π [DirectoryRanger, DirectoryRanger]
Hunting for Active Directory Certificate Services Abuse, by @HeirhabarovT
https://t.co/adwuv53TOL
π https://speakerdeck.com/heirhabarov/hunting-for-active-directory-certificate-services-abuse
π₯ [tweet]
Hunting for Active Directory Certificate Services Abuse, by @HeirhabarovT
https://t.co/adwuv53TOL
π https://speakerdeck.com/heirhabarov/hunting-for-active-directory-certificate-services-abuse
π₯ [tweet]
π [cyb3rops, Florian Roth π]
Remember, when you write #YARA rules for RTF files that "{\rtf" isnβt the header that you should look for, since the βfβ isnβt required by Microsoft Word to open the file
Better use:
uint32be(0) == 0x7B5C7274
which is "{\rt" at position 0
https://t.co/vzBbEcZJd1
π https://furoner.wordpress.com/2017/07/06/analysis-of-new-rtf-malware-obfuscation-method/
π₯ [tweet]
Remember, when you write #YARA rules for RTF files that "{\rtf" isnβt the header that you should look for, since the βfβ isnβt required by Microsoft Word to open the file
Better use:
uint32be(0) == 0x7B5C7274
which is "{\rt" at position 0
https://t.co/vzBbEcZJd1
π https://furoner.wordpress.com/2017/07/06/analysis-of-new-rtf-malware-obfuscation-method/
π₯ [tweet]
π [carlospolopm, carlospolop]
Weekly HackTricks links to learn about: Cache poisoning and cache deception, SNMP, and DDexec.
- https://t.co/uWw9s2bJPJ
- https://t.co/UxQjAM6gzZ
- https://t.co/vvR7kp409c
#hacktricks
π https://book.hacktricks.xyz/pentesting-web/cache-deception
π https://book.hacktricks.xyz/network-services-pentesting/pentesting-snmp
π https://book.hacktricks.xyz/linux-hardening/bypass-bash-restrictions/ddexec
π₯ [tweet]
Weekly HackTricks links to learn about: Cache poisoning and cache deception, SNMP, and DDexec.
- https://t.co/uWw9s2bJPJ
- https://t.co/UxQjAM6gzZ
- https://t.co/vvR7kp409c
#hacktricks
π https://book.hacktricks.xyz/pentesting-web/cache-deception
π https://book.hacktricks.xyz/network-services-pentesting/pentesting-snmp
π https://book.hacktricks.xyz/linux-hardening/bypass-bash-restrictions/ddexec
π₯ [tweet]
π [ albinowax, James Kettle ]
I've updated the Turbo Intruder documentation with some practical tips for long-running attacks. TLDR don't put five million responses in the table, you'll run out of RAM.
https://t.co/lhyH2hlOrn
π https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack
π₯ [ tweet ]
I've updated the Turbo Intruder documentation with some practical tips for long-running attacks. TLDR don't put five million responses in the table, you'll run out of RAM.
https://t.co/lhyH2hlOrn
π https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack
π₯ [ tweet ]
π [ Tarlogic, Tarlogic ]
The world grades everything. Students, restaurants and hotels, movies, books... #CyberSecurity couldn't be oblivious to this reality. That's why we have dedicated a post on our blog Ciber 4 All to the #CVSS framework.
https://t.co/rPbUFFuR7f
π https://www.tarlogic.com/blog/cvss-scoring-it-vulnerabilities/
π₯ [ tweet ]
The world grades everything. Students, restaurants and hotels, movies, books... #CyberSecurity couldn't be oblivious to this reality. That's why we have dedicated a post on our blog Ciber 4 All to the #CVSS framework.
https://t.co/rPbUFFuR7f
π https://www.tarlogic.com/blog/cvss-scoring-it-vulnerabilities/
π₯ [ tweet ]
π [ vxunderground, vx-underground ]
We've updated the vx-underground Malware Defense collection. We have added 60 new papers.
Have a nice day.
Check it out here: https://t.co/djuVYEkbLT
π https://www.vx-underground.org/malware_defense.html#malware_analysis
π₯ [ tweet ]
We've updated the vx-underground Malware Defense collection. We have added 60 new papers.
Have a nice day.
Check it out here: https://t.co/djuVYEkbLT
π https://www.vx-underground.org/malware_defense.html#malware_analysis
π₯ [ tweet ]
π [ vxunderground, vx-underground ]
We've updated the vx-underground malware collection.
- Xloader
- Enemybot
- WSL Malware
- Chromeloader/Choziosi
- Chaos / Yashma Ransomware
- Pymafka
Download malware. It is good for you.
Check it out here: https://t.co/L3GdoH9kLl
π https://samples.vx-underground.org/samples/Families/
π₯ [ tweet ]
We've updated the vx-underground malware collection.
- Xloader
- Enemybot
- WSL Malware
- Chromeloader/Choziosi
- Chaos / Yashma Ransomware
- Pymafka
Download malware. It is good for you.
