This media is not supported in your browser
VIEW IN TELEGRAM
๐ [ chebuya @_chebuya ]
How I discovered and exploited an unauthenticated SSRF in the Havoc C2 teamserver, allowing attackers to leak origin IPs of teamservers behind redirectors and much more!
๐ https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
๐ https://github.com/chebuya/Havoc-C2-SSRF-poc
๐ฅ [ tweet ]
How I discovered and exploited an unauthenticated SSRF in the Havoc C2 teamserver, allowing attackers to leak origin IPs of teamservers behind redirectors and much more!
๐ https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
๐ https://github.com/chebuya/Havoc-C2-SSRF-poc
๐ฅ [ tweet ]
๐ฅ6
๐ [ CICADA8Research @CICADA8Research ]
Process Injection is Dead. Long Live IHxHelpPaneServer
How can a user's session be abused without process injection, remotekrbrelay, tgsthief?
Read it in our new article:
๐ https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
POC:
๐ https://github.com/CICADA8-Research/IHxExec
๐ฅ [ tweet ]
Process Injection is Dead. Long Live IHxHelpPaneServer
How can a user's session be abused without process injection, remotekrbrelay, tgsthief?
Read it in our new article:
๐ https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
POC:
๐ https://github.com/CICADA8-Research/IHxExec
๐ฅ [ tweet ]
๐9๐ฅ6
๐ [ Greg Darwin @gregdarwin ]
After months in development, Cobalt Strike 4.10 is now available for download. This release sees the introduction of BeaconGate, the Sleepmask-VS, postex kit, a new job browser and much, much more. Check out the blog post for details:
๐ https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
๐ฅ [ tweet ]
ะฝะพะฒะฐั ะฑะธะฑะฐ ััะฐะบ, ะบะฐะบ ะณะพะฒะพัะธั @Acrono
After months in development, Cobalt Strike 4.10 is now available for download. This release sees the introduction of BeaconGate, the Sleepmask-VS, postex kit, a new job browser and much, much more. Check out the blog post for details:
๐ https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
๐ฅ [ tweet ]
ะฝะพะฒะฐั ะฑะธะฑะฐ ััะฐะบ, ะบะฐะบ ะณะพะฒะพัะธั @Acrono
๐7๐ฅ1
๐ [ Antonio Cocomazzi @splinter_code ]
Excited to share my latest research about FIN7 ๐ฅ
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read ๐
๐ https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
๐ฅ [ tweet ]
Excited to share my latest research about FIN7 ๐ฅ
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read ๐
๐ https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
๐ฅ [ tweet ]
๐5
๐ [ Zach Vorhies / Google Whistleblower @Perpetualmaniac ]
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
๐ https://threadreaderapp.com/thread/1814376668095754753.html
๐ฅ [ tweet ]
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
๐ https://threadreaderapp.com/thread/1814376668095754753.html
๐ฅ [ tweet ]
ะฟัะพัะตััะธะพะฝะฐะป ัะฟะฟ ะฟัะพะณัะฐะผะผะธัั ะฒัะต ะพะฑัััะฝะธะป๐ฅ11๐1
Offensive Xwitter
๐ [ Zach Vorhies / Google Whistleblower @Perpetualmaniac ] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language. Since I am a professional C++ programmer, let me decode this stack trace dump for you. ๐ https://threadreaderapโฆ
๐ [ Tavis Ormandy @taviso ]
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... ๐งต1/n
๐ https://threadreaderapp.com/thread/1814762302337654829.html
๐ฅ [ tweet ]
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... ๐งต1/n
๐ https://threadreaderapp.com/thread/1814762302337654829.html
๐ฅ [ tweet ]
(ะฒัะต ัะฐะฒะฝะพ ะฑะพะปััะต ะฝะธัะตะณะพ ะธะฝัะตัะตัะฝะพะณะพ ะฝะต ะฟัะพะธัั
ะพะดะธั)๐6๐ค4๐ฅ3๐1
๐ [ Max Harley @0xdab0 ]
Finally releasing a very beta version of my ADExplorerSnapshot Rust rewrite! There have been a ton of performance optimizations, edges added, and usability improvements since the quoted tweet. I'm really excited for people to start using and breaking it.
