Offensive Xwitter
π [ Melvin langvik @Flangvik ] FULLHD OFFICIAL OFFSEC C2 Tier List π https://www.youtube.com/live/iYKItfBbPoY?si=AoUAwkwdUS30lEwe π₯ [ tweet ]
π [ Melvin langvik @Flangvik ]
List is completeπ Thanks to all who joined live! I had a blast, and I hope you all did tooπ₯³ Next week, same time, I'm apparently doing an EDR tier list... π€‘If u missed it, VOD is here:
π https://youtu.be/iYKItfBbPoY
π₯ [ tweet ]
List is completeπ Thanks to all who joined live! I had a blast, and I hope you all did tooπ₯³ Next week, same time, I'm apparently doing an EDR tier list... π€‘If u missed it, VOD is here:
π https://youtu.be/iYKItfBbPoY
π₯ [ tweet ]
π₯±5π4
π [ Red Siege Information Security @RedSiege ]
π NEW TOOL π
Introducing: Jigsaw
Developed by Principal Security Consultant @hardwaterhacker
Link:
π https://redsiege.com/jigsaw
A Python tool that scrambles shellcode bytes, providing a possibly undetectable payload.
Start challenging traditional detection with this low-entropy, puzzle-like approach.
π₯ [ tweet ]
π NEW TOOL π
Introducing: Jigsaw
Developed by Principal Security Consultant @hardwaterhacker
Link:
π https://redsiege.com/jigsaw
A Python tool that scrambles shellcode bytes, providing a possibly undetectable payload.
Start challenging traditional detection with this low-entropy, puzzle-like approach.
π₯ [ tweet ]
ΠΊΡΠΈΠ½ΠΆ, Π½ΠΎ Π±ΠΎΠ»ΡΡΠ΅ Π½ΠΈΡΠ΅ ΠΈΠ½ΡΠ΅ΡΠ΅ΡΠ½ΠΎΠ³ΠΎ Π½Π΅Ρπ8
π [ Adam Chester π΄ββ οΈ @_xpn_ ]
New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta.
π https://blog.xpnsec.com/identity-providers-redteamers/
π₯ [ tweet ]
New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta.
π https://blog.xpnsec.com/identity-providers-redteamers/
π₯ [ tweet ]
π₯5
π [ π Michael Grafnetter @MGrafnetter ]
Extending Active Directory Users and Computers context menus with PowerShell
π https://www.dsinternals.com/en/extending-active-directory-aduc-context-menu-powershell/
π₯ [ tweet ]
Extending Active Directory Users and Computers context menus with PowerShell
π https://www.dsinternals.com/en/extending-active-directory-aduc-context-menu-powershell/
π₯ [ tweet ]
π6
π [ Guillaume CaillΓ© @OffenseTeacher ]
Just published my methodology for finding good DLL side-loading candidates while avoiding using DllMain for injection to bypass Loader Lock limitations.
If you have been struggling with this, I hope this saves you time in the future.
π https://www.okiok.com/achieving-dll-side-loading-in-the-original-process/
π₯ [ tweet ]
Just published my methodology for finding good DLL side-loading candidates while avoiding using DllMain for injection to bypass Loader Lock limitations.
If you have been struggling with this, I hope this saves you time in the future.
π https://www.okiok.com/achieving-dll-side-loading-in-the-original-process/
π₯ [ tweet ]
π₯6
π [ SapientFlow @sapientflow ]
My first ever blog post is out:
π https://medium.com/@sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca
Happy for any constructive criticism or anyone that just wants to engage on the topic.
π₯ [ tweet ]
My first ever blog post is out:
π https://medium.com/@sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca
Happy for any constructive criticism or anyone that just wants to engage on the topic.
π₯ [ tweet ]
π₯5
π [ Lsec @lsecqt ]
My blog about executing shellcodes via Direct Pointer is live:
While this is something relatively simple as a concept, I felt like the Red Teaming Army needed such content.
