π [ yxel @httpyxel ]
LLVM-Yx-CallObfuscator: An LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
π https://github.com/janoglezcampos/llvm-yx-callobfuscator
π₯ [ tweet ]
LLVM-Yx-CallObfuscator: An LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
π https://github.com/janoglezcampos/llvm-yx-callobfuscator
π₯ [ tweet ]
π₯3π1
π [ EvilMog @Evil_Mog ]
4 billion if statements:
π https://andreasjhkarlsson.github.io//jekyll/update/2023/12/27/4-billion-if-statements.html
π₯ [ tweet ]
4 billion if statements:
π https://andreasjhkarlsson.github.io//jekyll/update/2023/12/27/4-billion-if-statements.html
π₯ [ tweet ]
ΡΠΌΠ΅ΡΠ½ΡΠ²ΠΊΠ° Π½Π° ΡΡΠΎΡ Π²Π΅ΡΠ΅Ρ ΠΏΡΡΠ½ΠΈΡΡπ7π4π€―1π₯±1
π [ zhassulan zhussupov @cocomelonckz ]
next one. Since Iβm a little busy writing my book for the Packt, I havenβt been writing as often lately. But Iβm still working on researching and simulating ransomware.
π https://cocomelonc.github.io/malware/2024/01/16/malware-cryptography-24.html
π₯ [ tweet ]
next one. Since Iβm a little busy writing my book for the Packt, I havenβt been writing as often lately. But Iβm still working on researching and simulating ransomware.
π https://cocomelonc.github.io/malware/2024/01/16/malware-cryptography-24.html
π₯ [ tweet ]
π₯4π’1
π [ Octoberfest7 @Octoberfest73 ]
I'm exited to release GraphStrike, a project I completed during my internship at @RedSiege. Route all of your Cobalt Strike HTTPS traffic through graph.microsoft.com.
Tool:
π https://github.com/RedSiege/GraphStrike?tab=readme-ov-file
Dev blog:
π https://redsiege.com/blog/2024/01/graphstrike-developer
π₯ [ tweet ]
I'm exited to release GraphStrike, a project I completed during my internship at @RedSiege. Route all of your Cobalt Strike HTTPS traffic through graph.microsoft.com.
Tool:
π https://github.com/RedSiege/GraphStrike?tab=readme-ov-file
Dev blog:
π https://redsiege.com/blog/2024/01/graphstrike-developer
π₯ [ tweet ]
π₯3
π [ Kleiton Kurti @kleiton0x7e ]
Created a PoC for loading DLLs without LoadLibraryA. Instead we'll leverage the VEH (Vectored Exception Handler) to modify the context, especially RIP and RCX to hold the LoadLibraryA address and it's argument.
π https://github.com/kleiton0x00/Proxy-DLL-Loads
π₯ [ tweet ]
Created a PoC for loading DLLs without LoadLibraryA. Instead we'll leverage the VEH (Vectored Exception Handler) to modify the context, especially RIP and RCX to hold the LoadLibraryA address and it's argument.
π https://github.com/kleiton0x00/Proxy-DLL-Loads
π₯ [ tweet ]
π3π₯3
π [ ap @decoder_it ]
This is how a specific Group Policy configuration, enabling a security feature bypass, can lead to Privilege Escalation. Full details and examples in my latest blog post ;)
π https://decoder.cloud/2024/01/23/do-not-trust-this-group-policy/
π₯ [ tweet ]
This is how a specific Group Policy configuration, enabling a security feature bypass, can lead to Privilege Escalation. Full details and examples in my latest blog post ;)
π https://decoder.cloud/2024/01/23/do-not-trust-this-group-policy/
π₯ [ tweet ]
π₯1
π [ eversinc33 @eversinc33 ]
Small experiment today, inspired by @kaganisildak, using RCON protocol, as used by e.g. CS 1.6 as a C2 channel for the lulz.
π https://github.com/eversinc33/1.6-C2
π₯ [ tweet ]
Small experiment today, inspired by @kaganisildak, using RCON protocol, as used by e.g. CS 1.6 as a C2 channel for the lulz.
π https://github.com/eversinc33/1.6-C2
π₯ [ tweet ]
π8π2
This media is not supported in your browser
VIEW IN TELEGRAM
π [ eversinc33 @eversinc33 ]
Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? ππ
π₯ [ tweet ]
Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? ππ
π₯ [ tweet ]
π₯20π7π3
π [ Jonas BΓΌlow Knudsen @Jonas_B_K ]
ADCS attack paths in BloodHound! π₯³
This blog post breaks down the implementation of the ESC1 requirements and guides you on effectively leveraging BloodHound to identify attack paths that include ESC1 privileges.
