😈 [ Panagiotis Chartas @t3l3machus ]

For your #redteam enumeration and brute forcing needs, use babelstrike to transliterate and generate usernames from full names in various non-English languages (common issue from scraped employee data) 🌐 Currently, it covers Greek, Hindi, Spanish, French, Polish, and Hungarian:

🔗 https://github.com/t3l3machus/BabelStrike

Combine it with #psudohash, a password list generator that imitates password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers (leet), using char-case variations, adding a common padding before or after the main passphrase and more:

🔗 https://github.com/t3l3machus/psudohash

🐥 [ tweet ]

😈 [ SkelSec @SkelSec ]

Due to a gentle nudge from @michael_eder_ I have uploaded my pysnaffler project to Github and to pyp.
(did you know that you can sponsor me on github?)
Anyways, enjoy!

🔗 https://github.com/skelsec/pysnaffler

🐥 [ tweet ]

😈 [ Diego Capriotti @naksyn ]

Here's Process Stomping injection and how you can use it in a Mockingjay-ish way to load a Beacon on a exe's RWX section using sRDI. Check it out!

Blog:
🔗 https://www.naksyn.com/edr%20evasion/2023/11/18/mockingjay-revisited-process-stomping-srdi-beacon.html

Tool:
🔗 https://github.com/naksyn/ProcessStomping

Thanks to @hasherezade and @monoxgas for their awesome work

🐥 [ tweet ]

😈 [ Arris Huijgen @bitsadmin ]

#LOFLCAB highlight: Ssms.exe

Using SQL Server Management Studio with Kerberos authentication to obtain command execution on the SQL server using the xp_cmdshell stored procedure.

Details:
🔗 https://lofl-project.github.io/loflcab/Binaries/Ssms/

Full quality video:
🔗 https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3#sql-server

🐥 [ tweet ][ quote ]

😈 [ D4rthMaulCop @D4rthMaulCop ]

@adamsvoboda Awesome! I wrote a quick C# port too!

🔗 https://github.com/D4rthMaulCop/DumpKernel-S1

🐥 [ tweet ]

😈 [ HackerRalf @hacker_ralf ]

Everyone takes a lot from the community... it's time to give something back yourself.

Kerbeus - BOF implementation of Rubeus (not all).

🔗 https://github.com/RalfHacker/Kerbeus-BOF

P. S. PM me about all bugs

#redteam #kerberos #havoc #cobaltstrike #bof

🐥 [ tweet ]

😈 [ hermit @ackmage ]

hi, check out this tool for easy Linux kernel building and debugging - easylkb

worked on it together with @netspooky! 💕

writeup:
🔗 https://tmpout.sh/3/20.html

repo:
🔗 https://github.com/deepseagirl/easylkb

🐥 [ tweet ]

😈 [ Synacktiv @Synacktiv ]

Unlock the Global Admin access 🏆 on Azure with this pentesting mindmap made by @alexisdanizan!

🔗 https://github.com/synacktiv/Mindmaps

🐥 [ tweet ]

😈 [ OtterHacker @OtterHacker ]

Finally 🤩 I got a PIC code for my #beacon! It was a really nice journey and a lot of things have been learnt on the way. If you want to try it too, I found this blog by @winternl_t really interesting:

🔗 https://winternl.com/shellcodestdio/

And as usual, the @C5pider #Havoc ❤️

🐥 [ tweet ]

😈 [ soka @pentest_soka ]

I just released a blogpost where I describe how two open source tools can be easily converted to Reflective DLL to be loaded in memory with Cobalt Strike.

This post comes along with which exists thanks to @Prepouce_ work

🔗 https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
🔗 https://github.com/sokaRepo/CoercedPotatoRDLL

🐥 [ tweet ]

😈 [ 𝙁 𝙀 𝙇 𝙄 𝙓 𝙈 @felixm_pw ]

Indisputable C2 tier list

🐥 [ tweet ]

кринж или рофл?

😈 [ SAINTCON @SAINTCON ]

Lee Christensen, Will Schroeder, and Maxwell Harley - Fighting Data With Data

Detailing the various red team challenges regarding data, leading into how this influenced Nemesis’ architectural decisions and design.

🔗 https://youtu.be/0q9u2hDcpIo

🐥 [ tweet ]