π https://lsecqt.github.io/Red-Teaming-Army/malware-development/leveraging-the-direct-pointer---a-stealthy-maneuver-in-evasion-tactics/
π₯ [ tweet ]
#Π΄Π»Ρ_ΡΠ°ΠΌΡΡ _ΠΌΠ°Π»Π΅Π½ΡΠΊΠΈΡ
My blog about executing shellcodes via Direct Pointer is live:
While this is something relatively simple as a concept, I felt like the Red Teaming Army needed such content.
π https://lsecqt.github.io/Red-Teaming-Army/malware-development/leveraging-the-direct-pointer---a-stealthy-maneuver-in-evasion-tactics/
π₯ [ tweet ]
#Π΄Π»Ρ_ΡΠ°ΠΌΡΡ _ΠΌΠ°Π»Π΅Π½ΡΠΊΠΈΡ
π5π2
π [ Pedro Gabaldon @PedroGabaldon ]
Just landed 2 PRs on Impacket:
π https://github.com/fortra/impacket/pull/1719
π https://github.com/fortra/impacket/pull/1719
π₯ [ tweet ]
Just landed 2 PRs on Impacket:
π https://github.com/fortra/impacket/pull/1719
π https://github.com/fortra/impacket/pull/1719
π₯ [ tweet ]
SAM/LSA ΡΠ΅ΡΠ΅Π· shadow copyπ₯5
π [ Zero Day Engineering @zerodaytraining ]
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) (source code + video walkthrough)
A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit I chose to offload the reverse-engineered toolgate protocol implementation to a Python module, while keeping my low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which we miss a lot in non-trivial exploit development. -- @alisaesage
π https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html
π₯ [ tweet ]
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) (source code + video walkthrough)
A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit I chose to offload the reverse-engineered toolgate protocol implementation to a Python module, while keeping my low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which we miss a lot in non-trivial exploit development. -- @alisaesage
π https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html
π₯ [ tweet ]
π₯3π1
π [ bakki @shubakki ]
Naively bypassing new memory scanning POCs
first chapter of two, stay tuned π€
π https://sillywa.re/posts/flower-da-flowin-shc/
π₯ [ tweet ]
Naively bypassing new memory scanning POCs
first chapter of two, stay tuned π€
π https://sillywa.re/posts/flower-da-flowin-shc/
π₯ [ tweet ]
π₯2π€―1
π [ Mayfly @M4yFly ]
New lab π° for the GOAD project π₯³: SCCM
You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware.
More information here:
π https://mayfly277.github.io/posts/SCCM-LAB-part0x0/
Repository here:
π https://github.com/Orange-Cyberdefense/GOAD
Thx again @KenjiEndo15 for your help to building this!
π₯ [ tweet ]
New lab π° for the GOAD project π₯³: SCCM
You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware.
More information here:
π https://mayfly277.github.io/posts/SCCM-LAB-part0x0/
Repository here:
π https://github.com/Orange-Cyberdefense/GOAD
Thx again @KenjiEndo15 for your help to building this!
π₯ [ tweet ]
π2
π [ eversinc33 π©Έπ‘οΈ @eversinc33 ]
New blogpost and small tool release: Wrote a naive anti-rootkit driver that detects mapped drivers, and talk about some bypasses for those detections in part I of my new (anti-)-anti-rootkit series.
More research on rootkit evasion coming soon : )
π https://eversinc33.com/posts/anti-anti-rootkit-part-i/
π₯ [ tweet ]
New blogpost and small tool release: Wrote a naive anti-rootkit driver that detects mapped drivers, and talk about some bypasses for those detections in part I of my new (anti-)-anti-rootkit series.