π https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
π₯ [ tweet ]
ADCS attack paths in BloodHound! π₯³
This blog post breaks down the implementation of the ESC1 requirements and guides you on effectively leveraging BloodHound to identify attack paths that include ESC1 privileges.
π https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
π₯ [ tweet ]
π2π₯1
Forwarded from APT
Learn the process of crafting a personalized RDI/sRDI loader in C and ASM, incorporating code optimization to achieve full position independence.
π https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
#maldev #reflective #dll #clang #asm
Please open Telegram to view this post
VIEW IN TELEGRAM
Malicious Group
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
π5
π [ William Burgess @joehowwolf ]
New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM
π https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
π₯ [ tweet ]
New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM
π https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
π₯ [ tweet ]
π [ FalconForce Official @falconforceteam ]
We are thrilled to publish SOAPHound: a custom-developed data collector tool to enumerate Active Directory environments via the ADWS-protocol. Enjoy!
π https://falconforce.nl/soaphound-tool-to-collect-active-directory-data-via-adws/
π https://github.com/FalconForceTeam/SOAPHound
π₯ [ tweet ]
We are thrilled to publish SOAPHound: a custom-developed data collector tool to enumerate Active Directory environments via the ADWS-protocol. Enjoy!
π https://falconforce.nl/soaphound-tool-to-collect-active-directory-data-via-adws/
π https://github.com/FalconForceTeam/SOAPHound
π₯ [ tweet ]
π₯4
π [ 5pider @C5pider ]
Modern implant design: position independent malware development.
A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing.
π https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
π https://github.com/Cracked5pider/Stardust
π₯ [ tweet ]
Modern implant design: position independent malware development.
A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing.
π https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
π https://github.com/Cracked5pider/Stardust
π₯ [ tweet ]
π5
π [ Rasta Mouse @_RastaMouse ]
Demo version of CsWhispers is now public. Any and all feedback is welcome.
π https://github.com/rasta-mouse/CsWhispers
π₯ [ tweet ]
Demo version of CsWhispers is now public. Any and all feedback is welcome.
π https://github.com/rasta-mouse/CsWhispers
π₯ [ tweet ]
π₯1
π [ Rasta Mouse @_RastaMouse ]
[BLOG]
Very short post containing some guidance on how to deal with ANYSIZE_ARRAY structures in C#.
π https://rastamouse.me/anysize-array-csharp/
π₯ [ tweet ]
[BLOG]
Very short post containing some guidance on how to deal with ANYSIZE_ARRAY structures in C#.
π https://rastamouse.me/anysize-array-csharp/
π₯ [ tweet ]
π2
π [ LuemmelSec @theluemmel ]
New blog by @itm4n is a must read for blue and red alike:
π https://itm4n.github.io/printnightmare-exploitation/
Quality stuff as always. Thanks
I updated my Client-Checker to evaluate the affected reg keys so you can quickly check on your own if you might be affected or not:
π https://github.com/LuemmelSec/Client-Checker
π₯ [ tweet ]
New blog by @itm4n is a must read for blue and red alike:
π https://itm4n.github.io/printnightmare-exploitation/
Quality stuff as always. Thanks
I updated my Client-Checker to evaluate the affected reg keys so you can quickly check on your own if you might be affected or not:
π https://github.com/LuemmelSec/Client-Checker
π₯ [ tweet ]
π₯6
π [ John Lambert @JohnLaTwC ]
Midnight Blizzard: Guidance for responders on nation-state attack
π https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
π₯ [ tweet ]
Midnight Blizzard: Guidance for responders on nation-state attack
π https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
π₯ [ tweet ]
ΠΎΡ
ΡΠΆ ΡΡΠΈ ΡΡΡΡΠΊΠΈΠ΅ Π°ΠΏΡΡΠ½ΠΈΠΊΠΈ, Π·Π½Π°Π΅ΡΠ΅ Π»ΠΈπ6
π [ AurΓ©lien Chalot @Defte_ ]
It's finally out: from a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR
π https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
π₯ [ tweet ]
It's finally out: from a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR
π https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
π₯ [ tweet ]
π3
π [ Slowerzs @slowerzs ]
I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities.
You can find my blogpost about it:
π https://blog.slowerzs.net/posts/thievingfox/
And the Github repo of the tool:
π https://github.com/Slowerzs/ThievingFox/
π₯ [ tweet ]
I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities.
You can find my blogpost about it:
π https://blog.slowerzs.net/posts/thievingfox/
And the Github repo of the tool:
π https://github.com/Slowerzs/ThievingFox/
π₯ [ tweet ]
π2π₯2