💉 Dirty Vanity — A New Approach to Code injection & EDR bypass
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Source:
https://github.com/deepinstinct/Dirty-Vanity
Research:
https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Nissan-DirtyVanity.pdf
#av #edr #bypass #injection #fork #api
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Source:
https://github.com/deepinstinct/Dirty-Vanity
Research:
https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Nissan-DirtyVanity.pdf
#av #edr #bypass #injection #fork #api
GitHub
GitHub - deepinstinct/Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www…
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...
👍6❤1
Forwarded from internet-lab.ru
🔐 MULTIFACTOR — особенности 2FA
Существует неплохое решение для организации двухфакторной аутентификации в корпоративной среде под названием MULTIFACTOR. Входит в реестр российского ПО за номером 7046.
Это не реклама, поскольку сегодня буквально в двух словах мы расскажем про то как этот второй фактор можно обойти в некоторых очень частных случаях.
Бу-га-га.
#security #special
https://internet-lab.ru/multifactor_2fa_bug
Существует неплохое решение для организации двухфакторной аутентификации в корпоративной среде под названием MULTIFACTOR. Входит в реестр российского ПО за номером 7046.
Это не реклама, поскольку сегодня буквально в двух словах мы расскажем про то как этот второй фактор можно обойти в некоторых очень частных случаях.
Бу-га-га.
#security #special
https://internet-lab.ru/multifactor_2fa_bug
internet-lab.ru
MULTIFACTOR — особенности 2FA | internet-lab.ru
Существует неплохое решение для организации двухфакторной аутентификации в корпоративной среде под названием MULTIFACTOR.
👍5❤🔥3😁1
😈 OWASSRF — New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
#owa #exchange #ssrf #proxynotshell
CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
#owa #exchange #ssrf #proxynotshell
CrowdStrike.com
OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
Learn how CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.
🔥6
💥 Shellcode Mutator
New tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious.
Research:
https://labs.nettitude.com/blog/shellcode-source-mutations/
Source:
https://github.com/nettitude/ShellcodeMutator
#shellcode #mutator #nasm #redteam
New tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious.
Research:
https://labs.nettitude.com/blog/shellcode-source-mutations/
Source:
https://github.com/nettitude/ShellcodeMutator
#shellcode #mutator #nasm #redteam
🔥5👍1
👾 Windows Drivers Reverse Engineering Methodology
This blog post details a methodology for reverse engineering and finding vulnerable code paths in Windows drivers.
Including a guide for setting up a lab for (the pesky) kernel debugging.
https://voidsec.com/windows-drivers-reverse-engineering-methodology/
#reverse #driver #analysis
This blog post details a methodology for reverse engineering and finding vulnerable code paths in Windows drivers.
Including a guide for setting up a lab for (the pesky) kernel debugging.
https://voidsec.com/windows-drivers-reverse-engineering-methodology/
#reverse #driver #analysis
🔥6👍4
🎲 PowerShell Obfuscation
A simple and effective powershell obfuscaiton tool bypass Anti-Virus and AMSI-bypass + ETW-block.
https://github.com/H4de5-7/powershell-obfuscation
#powershell #obfuscation #amsi #etw #bypass
A simple and effective powershell obfuscaiton tool bypass Anti-Virus and AMSI-bypass + ETW-block.
https://github.com/H4de5-7/powershell-obfuscation
#powershell #obfuscation #amsi #etw #bypass
❤7👍4👎2
🔑 Pass-the-Challenge
This blog post introduces new techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender Credential Guard. While previous techniques for bypassing Credential Guard focus on attackers targeting new victims who log into a compromised server, these new techniques can also be applied to victims logged on before the server was compromised.
Research:
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
Source:
https://github.com/ly4k/PassTheChallenge
#ad #windows #ntlm #challenge
This blog post introduces new techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender Credential Guard. While previous techniques for bypassing Credential Guard focus on attackers targeting new victims who log into a compromised server, these new techniques can also be applied to victims logged on before the server was compromised.
Research:
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
Source:
https://github.com/ly4k/PassTheChallenge
#ad #windows #ntlm #challenge
👍6👎1
Forwarded from Offensive Xwitter
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Rewritten #DirtyVanity PoC injector to C# and #DInvoke. Great stuff @eliran_nissan!
https://t.co/ifQLPMSFpb
Happy upcoming New Year to everyone! 🎄
🔗 https://gist.github.com/snovvcrash/09deab831d49028e194e8ee83f2616a9
🐥 [ tweet ][ quote ]
Rewritten #DirtyVanity PoC injector to C# and #DInvoke. Great stuff @eliran_nissan!
https://t.co/ifQLPMSFpb
Happy upcoming New Year to everyone! 🎄
🔗 https://gist.github.com/snovvcrash/09deab831d49028e194e8ee83f2616a9
🐥 [ tweet ][ quote ]
👍3👎2
✨ Happy New Year!
Happy holiday to you, dear friends and subscribers of my channel!
This year has brought a lot of trouble and a lot of joyful moments. In the new year, I wish you more vulnerabilities found, interesting research and all the best.
Thank you for all the support, feedback, and messages this year!
Love you all ♥️
Happy holiday to you, dear friends and subscribers of my channel!
This year has brought a lot of trouble and a lot of joyful moments. In the new year, I wish you more vulnerabilities found, interesting research and all the best.