More research on rootkit evasion coming soon : )
π https://eversinc33.com/posts/anti-anti-rootkit-part-i/
π₯ [ tweet ]
π1π₯1
π [ Melvin langvik @Flangvik ]
Had an absolute blast on stream today, thank you so much to everyone who showed upβΊ VOD is on YouTube if you missed itπ Allot of people came with input, so naturally I 100% blame chat for this now OFFICIAL OFFSEC EDR TIER LIST
π https://youtube.com/live/2H-Wlxq1kpo
π₯ [ tweet ]
Had an absolute blast on stream today, thank you so much to everyone who showed upβΊ VOD is on YouTube if you missed itπ Allot of people came with input, so naturally I 100% blame chat for this now OFFICIAL OFFSEC EDR TIER LIST
π https://youtube.com/live/2H-Wlxq1kpo
π₯ [ tweet ]
Kaspersky - B, Π²Ρ ΠΏΠΎΠ½ΡΠ»ΠΈπ₯±7
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2024-1086 Linux kernel LPE
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.
π₯18π1
π [ The Haagβ’ @M_haggis ]
Code blocks are free!!!
π https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader
π₯ [ tweet ]
Code blocks are free!!!
π https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader
π₯ [ tweet ]
π₯1
π [ Nettitude Labs @Nettitude_Labs ]
Introducing SharpConflux, a .NET tool built to facilitate Confluence exploration during Red Team engagements.
Find out more and download SharpConflux in our latest LRQA Nettitude Labs article.
π https://labs.nettitude.com/blog/introducing-sharpconflux/
π₯ [ tweet ]
Introducing SharpConflux, a .NET tool built to facilitate Confluence exploration during Red Team engagements.
Find out more and download SharpConflux in our latest LRQA Nettitude Labs article.
π https://labs.nettitude.com/blog/introducing-sharpconflux/
π₯ [ tweet ]
π₯5π1π₯±1
π [ Zoro @Evi1cg ]
atexec-pro
π https://github.com/ridter/atexec-pro
π https://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.3_from_RPC_to_lateral_movement.html
π₯ [ tweet ]
atexec-pro
π https://github.com/ridter/atexec-pro
π https://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.3_from_RPC_to_lateral_movement.html
π₯ [ tweet ]
Π»ΡΠ±Π»Ρ ΡΠ°ΠΊΠΎΠΉ ΠΊΡΠ΅Π°ΡΠΈΠ²π4
π [ Cody Thomas @its_a_feature_ ]
I created a draft blog post that goes over the general concepts for making changes to agents, Mythic, and even Mythic's UI. If there's something specific you're hoping to see though, let me know and I can probably add it!
π https://medium.com/@its_a_feature_/agent-customization-in-mythic-tailoring-tools-for-red-team-needs-1746fd02177f
π₯ [ tweet ]
I created a draft blog post that goes over the general concepts for making changes to agents, Mythic, and even Mythic's UI. If there's something specific you're hoping to see though, let me know and I can probably add it!
π https://medium.com/@its_a_feature_/agent-customization-in-mythic-tailoring-tools-for-red-team-needs-1746fd02177f
π₯ [ tweet ]
π2
π [ @thunderysteak@mastodon.social @ThunderySteak ]
totally forgot that naming your wifi after mimikatz script makes windows eat itself
π₯ [ tweet ]
totally forgot that naming your wifi after mimikatz script makes windows eat itself
π₯ [ tweet ]
π26π1π₯1π’1
π [ Andrew Oliveau @AndrewOliveau ]
πππ«΅π₯ "SeeSeeYouExec: Windows Session Hijacking via CcmExec"
New @Mandiant Red Team blog explores how SCCM's CcmExec service can be utilized for session hijacking and introduces a new tool, CcmPwn, to weaponize this technique! Defense tips included π΅
π https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec
π₯ [ tweet ]
πππ«΅π₯ "SeeSeeYouExec: Windows Session Hijacking via CcmExec"
New @Mandiant Red Team blog explores how SCCM's CcmExec service can be utilized for session hijacking and introduces a new tool, CcmPwn, to weaponize this technique! Defense tips included π΅
π https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec
π₯ [ tweet ]
π2π₯2