π [ BlackSnufkin @BlackSnufkin42 ]
Tired of switching tools for payload testing? LitterBox - bringing Moneta, PE-sieve & more into one unified platform.
π https://github.com/BlackSnufkin/LitterBox
π₯ [ tweet ]
Tired of switching tools for payload testing? LitterBox - bringing Moneta, PE-sieve & more into one unified platform.
π https://github.com/BlackSnufkin/LitterBox
π₯ [ tweet ]
π6
π [ Burak Karaduman @krdmnbrk ]
Excited to share my new project: AttackRuleMap
This project maps #AtomicRedTeam simulations to open-source detection rules like #SigmaRules and #Splunk ESCU rules (maybe more in the future).
Currently for Windows, with plans to support more platforms.
π https://attackrulemap.netlify.app/
π₯ [ tweet ]
Excited to share my new project: AttackRuleMap
This project maps #AtomicRedTeam simulations to open-source detection rules like #SigmaRules and #Splunk ESCU rules (maybe more in the future).
Currently for Windows, with plans to support more platforms.
π https://attackrulemap.netlify.app/
π₯ [ tweet ]
π10π₯5
π [ NSG650 @nsg650 ]
New blog about bootkitting Windows.
Done in collab with @pdawg11239
π https://nsg650.github.io/blogs/29-12-2024.html
π₯ [ tweet ]
New blog about bootkitting Windows.
Done in collab with @pdawg11239
π https://nsg650.github.io/blogs/29-12-2024.html
π₯ [ tweet ]
π3π₯3
π [ SafeBreach @safebreach ]
Starting 2025 strong! Weβve developed a PoC exploit for CVE-2024-49112. Read the blog and check out the GitHub repo.
Blog:
π https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/
PoC:
π https://github.com/SafeBreach-Labs/CVE-2024-49112
π₯ [ tweet ]
Starting 2025 strong! Weβve developed a PoC exploit for CVE-2024-49112. Read the blog and check out the GitHub repo.
Blog:
π https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/
PoC:
π https://github.com/SafeBreach-Labs/CVE-2024-49112
π₯ [ tweet ]
π₯9π₯±4π3π€―2
π [ Dirk-jan @_dirkjan ]
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx.
π https://github.com/dirkjanm/BloodHound.py
π₯ [ tweet ]
π https://ppn.snovvcrash.rocks/pentest/infrastructure/ad#setup
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx.
π https://github.com/dirkjanm/BloodHound.py
π₯ [ tweet ]
ΡΠΎΠΆΠ΅ Π½Π΅Π΄Π°Π²Π½ΠΎ ΠΎΠ±Π½ΠΎΠ²Π»ΡΠ» ΡΠΈΡΡΠΈΡ ΠΏΠΎ Π±ΡΡΡΡΠΎΠΌΡ ΡΠ°Π·Π²ΠΎΡΠ°ΡΠΈΠ²Π°Π½ΠΈΡ "Π½ΠΎΠ²ΠΎΠ³ΠΎ" Π±Ρ
:π https://ppn.snovvcrash.rocks/pentest/infrastructure/ad#setup
π₯10π4
π [ Synacktiv @Synacktiv ]
You can now use LDAP/LDAPs protocols with the SOCKS proxy of ntlmrelayx thanks to the PR from @b1two_ (now merged upstream).
Here is an example with ldeep using relayed authentication from HTTP to LDAPs.
π₯ [ tweet ]
You can now use LDAP/LDAPs protocols with the SOCKS proxy of ntlmrelayx thanks to the PR from @b1two_ (now merged upstream).
Here is an example with ldeep using relayed authentication from HTTP to LDAPs.
π₯ [ tweet ]
π₯8π1
π [ t3l3machus @t3l3machus ]
New experimental tool for rapid extraction and analysis of Windows service configs and ACEs for potential PE candidates, removing the need for tools like accesschk.exe or other non-native binaries.
π https://github.com/t3l3machus/ACEshark
π₯ [ tweet ]
New experimental tool for rapid extraction and analysis of Windows service configs and ACEs for potential PE candidates, removing the need for tools like accesschk.exe or other non-native binaries.
π https://github.com/t3l3machus/ACEshark
π₯ [ tweet ]
π₯11
π [ CICADA8Research @CICADA8Research ]
Read our new research and learn about MS UIA technology. You will explore the depths of COM, graphical elements in Windows and spy on WhatsApp, Telegram, Slack, and Keepass π΅οΈββοΈπ»
Blog:
π https://cicada-8.medium.com/im-watching-you-how-to-spy-windows-users-via-ms-uia-c9acd30f94c4
Tool:
π https://github.com/CICADA8-Research/Spyndicapped
π₯ [ tweet ]
SpyWare 2.0 π
Read our new research and learn about MS UIA technology. You will explore the depths of COM, graphical elements in Windows and spy on WhatsApp, Telegram, Slack, and Keepass π΅οΈββοΈπ»
Blog:
π https://cicada-8.medium.com/im-watching-you-how-to-spy-windows-users-via-ms-uia-c9acd30f94c4
Tool:
π https://github.com/CICADA8-Research/Spyndicapped
π₯ [ tweet ]
π₯9π6π3π€―2
π [ Adam Chester π΄ββ οΈ @_xpn_ ]
Achievement unlocked, my first blog with SoecterOps π€ This post looks at ADFS OAuth2 support, Device Registration, Enterprise PRT, and a brain dump of things that I didnβt want to leave sat on Notion.
