Forwarded from πππ ππππππππ ππππππππππ
ΠΡΠΊΠ²Π°Π»ΡΠ½ΠΎ Π½Π΅Π΄Π°Π²Π½ΠΎ OWASP Π²ΡΠΊΠ°ΡΠΈΠ»ΠΈ ΡΠ΅Π»ΠΈΠ· Security Top 10 Π΄Π»Ρ API. ΠΠ·ΠΌΠ΅Π½ΠΈΡ Π½Π΅ ΡΠΈΠ»ΡΠ½ΠΎ Π±ΠΎΠ»ΡΡΠΈΠ΅, Π½Π°ΡΠΈΡΠΎΠ²Π°Π»Π° ΠΊΠ°ΡΡΠΈΠ½ΠΎΡΠΊΡ Π΄Π»Ρ Π½Π°Π³Π»ΡΠ΄Π½ΠΎΡΡΠΈ π
ΠΠΎΠ΄ΡΠΎΠ±Π½ΠΎΡΡΠΈ Π² Π΄ΠΎΠΊΠ°Ρ https://owasp.org/API-Security/editions/2023/en/0x00-notice/
π₯° Π²ΡΠ΅ΠΌ ΠΏΠΈΡ π₯°
ΠΠΎΠ΄ΡΠΎΠ±Π½ΠΎΡΡΠΈ Π² Π΄ΠΎΠΊΠ°Ρ https://owasp.org/API-Security/editions/2023/en/0x00-notice/
Please open Telegram to view this post
VIEW IN TELEGRAM
π6π₯1
π [ _atsika, Atsika ]
I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly.
The first post is about a custom version of GetModuleHandle and GetProcAddress in #go.
Check it out:
π https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
π₯ [ tweet ]
I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly.
The first post is about a custom version of GetModuleHandle and GetProcAddress in #go.
Check it out:
π https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
π₯ [ tweet ]
π₯2
This media is not supported in your browser
VIEW IN TELEGRAM
π [ bishopfox, Bishop Fox ]
We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, weβre going even further into how this #RCE vulnerability can be exploited.
Our team created a #python script for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.
π bfx.social/3YjMxpz
#infosec #Citrix
π₯ [ tweet ]
We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, weβre going even further into how this #RCE vulnerability can be exploited.
Our team created a #python script for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.
π bfx.social/3YjMxpz
#infosec #Citrix
π₯ [ tweet ]
π₯4
Offensive Xwitter
π [ bishopfox, Bishop Fox ] We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, weβre going even further into how this #RCE vulnerability can be exploited. Our team created a #python script for generating shellcodeβ¦
π [ noperator, noperator ]
We're following others by publishing our exploit (and shellcode generator) for the critical-severity CVE-2023-3519, preauth RCE in Citrix ADC Gateway. If you haven't patched yetβdo. π©Ή
π https://github.com/BishopFox/CVE-2023-3519
π₯ [ tweet ][ quote ]
We're following others by publishing our exploit (and shellcode generator) for the critical-severity CVE-2023-3519, preauth RCE in Citrix ADC Gateway. If you haven't patched yetβdo. π©Ή
π https://github.com/BishopFox/CVE-2023-3519
π₯ [ tweet ][ quote ]
π₯2
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
FYI, #masscan users. The original masscan does NOT include the βTCP optionsβ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the
For me thatβs the masscan version of choice from now on:
π https://github.com/ivre/masscan
π₯ [ tweet ]
FYI, #masscan users. The original masscan does NOT include the βTCP optionsβ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the
--tcpmss switch that includes the mentioned field for your better scope coverage.For me thatβs the masscan version of choice from now on:
π https://github.com/ivre/masscan
π₯ [ tweet ]
π₯10π₯±2π€1
π [ _wald0, Andy Robbins ]
I am proud to announce the release of BloodHound CE!
Blog:
π https://posts.specterops.io/bloodhound-community-edition-a-new-era-d64689806e90
Webinar:
π https://ghst.ly/3Om0jDo
π₯ [ tweet ]
I am proud to announce the release of BloodHound CE!
Blog:
π https://posts.specterops.io/bloodhound-community-edition-a-new-era-d64689806e90
Webinar:
π https://ghst.ly/3Om0jDo
π₯ [ tweet ]
π3
This media is not supported in your browser
VIEW IN TELEGRAM
π [ _wald0, Andy Robbins ]
Have Docker? Run BloodHound CE with one command:
π₯ [ tweet ]
Have Docker? Run BloodHound CE with one command:
curl -L https://github.com/SpecterOps/BloodHound/raw/main/examples/docker-compose/docker-compose.yml | docker compose -f - upπ₯ [ tweet ]
π₯9
π [ DiLomSec1, Diegolomellini ]
As promised, here is a blogpost on SharpSCCMs new AdminService/CMPivot capabilities. The creator of SharpSCCM, @_Mayyhem and I will be at the SpecterOps booth tomorrow @ 11am and ARSENAL @ 11:30am Thursday presenting SCCM takeover and post-ex techniques
π https://medium.com/@dlomellini/lateral-movement-without-lateral-movement-brought-to-you-by-configmgr-9b79b04634c7
π₯ [ tweet ]
As promised, here is a blogpost on SharpSCCMs new AdminService/CMPivot capabilities. The creator of SharpSCCM, @_Mayyhem and I will be at the SpecterOps booth tomorrow @ 11am and ARSENAL @ 11:30am Thursday presenting SCCM takeover and post-ex techniques
π https://medium.com/@dlomellini/lateral-movement-without-lateral-movement-brought-to-you-by-configmgr-9b79b04634c7
π₯ [ tweet ]
π1π₯1
π [ exploitph, Charlie Clark ]
my latest post on abusing DES using Kerberos, I've not updated my RoastInTheMiddle tool yet but I'll be doing that shortly, enjoy:
π https://exploit.ph/des-is-useful.html
π₯ [ tweet ]
my latest post on abusing DES using Kerberos, I've not updated my RoastInTheMiddle tool yet but I'll be doing that shortly, enjoy:
π https://exploit.ph/des-is-useful.html
π₯ [ tweet ]
π5
π [ ShitSecure, S3cur3Th1sSh1t ]
Wrote something on how to bypass Google Safe Browsing for Phishing campaignsπ§
π https://www.r-tec.net/r-tec-blog-evade-signature-based-phishing-detections.html
π₯ [ tweet ]
Wrote something on how to bypass Google Safe Browsing for Phishing campaignsπ§
π https://www.r-tec.net/r-tec-blog-evade-signature-based-phishing-detections.html
π₯ [ tweet ]
π1π₯1
π [ _RastaMouse, Rasta Mouse ]
[BLOG]
Short post on using the Process Inject Kit in Cobalt Strike, which I feel is quite under-utilized based on the projects I've seen online.