Check it out here: https://t.co/L3GdoH9kLl
π https://samples.vx-underground.org/samples/Families/
π₯ [ tweet ]
π [ GoSecure_Inc, GoSecure ]
Read this analysis by GoSecure Titan Labs of the two vulnerabilities found in 3CX Phone Systems, authenticated command injection and privilege escalation: https://t.co/dhfxLA950o #pentesting #cybersecurity #GoSecureTitanLabs
π https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/
π₯ [ tweet ]
Read this analysis by GoSecure Titan Labs of the two vulnerabilities found in 3CX Phone Systems, authenticated command injection and privilege escalation: https://t.co/dhfxLA950o #pentesting #cybersecurity #GoSecureTitanLabs
π https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
Fantastic Windows Logon types and Where to Find Credentials in Them, by @chiragsavla94
https://t.co/qFUEG8HdWC
π https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them
π₯ [ tweet ]
Fantastic Windows Logon types and Where to Find Credentials in Them, by @chiragsavla94
https://t.co/qFUEG8HdWC
π https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them
π₯ [ tweet ]
π₯1
π [ Tyl0us, Matt Eidelberg ]
Check out my talk focusing on shining a light on the mindset of a red team and how they covertly compromise an organizationβs security. Lots of great TTPs and stories to share check it out #SourceZeroCon https://t.co/FiiVCJhi0t #netsec #redteam #evasion
π https://bit.ly/3K3argl
π₯ [ tweet ]
Check out my talk focusing on shining a light on the mindset of a red team and how they covertly compromise an organizationβs security. Lots of great TTPs and stories to share check it out #SourceZeroCon https://t.co/FiiVCJhi0t #netsec #redteam #evasion
π https://bit.ly/3K3argl
π₯ [ tweet ]
Forwarded from Offensive Xwitter Eye
π [ aetsu, π¬ππππ ]
A blueprint for evading industry leading endpoint protection in 2022 -> https://t.co/Vf69P9ZUuA
π https://vanmieghem.io/blueprint-for-evading-edr-in-2022/
π₯ [ tweet ]
A blueprint for evading industry leading endpoint protection in 2022 -> https://t.co/Vf69P9ZUuA
π https://vanmieghem.io/blueprint-for-evading-edr-in-2022/
π₯ [ tweet ]
π₯2
Forwarded from Offensive Xwitter Eye
π [ harmj0y, Will Schroeder ]
In my first foray into what @moo_hax terms "Offensive ML", I took at shot at data mining documents for passwords using deep learning. You can read about the approach at https://t.co/oL7jBbPiJQ and can find the notebook + Dockerized model at https://t.co/jXsMDVEwOo
π https://posts.specterops.io/deeppass-finding-passwords-with-deep-learning-4d31c534cd00
π https://github.com/GhostPack/DeepPass
π₯ [ tweet ]
In my first foray into what @moo_hax terms "Offensive ML", I took at shot at data mining documents for passwords using deep learning. You can read about the approach at https://t.co/oL7jBbPiJQ and can find the notebook + Dockerized model at https://t.co/jXsMDVEwOo
π https://posts.specterops.io/deeppass-finding-passwords-with-deep-learning-4d31c534cd00
π https://github.com/GhostPack/DeepPass
π₯ [ tweet ]
π₯1
Forwarded from Offensive Xwitter Eye
π [ hackinarticles, Hacking Articles ]
A Detailed Guide on Rubeus
https://t.co/XmD8LfJGY5
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #servers #windows
π https://www.hackingarticles.in/a-detailed-guide-on-rubeus/
π₯ [ tweet ]
A Detailed Guide on Rubeus
https://t.co/XmD8LfJGY5
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #servers #windows
π https://www.hackingarticles.in/a-detailed-guide-on-rubeus/
π₯ [ tweet ]
Forwarded from Offensive Xwitter Eye
π [ hackinarticles, Hacking Articles ]
Domain Persistence: Silver Ticket Attack
https://t.co/GDmxv0kJID
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #servers #windows
π https://www.hackingarticles.in/domain-persistence-silver-ticket-attack/
π₯ [ tweet ]
Domain Persistence: Silver Ticket Attack
https://t.co/GDmxv0kJID
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #servers #windows
π https://www.hackingarticles.in/domain-persistence-silver-ticket-attack/
π₯ [ tweet ]
Forwarded from Offensive Xwitter Eye
π [ hackinarticles, Hacking Articles ]
Domain Escalation: Unconstrained Delegation
https://t.co/qWxRjcg7UF
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #servers #windows
π https://www.hackingarticles.in/domain-escalation-unconstrained-delegation/
π₯ [ tweet ]
Domain Escalation: Unconstrained Delegation
https://t.co/qWxRjcg7UF
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #servers #windows
π https://www.hackingarticles.in/domain-escalation-unconstrained-delegation/
π₯ [ tweet ]
Forwarded from Offensive Xwitter Eye
π [ hackinarticles, Hacking Articles ]
Domain Persistence: Golden Certificate Attack
https://t.co/SmMarfX7hK
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #servers #windows
π https://www.hackingarticles.in/domain-persistence-golden-certificate-attack/
π₯ [ tweet ]
Domain Persistence: Golden Certificate Attack
https://t.co/SmMarfX7hK
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #servers #windows
π https://www.hackingarticles.in/domain-persistence-golden-certificate-attack/
π₯ [ tweet ]