π https://posts.specterops.io/adfs-living-in-the-legacy-of-drs-c11f9b371811
π₯ [ tweet ]
Achievement unlocked, my first blog with SoecterOps π€ This post looks at ADFS OAuth2 support, Device Registration, Enterprise PRT, and a brain dump of things that I didnβt want to leave sat on Notion.
π https://posts.specterops.io/adfs-living-in-the-legacy-of-drs-c11f9b371811
π₯ [ tweet ]
π6
π [ Orange Tsai π @orange_8361 ]
The detailed version of our #WorstFit attack is available now! π₯
Check it out! π
π https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/
π₯ [ tweet ][ quote ]
The detailed version of our #WorstFit attack is available now! π₯
Check it out! π
π https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/
π₯ [ tweet ][ quote ]
π₯6π3
π [ Nithin Chenthur Prabhu @Azr43lKn1ght ]
Introducing Rusty-PE-Packer: a sophisticated Windows PE packer written in Rust, featuring progressive masked RC4 encryption, VEH exploitation for ROP gadget execution via RIP manipulation, and injection into legitimate Windows processes.
π https://github.com/Azr43lKn1ght/Rusty-PE-Packer
π₯ [ tweet ]
Introducing Rusty-PE-Packer: a sophisticated Windows PE packer written in Rust, featuring progressive masked RC4 encryption, VEH exploitation for ROP gadget execution via RIP manipulation, and injection into legitimate Windows processes.
π https://github.com/Azr43lKn1ght/Rusty-PE-Packer
π₯ [ tweet ]
π₯12
π [ Bnb @HulkOperator ]
Recently, Iβve been experimenting with Return Address Spoofing and developed a tool to call any WinAPI and spoof the return address.
For a deeper dive, check out my blog post:
π https://hulkops.gitbook.io/blog/red-team/x64-return-address-spoofing
π₯ [ tweet ]
Recently, Iβve been experimenting with Return Address Spoofing and developed a tool to call any WinAPI and spoof the return address.
For a deeper dive, check out my blog post:
π https://hulkops.gitbook.io/blog/red-team/x64-return-address-spoofing
π₯ [ tweet ]
π₯7π4
π [ Matt Ehrnschwender @M_alphaaa ]
Keeping the blog alive. For people who may be unaware, you can embed a file in a C/C++ program without needing to make a giant byte array in a header file for it. Kind of went a little bit overboard on the detail with this lol but it's pretty useful
π https://blog.cybershenanigans.space/posts/embedding-files-in-c-cpp-programs/
π₯ [ tweet ]
Keeping the blog alive. For people who may be unaware, you can embed a file in a C/C++ program without needing to make a giant byte array in a header file for it. Kind of went a little bit overboard on the detail with this lol but it's pretty useful
π https://blog.cybershenanigans.space/posts/embedding-files-in-c-cpp-programs/
π₯ [ tweet ]
π₯7
This media is not supported in your browser
VIEW IN TELEGRAM
π [ MrAle98 @MrAle_98 ]
Finally finished to develop an exploit for CVE-2024-49138: vulnerability in CLFS.sys.
I'll provide a detailed analysis in a blog post.
π https://github.com/MrAle98/CVE-2024-49138-POC
π₯ [ tweet ]
Finally finished to develop an exploit for CVE-2024-49138: vulnerability in CLFS.sys.
I'll provide a detailed analysis in a blog post.
π https://github.com/MrAle98/CVE-2024-49138-POC
π₯ [ tweet ]
π₯12π1
π [ Synacktiv @Synacktiv ]
A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by @kalimer0x00.
π https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
π₯ [ tweet ]
A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by @kalimer0x00.
π https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
π₯ [ tweet ]
π₯5π1
π [ Cellebrite Labs @CellebriteLabs ]
We just released our lightweight IDA syncing solution, LabSync, on GitHub! π LabSync uses YAML files in a git repo to sync your IDB with other researchers whenever you save it. Check it out:
π https://github.com/cellebrite-labs/LabSync
π₯ [ tweet ]
We just released our lightweight IDA syncing solution, LabSync, on GitHub! π LabSync uses YAML files in a git repo to sync your IDB with other researchers whenever you save it. Check it out:
π https://github.com/cellebrite-labs/LabSync
π₯ [ tweet ]
π₯4
π [ Rad @rad9800 ]
For those unable to get their hands on EDR software for reversing, TrendMicro kindly publishes their resources at:
π https://help.deepsecurity.trendmicro.com/software.html
It's possible to download and extract the on-prem appliance and explore to understand how EDRs (if you can even call it that) work.
π₯ [ tweet ]
For those unable to get their hands on EDR software for reversing, TrendMicro kindly publishes their resources at:
π https://help.deepsecurity.trendmicro.com/software.html
It's possible to download and extract the on-prem appliance and explore to understand how EDRs (if you can even call it that) work.
π₯ [ tweet ]
π4
π [ Josh @passthehashbrwn ]
New blog from me on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that I identified in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan.
π https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
π₯ [ tweet ]
New blog from me on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that I identified in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan.
π https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
π₯ [ tweet ]
π8π₯3