π https://offensivedefence.co.uk/posts/cs-process-inject-kit/
π₯ [ tweet ]
[BLOG]
Short post on using the Process Inject Kit in Cobalt Strike, which I feel is quite under-utilized based on the projects I've seen online.
π https://offensivedefence.co.uk/posts/cs-process-inject-kit/
π₯ [ tweet ]
π₯1
π [ joehowwolf, William Burgess ]
New Cobalt Strike blog by @HenriNurmi - Simplifying BOF Development: Debug, Test, and Save Your B(e)acon
All in VS BOF template available in latest Arsenal kit release!
π https://www.cobaltstrike.com/blog/simplifying-bof-development
π₯ [ tweet ]
New Cobalt Strike blog by @HenriNurmi - Simplifying BOF Development: Debug, Test, and Save Your B(e)acon
All in VS BOF template available in latest Arsenal kit release!
π https://www.cobaltstrike.com/blog/simplifying-bof-development
π₯ [ tweet ]
π₯1
π [ garrfoster, Garrett ]
SCCM Site takeover by abusing the AdminService API. In this blog, I walkthrough the discovery process and demonstrate site takeover via credential relaying.
π https://medium.com/specter-ops-posts/site-takeover-via-sccms-adminservice-api-d932e22b2bf
π₯ [ tweet ]
SCCM Site takeover by abusing the AdminService API. In this blog, I walkthrough the discovery process and demonstrate site takeover via credential relaying.
π https://medium.com/specter-ops-posts/site-takeover-via-sccms-adminservice-api-d932e22b2bf
π₯ [ tweet ]
π₯5
π [ 0xTriboulet, Steve S. ]
Use C, and some inline assembly, to create a self-extracting shellcode executable!
This solution was inspired by @hasherezade's C to Shellcode method, and was the basis for my solution to @MalDevAcademy's shellcode challenge.
Check it out!
π https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode
π₯ [ tweet ]
Use C, and some inline assembly, to create a self-extracting shellcode executable!
This solution was inspired by @hasherezade's C to Shellcode method, and was the basis for my solution to @MalDevAcademy's shellcode challenge.
Check it out!
π https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode
π₯ [ tweet ]
π₯1
π [ harmj0y, Will Schroeder - β HACKER SUMMER CAMP ]
@tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at and we have a post explaining details at 1/3
π https://github.com/SpecterOps/Nemesis
π https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4
π₯ [ tweet ]
@tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at and we have a post explaining details at 1/3
π https://github.com/SpecterOps/Nemesis
π https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4
π₯ [ tweet ]
π₯1
π [ _xpn_, Adam Chester ]
Second blog post to finish out the week. Expanding on a previous tweet to look at how LAPS 2.0 crypto works, how the PowerShell Get-LAPSADPassword cmdlet works, and provided a quick BOF to do pull and decrypt msLAPS-EncryptedPassword
π https://blog.xpnsec.com/lapsv2-internals/
π₯ [ tweet ]
Second blog post to finish out the week. Expanding on a previous tweet to look at how LAPS 2.0 crypto works, how the PowerShell Get-LAPSADPassword cmdlet works, and provided a quick BOF to do pull and decrypt msLAPS-EncryptedPassword
π https://blog.xpnsec.com/lapsv2-internals/
π₯ [ tweet ]
π2
This media is not supported in your browser
VIEW IN TELEGRAM
π [ zux0x3a, Lawrence ]
it is tricky to hide a payload content inside rdp connection file!, with some observation it could lead to newer technique to use.
π https://0xsp.com/offensive/navigating-embedded-payload-extraction-from-rdp-files-defence-evasion/
π₯ [ tweet ]
it is tricky to hide a payload content inside rdp connection file!, with some observation it could lead to newer technique to use.
π https://0xsp.com/offensive/navigating-embedded-payload-extraction-from-rdp-files-defence-evasion/
π₯ [ tweet ]
π4π₯±1
π [ _EthicalChaos_, CCobπ΄σ §σ ’σ ·σ ¬σ ³σ Ώ ]
Thanks to everyone who came to my DEF CON talk yesterday. I should have submitted for a 45 minute talk as I didn't have time to cover the DNS update capability of gssapi-abuse tool. DNS mode is super handy if you want to apply instant updates to AD DNS
π https://github.com/CCob/gssapi-abuse#dns-mode
π₯ [ tweet ]
Thanks to everyone who came to my DEF CON talk yesterday. I should have submitted for a 45 minute talk as I didn't have time to cover the DNS update capability of gssapi-abuse tool. DNS mode is super handy if you want to apply instant updates to AD DNS
π https://github.com/CCob/gssapi-abuse#dns-mode
π₯ [ tweet ]
π1π₯1