π [ ntlmrelay, Ring3API ]
π Python utility to generate #MITRE ATT&CK Vault for #Obsidian.
1οΈβ£Get Obsidian (https://t.co/ZBOCQ2ez7U)
2οΈβ£Generate Vault (https://t.co/3A5dbhoRC2)
3οΈβ£Explore!
#blueteam #threathunting #ThreatIntelligence
π https://obsidian.md/
π https://github.com/arch4ngel/sec-vault-gen
π₯ [ tweet ]
π Python utility to generate #MITRE ATT&CK Vault for #Obsidian.
1οΈβ£Get Obsidian (https://t.co/ZBOCQ2ez7U)
2οΈβ£Generate Vault (https://t.co/3A5dbhoRC2)
3οΈβ£Explore!
#blueteam #threathunting #ThreatIntelligence
π https://obsidian.md/
π https://github.com/arch4ngel/sec-vault-gen
π₯ [ tweet ]
π2
π [ DebugPrivilege, β’ ]
Great blog post on hijacking Azure subscriptions. https://t.co/i2zQHrazu2
π https://derkvanderwoude.medium.com/azure-subscription-hijacking-and-cryptomining-86c2ac018983
π₯ [ tweet ]
Great blog post on hijacking Azure subscriptions. https://t.co/i2zQHrazu2
π https://derkvanderwoude.medium.com/azure-subscription-hijacking-and-cryptomining-86c2ac018983
π₯ [ tweet ]
π [ bohops, bohops ]
[Quick Update] Added a few new and old resources/techniques to the WDAC Block List
https://t.co/2AhEtQ2aS0
I'll post a few more blogs in the coming months to include Part 3 of the "Exploring the Microsoft Recommended Block Rules" series as well as some new
techniques
π https://github.com/bohops/UltimateWDACBypassList
π₯ [ tweet ]
[Quick Update] Added a few new and old resources/techniques to the WDAC Block List
https://t.co/2AhEtQ2aS0
I'll post a few more blogs in the coming months to include Part 3 of the "Exploring the Microsoft Recommended Block Rules" series as well as some new
techniques
π https://github.com/bohops/UltimateWDACBypassList
π₯ [ tweet ]
π [ byt3bl33d3r, Marcello ]
This is neato
"Alpine, Ubuntu, Fedora, and Arch based containers containing full desktop environments in officially supported flavors accessible via any modern web browser."
https://t.co/VSTYMXDYma
π https://docs.linuxserver.io/images/docker-webtop
π₯ [ tweet ]
This is neato
"Alpine, Ubuntu, Fedora, and Arch based containers containing full desktop environments in officially supported flavors accessible via any modern web browser."
https://t.co/VSTYMXDYma
π https://docs.linuxserver.io/images/docker-webtop
π₯ [ tweet ]
π₯1
π [ Six2dez1, Six2dez ]
I can't say enough about how useful @TomNomNom's hacks repository is. Lately whenever I need something I go there to take a look because it almost always has the solution, so I can never improve my Golang skills!
Latest discovery https://t.co/0DYgf4qkko
long live open sourceβ€οΈ
π https://github.com/tomnomnom/hacks/tree/master/inscope
π₯ [ tweet ]
I can't say enough about how useful @TomNomNom's hacks repository is. Lately whenever I need something I go there to take a look because it almost always has the solution, so I can never improve my Golang skills!
Latest discovery https://t.co/0DYgf4qkko
long live open sourceβ€οΈ
π https://github.com/tomnomnom/hacks/tree/master/inscope
π₯ [ tweet ]
π1
π [ mttaggart, Taggart ]
I'd just like to point out that a number of us have been providing free, high quality infosec content on Twitch for years without so much as a blurb in the Register.
@goproslowyo
@0xTib3rius
@Alh4zr3d
@xfootpics4salex
@ShawnLo
And many more at https://t.co/LnMWvE4jwN https://t.co/MB2rYdNPjC
π https://infosecstreams.github.io/
π₯ [ tweet ][ quote ]
I'd just like to point out that a number of us have been providing free, high quality infosec content on Twitch for years without so much as a blurb in the Register.
@goproslowyo
@0xTib3rius
@Alh4zr3d
@xfootpics4salex
@ShawnLo
And many more at https://t.co/LnMWvE4jwN https://t.co/MB2rYdNPjC
π https://infosecstreams.github.io/
π₯ [ tweet ][ quote ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
Was trying to improve my #password #spraying approach in AD by previewing FGPPs and mapping them to the users theyβre applied to, but it turns out you have to be an admin to do that π
π₯ [ tweet ]
Was trying to improve my #password #spraying approach in AD by previewing FGPPs and mapping them to the users theyβre applied to, but it turns out you have to be an admin to do that π
π₯ [ tweet ]
π₯1
π [ CyberarkLabs, CyberArk Labs ]
Passwords and cookies are stored in Chromeβs memory in clear-text. Attackers can load into memory all the passwords that are stored in the password manager (βLogin Dataβ file).
https://t.co/L1JRO22ktu
π https://spr.ly/6017zZ6Ft
π₯ [ tweet ]
Passwords and cookies are stored in Chromeβs memory in clear-text. Attackers can load into memory all the passwords that are stored in the password manager (βLogin Dataβ file).
https://t.co/L1JRO22ktu
π https://spr.ly/6017zZ6Ft
π₯ [ tweet ]
π3
π [ 0xBoku, Bobby Cooke ]
BokuLoader now uses its best evasion features out of the box, +ASM Caesar cipher string obfuscation, +bug fixes, and +code enhancements. Dropped 32bit for now and all around slimmed down the code. Needed a clean base for coming feature updates ;)
https://t.co/At0dcvYZF0
π https://github.com/boku7/BokuLoader
π₯ [ tweet ]
BokuLoader now uses its best evasion features out of the box, +ASM Caesar cipher string obfuscation, +bug fixes, and +code enhancements. Dropped 32bit for now and all around slimmed down the code. Needed a clean base for coming feature updates ;)
https://t.co/At0dcvYZF0
π https://github.com/boku7/BokuLoader
π₯ [ tweet ]
π₯2
π [ 0gtweet, Grzegorz Tworek ]
3 pieces of information:
1. The interesting one - if svchost.exe cannot find "Parameters" subkey, it tries to read ServiceDll entry from the parent (service) key!