๐ https://github.com/t94j0/adexplorersnapshot-rs
๐ฅ [ tweet ][ quote ]
Finally releasing a very beta version of my ADExplorerSnapshot Rust rewrite! There have been a ton of performance optimizations, edges added, and usability improvements since the quoted tweet. I'm really excited for people to start using and breaking it.
๐ https://github.com/t94j0/adexplorersnapshot-rs
๐ฅ [ tweet ][ quote ]
๐7๐ฅฑ3
๐ [ 5pider @C5pider ]
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code.
The client is now fully extendable and scriptable via the Python API
๐ฅ [ tweet ]
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code.
The client is now fully extendable and scriptable via the Python API
๐ฅ [ tweet ]
๐7
๐ [ Aurรฉlien Chalot @Defte_ ]
Super interesting way of blinding EDR's consoles!!
๐ https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
๐ฅ [ tweet ]
Super interesting way of blinding EDR's consoles!!
๐ https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
๐ฅ [ tweet ]
๐ฅ6๐2
๐ [ Print3M @Print3M_ ]
I wrote my first calc.exe "shellcode" in NASM. I find it a little strange that a lot of people write about malware development but almost no one talks about writing your own shellcode. I decided to write something on my own. (good comments, easy readable)
๐ https://github.com/Print3M/shellcodes/blob/main/calc-exe.asm
๐ฅ [ tweet ]
#ะดะปั_ัะฐะผัั _ะผะฐะปะตะฝัะบะธั
I wrote my first calc.exe "shellcode" in NASM. I find it a little strange that a lot of people write about malware development but almost no one talks about writing your own shellcode. I decided to write something on my own. (good comments, easy readable)
๐ https://github.com/Print3M/shellcodes/blob/main/calc-exe.asm
๐ฅ [ tweet ]
#ะดะปั_ัะฐะผัั _ะผะฐะปะตะฝัะบะธั
๐7๐ฅ1
๐ [ Alex Neff @al3x_n3ff ]
A new module just got merged into NetExec, which extracts the security Questions for local users ๐
Made by @Adamkadaban
If you want to know the details, you can read his blog post here:
๐ https://hackback.zip/2024/05/08/Remotely-Dumping-Windows-Security-Questions-With-Impacket.html
๐ฅ [ tweet ]
A new module just got merged into NetExec, which extracts the security Questions for local users ๐
Made by @Adamkadaban
If you want to know the details, you can read his blog post here:
๐ https://hackback.zip/2024/05/08/Remotely-Dumping-Windows-Security-Questions-With-Impacket.html
๐ฅ [ tweet ]
๐ฅ12๐2
๐ [ Kaspersky @kaspersky ]
A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer โ the browser that Microsoft supposedly laid to rest over a year ago.
Full story:
๐ https://www.kaspersky.com/blog/zero-day-in-internet-explorer/51698/
๐ฅ [ tweet ]
A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer โ the browser that Microsoft supposedly laid to rest over a year ago.
Full story:
๐ https://www.kaspersky.com/blog/zero-day-in-internet-explorer/51698/
๐ฅ [ tweet ]
๐7๐ฅ3๐3
๐ [ Check Point Research @_CPResearch_ ]
In this blog we introduce Thread-Name Calling - A new process injection technique using Thread Name. We also discuss various scenarios in which this not widely-known API can be used for offense.
Blog:
๐ https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
PoC:
๐ https://github.com/hasherezade/thread_namecalling
๐ฅ [ tweet ]
In this blog we introduce Thread-Name Calling - A new process injection technique using Thread Name. We also discuss various scenarios in which this not widely-known API can be used for offense.
Blog:
๐ https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
PoC:
๐ https://github.com/hasherezade/thread_namecalling
๐ฅ [ tweet ]
๐ฅ4๐1๐ฅฑ1