыбнев)
RockYou2024
Архив весит 45 гб
Распакованный 156 гб
Загрузил на свой S3. Скорость не лучшая, но точно не отвалиться загрузка
https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip
В процессе Google Drive и Яндекс Диск
Архив весит 45 гб
Распакованный 156 гб
Загрузил на свой S3. Скорость не лучшая, но точно не отвалиться загрузка
https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip
В процессе Google Drive и Яндекс Диск
🔥15👍9❤1
APT
🔥 VMware vCenter Server RCE + PrivEsc Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted…
VMware vCenter - CVE-2024-37081.pdf
1.3 MB
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
🔗 Source:
https://github.com/mbadanoiu/CVE-2024-37081
#vmware #vcenter #lpe #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🔥3❤1
VMware vCenter - CVE-2024-22274.pdf
1.1 MB
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the "root" user.
🔗 Source:
https://github.com/mbadanoiu/CVE-2024-22274
https://github.com/l0n3m4n/CVE-2024-22274-RCE
#vmware #vcenter #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍3❤2
🔑 Dumping LSA: a story about task decorrelation
Discover the art of bypassing EDRs by decorrelating attack tool behavior. This post explains the process of remote LSA secrets dumping and reveals techniques to retrieve a Windows computer's BOOTKEY without EDR detection.
🔗 Source:
https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
#lsa #sam #dump #edr #bypass
Discover the art of bypassing EDRs by decorrelating attack tool behavior. This post explains the process of remote LSA secrets dumping and reveals techniques to retrieve a Windows computer's BOOTKEY without EDR detection.
🔗 Source:
https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
#lsa #sam #dump #edr #bypass
👍11❤2
Forwarded from SecuriXy.kz
rockyou2024_printable_8-40.7z.002
3.7 GB
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
Мы его скачали, немного отфильтровали, а теперь делимся с Вами результатами
ZIP-архив в 45 гигов в распакованном виде выдаёт текстовый файл размером 155 ГБ.
При открытии с помощью
less будет уведомление, что он выглядит как бинарный файл. В нём по какой-то причине добавлено приличное количество мусора...Вычистив его, получаем на выходе файл размером в 144 ГБ. Но даже в нём, достаточно бесполезных строк (Хотя если кому надо, можем выложить и его).
Отфильтровали ещё немного, оставив только строки без пробелов длиной от 8 до 40 символов и вуаля - 25 гигабайт приемлемого вордлиста).
Пользуйтесь
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥44👍6❤4❤🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
PoC for:
— CVE-2024-38094
— CVE-2024-38024
— CVE-2024-38023
🔗 Source:
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
#sharepoint #poc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍4
Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.
🔗 Research:
https://habr.com/ru/companies/angarasecurity/articles/697938/
🔗 Source:
https://github.com/DrunkF0x/ADSpider
———
Наконец-то появилась на свет,
#ad #windows #monitoring #tools
Please open Telegram to view this post
VIEW IN TELEGRAM
Хабр
Паук в Active Directory так лапками тыдык тыдык
В чем соль: у нас уже есть достаточно известные утилиты , чтобы «отслеживать» изменения в Active Directory. Почему в кавычках? Потому что все подобные утилиты (ну, практически) используют...
🔥10❤4👍4👎1
A proof-of-concept tool for bypassing KASLR (kernel ASLR) on Windows 11. Inspired by EntryBleed for Linux. This tool was developed as part of an exploit targetting Windows 11 24H2.
CPU Support:
— Intel: Reliable ✅
— AMD: Flaky ⚠️
🔗 Research:
https://exploits.forsale/24h2-nt-exploit/
🔗 Source:
https://github.com/exploits-forsale/prefetch-tool
#windows11 #aslr #kaslr #research
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6🔥2
😈 dirDevil: Hiding Code and Content Within Folder Structures
This article describes a method for hiding data within directory structures by using GUIDs in folder names to encode information. This approach bypasses AV and DLP systems since the data is stored in folder names rather than files, making it difficult to detect and analyze.
🔗 Research:
https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures
🔗 Source:
https://github.com/nyxgeek/dirdevil
#hide #code #folder #evasion
This article describes a method for hiding data within directory structures by using GUIDs in folder names to encode information. This approach bypasses AV and DLP systems since the data is stored in folder names rather than files, making it difficult to detect and analyze.
🔗 Research:
https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures
🔗 Source:
https://github.com/nyxgeek/dirdevil
#hide #code #folder #evasion
TrustedSec
dirDevil: Hiding Code and Content Within Folder Structures
🔥8❤🔥7👍4❤1
⚙️ Remote Session Enumeration
The blog post explores how to enumerate remote user sessions on Windows using undocumented Windows APIs, specifically focusing on the implementation and usage of the WinStation API.
🔗 Research:
https://0xv1n.github.io/posts/sessionenumeration/
🔗 Source:
https://github.com/0xv1n/RemoteSessionEnum/blob/main/main.cpp
#windows #qwinsta #session #winapi #cpp
The blog post explores how to enumerate remote user sessions on Windows using undocumented Windows APIs, specifically focusing on the implementation and usage of the WinStation API.
🔗 Research:
https://0xv1n.github.io/posts/sessionenumeration/
🔗 Source:
https://github.com/0xv1n/RemoteSessionEnum/blob/main/main.cpp
#windows #qwinsta #session #winapi #cpp
👍8
Forwarded from RedTeam brazzers (Миша)
Кросс-сессионная активация или захватываем сессию пользователя без RemotePotato0, TGSThief, mimikatz и Process Injection!
Давным-давно я писал о способе злоупотребления интерфейсом IHxHelpPaneServer. Однако вы когда в последний раз использовали моникеры? И я давным-давно... Поэтому нужно было найти альтернативный способ исполнения кода в сессии другого пользователя, забыв про все техники внедрения.
Если посмотреть на код RemotePotato0 или RemoteKrbRelay , то можно заметить использование недокументированных интерфейсов
И я написал небольшой POC, который выложил на GitHub . Если вам интересно подробно окунуться в принцип работы инструмента, то советую обратить внимание на нашу статью на medium :)
Давным-давно я писал о способе злоупотребления интерфейсом IHxHelpPaneServer. Однако вы когда в последний раз использовали моникеры? И я давным-давно... Поэтому нужно было найти альтернативный способ исполнения кода в сессии другого пользователя, забыв про все техники внедрения.
Если посмотреть на код RemotePotato0 или RemoteKrbRelay , то можно заметить использование недокументированных интерфейсов
ISpecialSystemProperties и IStandartActivator. Причем не сказать, что их использование довольно редкое. Их можно встретить в любой программе, которая позволяет стащить учётные данные (имеет переключатель -session). Сами по себе, они позволяют контролировать сессию, в которой создавать COM-объект. Ранее мы ловили от них только аутентификацию, но что мешает соединить использование этих интерфейсов с описанным в SeMishaPrivilege COM-классом IHxHelpPaneServer? Конечно же ничего!И я написал небольшой POC, который выложил на GitHub . Если вам интересно подробно окунуться в принцип работы инструмента, то советую обратить внимание на нашу статью на medium :)
❤6👍4