π [ Josh @passthehashbrwn ]
THIS is an APT. No "cmd /c net user", just technical capability that's almost indistinguishable from magic
π https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
π https://koeln.ftp.media.ccc.de/congress/2023/h264-hd/37c3-11859-eng-Operation_Triangulation_What_You_Get_When_Attack_iPhones_of_Researchers.mp4
TL;DR
π https://xakep.ru/2023/12/27/operation-triangulation-hardware-mystery/
π₯ [ tweet ]
THIS is an APT. No "cmd /c net user", just technical capability that's almost indistinguishable from magic
π https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
π https://koeln.ftp.media.ccc.de/congress/2023/h264-hd/37c3-11859-eng-Operation_Triangulation_What_You_Get_When_Attack_iPhones_of_Researchers.mp4
TL;DR
π https://xakep.ru/2023/12/27/operation-triangulation-hardware-mystery/
π₯ [ tweet ]
π€―14π₯1
π [ an0n @an0n_r0 ]
OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here it is by @netero_1010:
π https://github.com/netero1010/EDRSilencer
π₯ [ tweet ]
OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here it is by @netero_1010:
π https://github.com/netero1010/EDRSilencer
π₯ [ tweet ]
π₯2
Offensive Xwitter
π [ an0n @an0n_r0 ] OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here itβ¦
π [ Diego Capriotti @naksyn ]
The shutter project has been hiding in plain sight for quite some time. I've been happily using this for nearly 2 years:
π https://github.com/dsnezhkov/shutter
π₯ [ tweet ]
The shutter project has been hiding in plain sight for quite some time. I've been happily using this for nearly 2 years:
π https://github.com/dsnezhkov/shutter
π₯ [ tweet ]
π3
π [ hackerfantastic.x @hackerfantastic ]
4 new releases from @myhackerhouse for your malware development and analysis purposes with 3 re-created from the CIA's Vault7 leak:
π https://github.com/hackerhouse-opensource/marble
π https://github.com/hackerhouse-opensource/WMIProcessWatcher
π https://github.com/hackerhouse-opensource/Artillery
π https://github.com/hackerhouse-opensource/SignToolEx
Happy New Year & Enjoy 2024!π
π₯ [ tweet ]
4 new releases from @myhackerhouse for your malware development and analysis purposes with 3 re-created from the CIA's Vault7 leak:
π https://github.com/hackerhouse-opensource/marble
π https://github.com/hackerhouse-opensource/WMIProcessWatcher
π https://github.com/hackerhouse-opensource/Artillery
π https://github.com/hackerhouse-opensource/SignToolEx
Happy New Year & Enjoy 2024!π
π₯ [ tweet ]
π4
ΠΡ Ρ Π²Π΄ΠΎΠ²ΠΎΠΉ ΠΠ»ΠΈΠΊΠΎ ΠΏΠΎΠ·Π΄ΡΠ°Π²Π»ΡΠ΅ΠΌ Π²ΡΠ΅Ρ
Ρ ΠΠ°ΡΡΡΠΏΠ°ΡΡΠΈΠΌ! Π£ ΠΌΠ΅Π½Ρ Π½Π΅Ρ ΠΌΠΎΠ΄Π½ΠΎΠΉ ΡΡΠ°ΡΡ Ρ TGStat, Π½ΠΎ ΠΈ ΡΠ°ΠΊ Π²ΠΈΠ΄Π½ΠΎ, ΡΡΠΎ ΠΊΠ°Π½Π°Π» ΡΠ°Π·Π²ΠΈΠ²Π°Π»ΡΡ ΠΏΡΠΎΠ΄ΡΠΊΡΠΈΠ²Π½ΠΎ (Π²ΡΠ΅Ρ
ΠΎΠ±Π½ΡΠ»). ΠΠ°Π»ΡΡΠ΅ β Π±ΠΎΠ»ΡΡΠ΅, stay tuned π πΎ
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯33π5π2π€1
π [ NULL @NUL0x4C ]
Publishing a PoC for an interesting code injection technique
π https://github.com/Maldev-Academy/Christmas
π₯ [ tweet ]
Publishing a PoC for an interesting code injection technique
π https://github.com/Maldev-Academy/Christmas
π₯ [ tweet ]
π5
π [ modexp @modexpblog ]
Compression using undocumented RDP API. Code is a bit rough. Might interest you @0gtweet as there are potentially other ways to do it. e.g. COM
π https://gist.github.com/odzhan/56eb105a611dcdebd1d3a084c7312190
π₯ [ tweet ]
Compression using undocumented RDP API. Code is a bit rough. Might interest you @0gtweet as there are potentially other ways to do it. e.g. COM
π https://gist.github.com/odzhan/56eb105a611dcdebd1d3a084c7312190
π₯ [ tweet ]
π₯4π₯±1
π [ Matt Hand @matterpreter ]
Windows is a meme. I've spent the better part of the afternoon wondering why my code isn't working. Turns out this has been known since at least 2021...
π https://dennisbabkin.com/blog/?t=when-developers-give-up-deletesecuritypackage-function
π₯ [ tweet ]
Windows is a meme. I've spent the better part of the afternoon wondering why my code isn't working. Turns out this has been known since at least 2021...