Thank you for all the support, feedback, and messages this year!
Love you all ♥️
❤18👍2🎉2👎1
😈 Microsoft Exchange: OWASSRF + TabShell
(CVE-2022-41076)
The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.
For a detailed write see research:
https://blog.viettelcybersecurity.com/tabshell-owassrf/
PoC:
https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e
#owa #ssrf #tabshell #poc
(CVE-2022-41076)
The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.
For a detailed write see research:
https://blog.viettelcybersecurity.com/tabshell-owassrf/
PoC:
https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e
#owa #ssrf #tabshell #poc
YouTube
Exchange TabShell RCE PoC (CVE-2022-41076)
Copy paste PoC from VCS blog: https://blog.viettelcybersecurity.com/tabshell-owassrf/
🔥9👍2👎1
Forwarded from 1N73LL1G3NC3
Inline-Execute-PE
Is a CobaltStrike toolkit enabling users to load and repeatedly run unmanaged Windows exe’s in Beacon memory without dropping to disk or creating a new process each time.
Is a CobaltStrike toolkit enabling users to load and repeatedly run unmanaged Windows exe’s in Beacon memory without dropping to disk or creating a new process each time.
👍6🔥4👎1
⚙️ Meterpreter BOFLoader
In this guide, you'll learn how the new BOFLoader extension allows BOFs to be used from a Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors.
https://www.trustedsec.com/blog/operators-guide-to-the-meterpreter-bofloader
#msf #meterpreter #bof #loader
In this guide, you'll learn how the new BOFLoader extension allows BOFs to be used from a Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors.
https://www.trustedsec.com/blog/operators-guide-to-the-meterpreter-bofloader
#msf #meterpreter #bof #loader
👍8👎1
Forwarded from Offensive Xwitter
😈 [ 0x0SojalSec, Md Ismail Šojal ]
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this👇
🔗 https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075
#bugbountyTips #bugbounty
🐥 [ tweet ]
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this👇
🔗 https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075
#bugbountyTips #bugbounty
🐥 [ tweet ]
❤5👍3👎1
⭐️ Privileger
Privilger allows you to work with privileges in Windows as easily as possible. There are three modes:
— Add privileges to an account;
— Start a process by adding a specific privilege to its token;
— Remove privilege from the user.
Thanks to:
@Michaelzhm
https://github.com/MzHmO/Privileger
#ad #windows #privilege #lsa
Privilger allows you to work with privileges in Windows as easily as possible. There are three modes:
— Add privileges to an account;
— Start a process by adding a specific privilege to its token;
— Remove privilege from the user.
Thanks to:
@Michaelzhm
https://github.com/MzHmO/Privileger
#ad #windows #privilege #lsa
🔥6👍1👎1
Forwarded from 1N73LL1G3NC3
certsync
certsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
1) Dump user list, CA informations and CRL from LDAP
2) Dump CA certificate and private key
3) Forge offline a certificate for every user
4) UnPAC the hash for every user in order to get nt and lm hashes
certsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
1) Dump user list, CA informations and CRL from LDAP
2) Dump CA certificate and private key
3) Forge offline a certificate for every user
4) UnPAC the hash for every user in order to get nt and lm hashes
👍6
Forwarded from Offensive Xwitter
Псс, гайс, слышали об уязвимости CVE-2022-48109? Вот и я нет до сегодняшнего дня, а ведь это CVE ID моего инфосек-братишки @Acrono! Хочу первым поздравить Пашу с потерей цвйешной девственности – ура-ура! Ждем от него покорения новых вершин на поприще киберсесурити 💪🏻
Следите за каналом @APT_Notes, чтобы узнать подробности 😉
Следите за каналом @APT_Notes, чтобы узнать подробности 😉
🔥21❤3
Forwarded from Ralf Hacker Channel (Ralf Hacker)
И ещё одна новая картошка! RasMan service for privilege escalation
https://github.com/crisprss/RasmanPotato
#git #lpe #soft #pentest #redteam
https://github.com/crisprss/RasmanPotato
#git #lpe #soft #pentest #redteam
GitHub
GitHub - crisprss/RasmanPotato: Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do
Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do - crisprss/RasmanPotato
This media is not supported in your browser
VIEW IN TELEGRAM
🔧 Windows LPE via StorSvc Service
StorSvc is a service which runs as
PoC:
https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
#windows #lpe #storsvc #service
StorSvc is a service which runs as
NT AUTHORITY\SYSTEM and tries to load the missing SprintCSP.dll DLL when triggering the SvcRebootToFlashingMode RPC method locally.PoC:
https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
#windows #lpe #storsvc #service
🔥5👍1
⚙️ Joomla Web Service Endpoint Access (CVE-2023-23752)
An issue was discovered in Joomla 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
PoC:
https://unsafe.sh/go-149780.html
Nuclei Template:
https://github.com/thecyberneh/nuclei-templatess/blob/main/cves/2023/CVE-2023-23752.yaml
#joomla #endpoint #access #cve
An issue was discovered in Joomla 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
PoC:
httpx -l targets.txt -sc -ct -ip -path '/api/index.php/v1/config/application?public=true'Research:
https://unsafe.sh/go-149780.html
Nuclei Template:
https://github.com/thecyberneh/nuclei-templatess/blob/main/cves/2023/CVE-2023-23752.yaml
#joomla #endpoint #access #cve
👍9