π [ Adam Svoboda @adamsvoboda ]
Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself!
It bombs out on LSASS, but most other processes work.
π https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e
Unable to dump LSASS using the previous script? No problem, just ask S1 for a Live Kernel Dump instead! You can open this in windbg (and use mimilib.dll) and go from there.
π https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
π₯ [ tweet ][ quote ]
Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself!
It bombs out on LSASS, but most other processes work.
π https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e
Unable to dump LSASS using the previous script? No problem, just ask S1 for a Live Kernel Dump instead! You can open this in windbg (and use mimilib.dll) and go from there.
π https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
π₯ [ tweet ][ quote ]
π4
Offensive Xwitter
π [ Adam Svoboda @adamsvoboda ] Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself! It bombs out on LSASS, but most other processes work. π htβ¦
π [ D4rthMaulCop @D4rthMaulCop ]
@adamsvoboda Awesome! I wrote a quick C# port too!
π https://github.com/D4rthMaulCop/DumpKernel-S1
π₯ [ tweet ]
@adamsvoboda Awesome! I wrote a quick C# port too!
π https://github.com/D4rthMaulCop/DumpKernel-S1
π₯ [ tweet ]
π3
π [ HackerRalf @hacker_ralf ]
Everyone takes a lot from the community... it's time to give something back yourself.
Kerbeus - BOF implementation of Rubeus (not all).
π https://github.com/RalfHacker/Kerbeus-BOF
P. S. PM me about all bugs
#redteam #kerberos #havoc #cobaltstrike #bof
π₯ [ tweet ]
Everyone takes a lot from the community... it's time to give something back yourself.
Kerbeus - BOF implementation of Rubeus (not all).
π https://github.com/RalfHacker/Kerbeus-BOF
P. S. PM me about all bugs
#redteam #kerberos #havoc #cobaltstrike #bof
π₯ [ tweet ]
π10
π [ hermit @ackmage ]
hi, check out this tool for easy Linux kernel building and debugging - easylkb
worked on it together with @netspooky! π
writeup:
π https://tmpout.sh/3/20.html
repo:
π https://github.com/deepseagirl/easylkb
π₯ [ tweet ]
hi, check out this tool for easy Linux kernel building and debugging - easylkb
worked on it together with @netspooky! π
writeup:
π https://tmpout.sh/3/20.html
repo:
π https://github.com/deepseagirl/easylkb
π₯ [ tweet ]
π4
π [ Synacktiv @Synacktiv ]
Unlock the Global Admin access π on Azure with this pentesting mindmap made by @alexisdanizan!
π https://github.com/synacktiv/Mindmaps
π₯ [ tweet ]
Unlock the Global Admin access π on Azure with this pentesting mindmap made by @alexisdanizan!
π https://github.com/synacktiv/Mindmaps
π₯ [ tweet ]
π₯1
π [ OtterHacker @OtterHacker ]
Finally π€© I got a PIC code for my #beacon! It was a really nice journey and a lot of things have been learnt on the way. If you want to try it too, I found this blog by @winternl_t really interesting:
π https://winternl.com/shellcodestdio/
And as usual, the @C5pider #Havoc β€οΈ
π₯ [ tweet ]
Finally π€© I got a PIC code for my #beacon! It was a really nice journey and a lot of things have been learnt on the way. If you want to try it too, I found this blog by @winternl_t really interesting:
π https://winternl.com/shellcodestdio/
And as usual, the @C5pider #Havoc β€οΈ
π₯ [ tweet ]
π₯2
π [ soka @pentest_soka ]
I just released a blogpost where I describe how two open source tools can be easily converted to Reflective DLL to be loaded in memory with Cobalt Strike.
This post comes along with which exists thanks to @Prepouce_ work
π https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
π https://github.com/sokaRepo/CoercedPotatoRDLL
π₯ [ tweet ]
I just released a blogpost where I describe how two open source tools can be easily converted to Reflective DLL to be loaded in memory with Cobalt Strike.