2. The bad one - tools rarely check such DLLs.
3. The great one - my tool was just updated - https://t.co/ySr6QM0f3b
π https://github.com/gtworek/PSBits/blob/master/Services/Get-ServiceDlls.ps1
π₯ [ tweet ]
3 pieces of information:
1. The interesting one - if svchost.exe cannot find "Parameters" subkey, it tries to read ServiceDll entry from the parent (service) key!
2. The bad one - tools rarely check such DLLs.
3. The great one - my tool was just updated - https://t.co/ySr6QM0f3b
π https://github.com/gtworek/PSBits/blob/master/Services/Get-ServiceDlls.ps1
π₯ [ tweet ]
π [ _wald0, Andy Robbins ]
ICYMI: This week I published a 3-part blog series on managed identity attack paths in various #Azure services:
Part 1, Automation Accounts: https://t.co/gZ6QjGw6CE
Part 2, Logic Apps: https://t.co/3Jtw4rcHdm
Part 3, Function Apps: https://t.co/MJh46fqs2m
π https://posts.specterops.io/82667d17187a
π https://posts.specterops.io/52b29354fc54
π https://posts.specterops.io/300065251cbe
π₯ [ tweet ]
ICYMI: This week I published a 3-part blog series on managed identity attack paths in various #Azure services:
Part 1, Automation Accounts: https://t.co/gZ6QjGw6CE
Part 2, Logic Apps: https://t.co/3Jtw4rcHdm
Part 3, Function Apps: https://t.co/MJh46fqs2m
π https://posts.specterops.io/82667d17187a
π https://posts.specterops.io/52b29354fc54
π https://posts.specterops.io/300065251cbe
π₯ [ tweet ]
π [ Cneelis, Cn33liz ]
It's #BOFFriday so time for a new @OutflankNL C2-Tool-Collection update:
> Psx - Show detailed process information incl. OPSEC checks.
> Psc - Show detailed information from processes with established TCP and RDP connections.
https://t.co/Wq1obZDfRU
π https://github.com/outflanknl/C2-Tool-Collection
π₯ [ tweet ]
It's #BOFFriday so time for a new @OutflankNL C2-Tool-Collection update:
> Psx - Show detailed process information incl. OPSEC checks.
> Psc - Show detailed information from processes with established TCP and RDP connections.
https://t.co/Wq1obZDfRU
π https://github.com/outflanknl/C2-Tool-Collection
π₯ [ tweet ]
π2
π [ Cx01N_, Cx01N ]
Here is the material from #defcon29 in case anyone missed last years.
https://t.co/4lk4Y6UWXe
π https://github.com/BC-SECURITY/Beginners-Guide-to-Obfuscation
π₯ [ tweet ][ quote ]
Here is the material from #defcon29 in case anyone missed last years.
https://t.co/4lk4Y6UWXe
π https://github.com/BC-SECURITY/Beginners-Guide-to-Obfuscation
π₯ [ tweet ][ quote ]
π1
π [ _wald0, Andy Robbins ]
Today is Friday, which means it's #BloodHoundBasics day.
BloodHound collects user logons in a somewhat non-intuitive way. In this video I try my best explain exactly how BloodHound's logon session collection works: https://t.co/4XQqJ0Zulq
π https://www.youtube.com/watch?v=q86VgM2Tafc
π₯ [ tweet ]
Today is Friday, which means it's #BloodHoundBasics day.
BloodHound collects user logons in a somewhat non-intuitive way. In this video I try my best explain exactly how BloodHound's logon session collection works: https://t.co/4XQqJ0Zulq
π https://www.youtube.com/watch?v=q86VgM2Tafc
π₯ [ tweet ]
π₯2
π [ exploitph, Charlie Clark ]
Been working on some new features for PowerView, it's still a work in progress but just pushed a few, cert auth for LDAPS and StartTLS for Get-DomainObject, Get-DomainUser, Get-DomainComputer and Set-DomainObject 1/2
https://t.co/H9rrPiTZeD
π https://github.com/0xe7/PowerSploit/blob/master/Recon/PowerView.ps1
π₯ [ tweet ]
Been working on some new features for PowerView, it's still a work in progress but just pushed a few, cert auth for LDAPS and StartTLS for Get-DomainObject, Get-DomainUser, Get-DomainComputer and Set-DomainObject 1/2
https://t.co/H9rrPiTZeD
π https://github.com/0xe7/PowerSploit/blob/master/Recon/PowerView.ps1
π₯ [ tweet ]
π [ _RastaMouse, Rasta Mouse ]
[BLOG]
GPO WMI filters - how they can screw you over, and some ways to deal with them.
https://t.co/9kBZQlYw7D
π https://rastamouse.me/ous-and-gpos-and-wmi-filters-oh-my/
π₯ [ tweet ]
[BLOG]
GPO WMI filters - how they can screw you over, and some ways to deal with them.
https://t.co/9kBZQlYw7D
π https://rastamouse.me/ous-and-gpos-and-wmi-filters-oh-my/
π₯ [ tweet ]