👹 [ snovvcrash, sn🥶vvcr💥sh ]
🧵(1/3) I get so excited every time I contribute to #impacket 🤗 Anyways, here’s an upcoming update to secretsdump[.]py ↪️ There’s now this -ldapfilter option that allows an attacker to #DCSync a bunch of user with a single shot 🧨
https://t.co/4ASCbqysj8
🔗 https://github.com/SecureAuthCorp/impacket/pull/1329
🐥 [ tweet ]
🧵(1/3) I get so excited every time I contribute to #impacket 🤗 Anyways, here’s an upcoming update to secretsdump[.]py ↪️ There’s now this -ldapfilter option that allows an attacker to #DCSync a bunch of user with a single shot 🧨
https://t.co/4ASCbqysj8
🔗 https://github.com/SecureAuthCorp/impacket/pull/1329
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
🧶 (1/3) PCredz in Docker Thread
I’m a big fan of the #Impacket multi-relay feature that not only allows an attacker to keep multiple relay targets alive, but can also be used for performing both #NTLM relay AND #hashes dump at the same time ⏬
https://t.co/EZtH02ynTN
#pentest
🔗 https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/
🐥 [ tweet ]
🧶 (1/3) PCredz in Docker Thread
I’m a big fan of the #Impacket multi-relay feature that not only allows an attacker to keep multiple relay targets alive, but can also be used for performing both #NTLM relay AND #hashes dump at the same time ⏬
https://t.co/EZtH02ynTN
#pentest
🔗 https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/
🐥 [ tweet ]
🔥1
😈 [ 0xdeaddood, leandro ]
#Impacket is back! We're already working to take it to the next level! 🚀🌕
https://t.co/wLMsZOYauN
🔗 https://0xdeaddood.rocks/2023/01/14/we-are-back
🐥 [ tweet ]
#Impacket is back! We're already working to take it to the next level! 🚀🌕
https://t.co/wLMsZOYauN
🔗 https://0xdeaddood.rocks/2023/01/14/we-are-back
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
I got curious about how easy it would be to bypass some of the static detections for the RemComSvc binary (which is over 10 years old) and yeah… Pretty easy 😂
https://t.co/U44Ik5RxFQ
#psexec #impacket #remcom
🔗 https://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb
🐥 [ tweet ][ quote ]
I got curious about how easy it would be to bypass some of the static detections for the RemComSvc binary (which is over 10 years old) and yeah… Pretty easy 😂
https://t.co/U44Ik5RxFQ
#psexec #impacket #remcom
🔗 https://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb
🐥 [ tweet ][ quote ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒️] One idea for NTDS on-site dumping without VSS: NTFSCopy (thx @RedCursorSec) + #impacket’s RemoteOperations.getBootKey() + secretsdump[.]py (e.g., via a pre-compiled binary or @naksyn’s awesome Pyramid) 🤪
https://t.co/0UATJuJ1ob
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/credentials-dump/ntds#raw-ntds.dit-copy
🐥 [ tweet ][ quote ]
[#HackTip ⚒️] One idea for NTDS on-site dumping without VSS: NTFSCopy (thx @RedCursorSec) + #impacket’s RemoteOperations.getBootKey() + secretsdump[.]py (e.g., via a pre-compiled binary or @naksyn’s awesome Pyramid) 🤪
https://t.co/0UATJuJ1ob
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/credentials-dump/ntds#raw-ntds.dit-copy
🐥 [ tweet ][ quote ]
😈 [ bugch3ck, Jonas Vestberg ]
Disclosed today at @Disobey_fi - psexec from #impacket expose the target system for authenticated command execution as SYSTEM. That means any user that can authenticate over the network (usually Domain Users) can run code as SYSTEM over the network.
🐥 [ tweet ]
Disclosed today at @Disobey_fi - psexec from #impacket expose the target system for authenticated command execution as SYSTEM. That means any user that can authenticate over the network (usually Domain Users) can run code as SYSTEM over the network.
🐥 [ tweet ]
Forwarded from PT SWARM
New article by our researcher @snovvcrash: "Python ❤️ SSPI: Teaching #Impacket to Respect Windows SSO".
🥷 Read the blog post and you'll fly under the radar of endpoint security mechanisms as well as custom network detection rules more easily.
https://swarm.ptsecurity.com/python-sspi-teaching-impacket-to-respect-windows-sso/
🥷 Read the blog post and you'll fly under the radar of endpoint security mechanisms as well as custom network detection rules more easily.
https://swarm.ptsecurity.com/python-sspi-teaching-impacket-to-respect-windows-sso/
PT SWARM
Python ❤️ SSPI: Teaching Impacket to Respect Windows SSO
One handy feature of our private Impacket (by @fortra) fork is that it can leverage native SSPI interaction for authentication purposes when operating from a legit domain context on a Windows machine. As far as the partial implementation of Ntsecapi represents…
🔥13
😈 [ BlackArrow @BlackArrowSec ]
Enhanced version of secretsdump from #Impacket to dump credentials without touching disk.
This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives.
🔗 https://github.com/fortra/impacket/pull/1698
🔗 https://github.com/jfjallid/go-secdump
🐥 [ tweet ]
Enhanced version of secretsdump from #Impacket to dump credentials without touching disk.
This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives.
🔗 https://github.com/fortra/impacket/pull/1698
🔗 https://github.com/jfjallid/go-secdump
🐥 [ tweet ]
🔥7👍2