This post comes along with which exists thanks to @Prepouce_ work
π https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
π https://github.com/sokaRepo/CoercedPotatoRDLL
π₯ [ tweet ]
π₯3
π [ π π π π π π @felixm_pw ]
Indisputable C2 tier list
π₯ [ tweet ]
Indisputable C2 tier list
π₯ [ tweet ]
ΠΊΡΠΈΠ½ΠΆ ΠΈΠ»ΠΈ ΡΠΎΡΠ»?π15
π [ SAINTCON @SAINTCON ]
Lee Christensen, Will Schroeder, and Maxwell Harley - Fighting Data With Data
Detailing the various red team challenges regarding data, leading into how this influenced Nemesisβ architectural decisions and design.
π https://youtu.be/0q9u2hDcpIo
π₯ [ tweet ]
Lee Christensen, Will Schroeder, and Maxwell Harley - Fighting Data With Data
Detailing the various red team challenges regarding data, leading into how this influenced Nemesisβ architectural decisions and design.
π https://youtu.be/0q9u2hDcpIo
π₯ [ tweet ]
π₯1
Offensive Xwitter
π [ Antonio Cocomazzi @splinter_code ] Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe π π₯ [ tweet ]
π [ an0n @an0n_r0 ]
just found that SharpHound used this RemoteRegistry trigger already earlier for session enumeration, like nmap smb-enum-sessions script and Sysinternals PsLoggedOn also. here is a nice summary about it from Sven Defatsch (@compasssecurity) in 2022:
π https://blog.compass-security.com/2022/05/bloodhound-inner-workings-part-3/
π₯ [ tweet ][ quote ]
just found that SharpHound used this RemoteRegistry trigger already earlier for session enumeration, like nmap smb-enum-sessions script and Sysinternals PsLoggedOn also. here is a nice summary about it from Sven Defatsch (@compasssecurity) in 2022:
π https://blog.compass-security.com/2022/05/bloodhound-inner-workings-part-3/
π₯ [ tweet ][ quote ]
π1π₯1
Forwarded from vx-underground
Media is too big
VIEW IN TELEGRAM
Some nerd on Twitter named Bjorn Staal is programming out of his mind.
11/10. Solid programming skills (designed to demonstrate quantum entanglement)
11/10. Solid programming skills (designed to demonstrate quantum entanglement)
π€―9π1π₯1
vx-underground
Some nerd on Twitter named Bjorn Staal is programming out of his mind. 11/10. Solid programming skills (designed to demonstrate quantum entanglement)
π [ ππΓΈππ πΎππππ @_nonfigurativ_ ]
Ok, so a lot of people have been asking me for code/writeup of this so I made a stripped down example (works with an infinite amount of windows) so that you can look at to get the basic gist of it (that's all I have time for now, sorry!).
π https://bgstaal.github.io/multipleWindow3dScene/
π https://github.com/bgstaal/multipleWindow3dScene
π₯ [ tweet ][ quote ]
Ok, so a lot of people have been asking me for code/writeup of this so I made a stripped down example (works with an infinite amount of windows) so that you can look at to get the basic gist of it (that's all I have time for now, sorry!).
π https://bgstaal.github.io/multipleWindow3dScene/
π https://github.com/bgstaal/multipleWindow3dScene
π₯ [ tweet ][ quote ]
π5
π [ Ido Veltzman @Idov31 ]
Weekly Nidhogg update
Driver hiding feature is also finished and live in the dev branch: :)
On the photos you can see the before and after in DriverView (From Nirsoft's tools)
π https://github.com/Idov31/Nidhogg/tree/dev
#infosec #CyberSecurity
π₯ [ tweet ]
Weekly Nidhogg update
Driver hiding feature is also finished and live in the dev branch: :)
On the photos you can see the before and after in DriverView (From Nirsoft's tools)
π https://github.com/Idov31/Nidhogg/tree/dev
#infosec #CyberSecurity
π₯ [ tweet ]
π4
π [ WHOAMI @wh0amitz ]
To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.
π https://github.com/wh0amitz/SharpRODC
#infosec #redteam #cybersecurity #pentesting
π₯ [ tweet ]
To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.
π https://github.com/wh0amitz/SharpRODC
#infosec #redteam #cybersecurity #pentesting
π₯ [ tweet ]
π₯3
π [ OtterHacker @OtterHacker ]
Majority of custom #GetProcAddress I found didn't handle well forwarded export, here is a snippet for #GetProcAddress and #GetModuleHandle that handle this edge case !
Feel free to use it !