π https://dennisbabkin.com/blog/?t=when-developers-give-up-deletesecuritypackage-function
π₯ [ tweet ]
Directed by Robert B. Weideπ14π₯±1
π [ p4p1 @p4p1_wt7 ]
Happy New Year all, New module on the #havocframework store to work with Bloodhound CE. Automatically call your SharpHound.exe and upload your .json files directly from the havoc interface!
π https://github.com/p4p1/havoc-bloodhound
π https://p4p1.github.io/havoc-store/
π₯ [ tweet ]
Happy New Year all, New module on the #havocframework store to work with Bloodhound CE. Automatically call your SharpHound.exe and upload your .json files directly from the havoc interface!
π https://github.com/p4p1/havoc-bloodhound
π https://p4p1.github.io/havoc-store/
π₯ [ tweet ]
π5
π [ Cas van Cooten @chvancooten ]
GPT-4-Vision was trained not to solve Captcha prompts... But this is easy to circumvent with the ol' Grandma exploit π
π₯ [ tweet ]
GPT-4-Vision was trained not to solve Captcha prompts... But this is easy to circumvent with the ol' Grandma exploit π
π₯ [ tweet ]
π14π1π€1
π [ SchrodingersAV @SchrodingersAV ]
Read about a technique involving tampering with scheduled tasks, and was inspired to build a powershell script to edit scheduled tasks via the registry keys.
Can be used in memory with powershell!
#redteam #cybersecurity #hacking
π https://gist.github.com/Workingdaturah/991de2d176b4b8c8bafd29cc957e20c2
π₯ [ tweet ]
Read about a technique involving tampering with scheduled tasks, and was inspired to build a powershell script to edit scheduled tasks via the registry keys.
Can be used in memory with powershell!
#redteam #cybersecurity #hacking
π https://gist.github.com/Workingdaturah/991de2d176b4b8c8bafd29cc957e20c2
π₯ [ tweet ]
π₯3π1
Offensive Xwitter
π [ SchrodingersAV @SchrodingersAV ] Read about a technique involving tampering with scheduled tasks, and was inspired to build a powershell script to edit scheduled tasks via the registry keys. Can be used in memory with powershell! #redteam #cybersecurityβ¦
π [ David @dmcxblue ]
Managed to port to C# the Invoke-GhostTask from @SchrodingersAV, added a little bit more details on what is going on.
#redteam
π https://github.com/dmcxblue/SharpGhostTask
π₯ [ tweet ]
Managed to port to C# the Invoke-GhostTask from @SchrodingersAV, added a little bit more details on what is going on.
#redteam
π https://github.com/dmcxblue/SharpGhostTask
π₯ [ tweet ]
π₯4π2
π [ Joshua Rogers @MegaManSec ]
Today I am proud to be officially releasing a tool I've been working on recently: SSH-Snake.
A self-replicating and self-propagating -- completely fileless -- ssh-based worm that discovers ssh private keys and destinations. Make cool graphs, too!
π https://github.com/MegaManSec/SSH-Snake
π₯ [ tweet ]
Today I am proud to be officially releasing a tool I've been working on recently: SSH-Snake.
A self-replicating and self-propagating -- completely fileless -- ssh-based worm that discovers ssh private keys and destinations. Make cool graphs, too!
π https://github.com/MegaManSec/SSH-Snake
π₯ [ tweet ]
π13
π [ BlackArrow @BlackArrowSec ]
Our colleague @IagoAbad has weaponized the leaked token handles technique for MSSQL.
Now open token handles in MSSQL's process (sqlservr.exe) can be abused to change security context and escalate privileges both locally and in the domain.
π https://github.com/blackarrowsec/Handly
π₯ [ tweet ]
Our colleague @IagoAbad has weaponized the leaked token handles technique for MSSQL.
Now open token handles in MSSQL's process (sqlservr.exe) can be abused to change security context and escalate privileges both locally and in the domain.
π https://github.com/blackarrowsec/Handly
π₯ [ tweet ]
π₯5
π [ Rasta Mouse @_RastaMouse ]
[BLOG]
First post of 2024. Why, as a C# dev, you should use SafeHandle classes instead of IntPtr's.
π https://rastamouse.me/safehandle-vs-intptr/
π₯ [ tweet ]
[BLOG]
First post of 2024. Why, as a C# dev, you should use SafeHandle classes instead of IntPtr's.
π https://rastamouse.me/safehandle-vs-intptr/
π₯ [ tweet ]
π₯4π2π€1
π [ Grzegorz Tworek @0gtweet ]
Token stealing (aka duplication) with syscalls only? Not sure if itβs novel approach but had to try anyway. π€·ββοΈ
NtOpenProcessToken, NtAdjustPrivilegesToken, NtOpenProcess, NtDuplicateToken, and NtSetInformationThread at your service! Enjoy the C code:
π https://github.com/gtworek/PSBits/blob/master/Misc/TokenStealWithSyscalls.c
π₯ [ tweet ]
Token stealing (aka duplication) with syscalls only? Not sure if itβs novel approach but had to try anyway. π€·ββοΈ
NtOpenProcessToken, NtAdjustPrivilegesToken, NtOpenProcess, NtDuplicateToken, and NtSetInformationThread at your service! Enjoy the C code:
π https://github.com/gtworek/PSBits/blob/master/Misc/TokenStealWithSyscalls.c
π₯ [ tweet ]
π5π₯1