π https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3
π₯ [ tweet ]
Majority of custom #GetProcAddress I found didn't handle well forwarded export, here is a snippet for #GetProcAddress and #GetModuleHandle that handle this edge case !
Feel free to use it !
π https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3
π₯ [ tweet ]
π₯±1
Π Π°Π·Π²Π΅ΡΠ½ΡΡΡ ΠΏΡΠΈΠ²Π°ΡΠ½ΡΠΉ Gitea Π½Π° VPS-ΠΊΠ΅ Π·Π° 5 ΠΌΠΈΠ½ΡΡ? ΠΠ·ΠΈ ππ»
ΠΡΡΠΈΡΡ ΠΈ ΠΏΡΠ»Π»ΠΈΡΡ ΡΠ΅ΠΏΠ΅ΡΡ ΠΌΠΎΠΆΠ½ΠΎ ΠΏΠΎ ΡΠ°ΠΊΠΎΠΌΡ ΡΠ΅ΠΌΠΎΡΡΡ ππ»
ΠΠ°ΠΊ ΠΆΠ΅ ΠΏΠΎΡ ΠΎΡΠΎΡΠ΅Π» Π΄Π΅Π²ΠΎΠΏΡ ΠΏΡΠΈ ΠΊΠΎΠ½ΡΠ΅ΠΉΠ½Π΅ΡΠΈΠ·Π°ΡΠΈΠΈ...
#devops #git #gitea
$ docker run -d --name mysql-gitea -e MYSQL_ROOT_PASSWORD='my_mysql_root_pass' -v /opt/volume/mysql-gitea:/var/lib/mysql mysql:latest
$ docker container exec -it mysql-gitea bash
# mysql -u root -p'my_mysql_root_pass'
mysql> CREATE USER 'gitea-user'@'%' IDENTIFIED BY 'my_gitea_db_password';
mysql> CREATE DATABASE giteadb;
mysql> GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea-user'@'%';
mysql> FLUSH PRIVILEGES;
mysql> ^DBye
# exit
$ docker run -d --name gitea -v /opt/volume/gitea:/data -p 127.0.0.1:3000:3000 -p 127.0.0.1:2222:22 -e VIRTUAL_HOST=mygitea.local -e VIRTUAL_PORT=3000 -e USER_UID=1001 -e USER_GID=1001 -e DB_TYPE=mysql -e DB_HOST=172.17.0.2:3306 -e DB_NAME=giteadb -e DB_USER=gitea-user -e DB_PASSWD='my_gitea_db_password' gitea/gitea:latest
$ socat TCP4-LISTEN:31337,bind=0.0.0.0,fork TCP4:127.0.0.1:2222
ΠΡΡΠΈΡΡ ΠΈ ΠΏΡΠ»Π»ΠΈΡΡ ΡΠ΅ΠΏΠ΅ΡΡ ΠΌΠΎΠΆΠ½ΠΎ ΠΏΠΎ ΡΠ°ΠΊΠΎΠΌΡ ΡΠ΅ΠΌΠΎΡΡΡ ππ»
$ git remote set-url origin '[[email protected]:31337]:snovvcrash/HackThePlanet.git'
ΠΠ°ΠΊ ΠΆΠ΅ ΠΏΠΎΡ ΠΎΡΠΎΡΠ΅Π» Π΄Π΅Π²ΠΎΠΏΡ ΠΏΡΠΈ ΠΊΠΎΠ½ΡΠ΅ΠΉΠ½Π΅ΡΠΈΠ·Π°ΡΠΈΠΈ...
#devops #git #gitea
π7π₯2
π [ XMander @checkymander ]
Setting up Nemesis can be daunting, I wrote a blog post detailing the exact steps you need to to go from a fresh Ubuntu 22.04 image to a running Nemesis setup.
Future posts, I'd like to go into operational usage of it with Mythic and other tools
π https://blog.checkymander.com/red%20team/tools/operations/Nemesis-Zero-To-Hero/
π₯ [ tweet ]
Setting up Nemesis can be daunting, I wrote a blog post detailing the exact steps you need to to go from a fresh Ubuntu 22.04 image to a running Nemesis setup.
Future posts, I'd like to go into operational usage of it with Mythic and other tools
π https://blog.checkymander.com/red%20team/tools/operations/Nemesis-Zero-To-Hero/
π₯ [ tweet ]