This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Tijme Gommers @tijme ]
Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl !
Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode.
🔗 https://github.com/tijme/dittobytes
🐥 [ tweet ]
Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl !
Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode.
🔗 https://github.com/tijme/dittobytes
🐥 [ tweet ]
🔥14👍2
😈 [ Kurosh Dabbagh @_Kudaes_ ]
I just released MFTool, an NTFS parser that builds an in-memory map of a volume, allowing you to:
- Read any file without opening a handle
- Get the contents of locked/deleted files (registry hives, pagefile.sys, etc)
- Perform fast, in-memory searches across the entire disk
Although direct access to disk is not new at all, especially when it comes to forensics, I think this approach could be useful in a number of contexts during a RT engagement.
🔗 https://github.com/Kudaes/MFTool
🐥 [ tweet ]
I just released MFTool, an NTFS parser that builds an in-memory map of a volume, allowing you to:
- Read any file without opening a handle
- Get the contents of locked/deleted files (registry hives, pagefile.sys, etc)
- Perform fast, in-memory searches across the entire disk
Although direct access to disk is not new at all, especially when it comes to forensics, I think this approach could be useful in a number of contexts during a RT engagement.
🔗 https://github.com/Kudaes/MFTool
🐥 [ tweet ]
🔥13👍2
😈 [ Unit 42 @Unit42_Intel ]
We discuss an uptick in use of the relatively unknown AdaptixC2, an open-source C2 framework, by attackers. Our research details its functionality, configuration as well as observed deployment techniques, including novel AI-assisted methods.
🔗 https://unit42.paloaltonetworks.com/adaptixc2-post-exploitation-framework/
🐥 [ tweet ]
We discuss an uptick in use of the relatively unknown AdaptixC2, an open-source C2 framework, by attackers. Our research details its functionality, configuration as well as observed deployment techniques, including novel AI-assisted methods.
🔗 https://unit42.paloaltonetworks.com/adaptixc2-post-exploitation-framework/
🐥 [ tweet ]
🔥9😁3
😈 [ @zephrfish.yxz.red @ZephrFish ]
Made a thing, mucking about with python and a LDAP browser concept to ingest straight into BloodHound, simple LDAP browser using PyQt as a GUI and neo4j-driver to ingest into BH.
🔗 https://github.com/ZephrFish/pyLDAPGui
🐥 [ tweet ]
Made a thing, mucking about with python and a LDAP browser concept to ingest straight into BloodHound, simple LDAP browser using PyQt as a GUI and neo4j-driver to ingest into BH.
🔗 https://github.com/ZephrFish/pyLDAPGui
🐥 [ tweet ]
👍11
😈 [ kr0tt @_kr0tt ]
Wrote a blog about creating an early exception handler for hooking and threadless process injection without relying on VEH or SEH.
You can definitely use it for more than what is described in the post, enjoy :)
🔗 https://kr0tt.github.io/posts/early-exception-handling/
🐥 [ tweet ]
Wrote a blog about creating an early exception handler for hooking and threadless process injection without relying on VEH or SEH.
You can definitely use it for more than what is described in the post, enjoy :)
🔗 https://kr0tt.github.io/posts/early-exception-handling/
🐥 [ tweet ]
🔥6
😈 [ Dirk-jan @_dirkjan ]
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:
🔗 https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
🐥 [ tweet ]
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:
🔗 https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
🐥 [ tweet ]
🔥12👍2😁1
😈 [ dis0rder @dis0rder_0x00 ]
New tool drop! Let me show you Obex:
🔗 https://github.com/dis0rder0x00/obex
Spawn a process and block unwanted DLLs from loading (in user mode).
Example: spawn powershell without "amsi.dll" for an easy amsi-less experience :)
🐥 [ tweet ]
New tool drop! Let me show you Obex:
🔗 https://github.com/dis0rder0x00/obex
Spawn a process and block unwanted DLLs from loading (in user mode).
Example: spawn powershell without "amsi.dll" for an easy amsi-less experience :)
🐥 [ tweet ]
🔥11😁5
Forwarded from Standoff 365
Успей заявить о себе на Standoff Talks 16 октября 🔥
Call for papers все еще открыт. Если у тебя есть крутые кейсы по OSINT, багбаунти, пентесту, редтиму или на темы TI, threat hunting, работе SOC, то это твой шанс поделиться опытом с элитой практической безопасности. Выбирай удобный формат — 40 или 10 минут — и присылай заявку!
⁉️ Важно! Мы ждем твоих докладов до 26 сентября. То есть, у тебя осталась неделя, чтобы подать заявку и стать спикером ивента.
И напоминаем, что на митап нужно не забыть зарегистрироваться. Тем, кто уже зарегистрировался мы начнем рассылать подтверждения со следующей недели!
Не упусти шанс поучаствовать в таком крутом ивенте!
Call for papers все еще открыт. Если у тебя есть крутые кейсы по OSINT, багбаунти, пентесту, редтиму или на темы TI, threat hunting, работе SOC, то это твой шанс поделиться опытом с элитой практической безопасности. Выбирай удобный формат — 40 или 10 минут — и присылай заявку!
И напоминаем, что на митап нужно не забыть зарегистрироваться. Тем, кто уже зарегистрировался мы начнем рассылать подтверждения со следующей недели!
Не упусти шанс поучаствовать в таком крутом ивенте!
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
😈 [ codewhisperer84 @codewhisperer84 ]
Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM.
🔗 https://github.com/trustedsec/Titanis/
🐥 [ tweet ]
Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM.
🔗 https://github.com/trustedsec/Titanis/
🐥 [ tweet ]
🔥8👍1
😈 [ r0BIT @0xr0BIT ]
TL;DR: Semi-automate Remote SchedTask Parsing and look for privileged tasks by feeding bloodhound high-value targets. Noisy AF because impacket.
🔗 https://github.com/1r0BIT/TaskHound.git
This is my first feeble attempt at maybe providing something somewhat useful for the Community :)
🐥 [ tweet ]
TL;DR: Semi-automate Remote SchedTask Parsing and look for privileged tasks by feeding bloodhound high-value targets. Noisy AF because impacket.
🔗 https://github.com/1r0BIT/TaskHound.git
This is my first feeble attempt at maybe providing something somewhat useful for the Community :)
🐥 [ tweet ]
👍5😁1
Forwarded from Pentest Notes
Подготовил для вас подробное руководство по тестированию на проникновение Outlook Web Access (OWA). 😈
➡️ В статье я разобрал все основные атаки и уязвимости OWA. Собрал и структурировал самое полезное в одном месте.
➡️ Также материал идеально подойдет для тех, кто все еще путает между собой OWA, Outlook и MS Exchange :)
Даже если вы раньше не сталкивались с почтовыми сервисами Microsoft, после прочтения смело можете бежать проверять их на безопасность.🥤
Ссылка на статью
💫 @pentestnotes | #pentest #OWA #Exchange
Даже если вы раньше не сталкивались с почтовыми сервисами Microsoft, после прочтения смело можете бежать проверять их на безопасность.
Ссылка на статью
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥11👍6😁2🍌1
😈 [ quarkslab @quarkslab ]
Finding a buggy driver is one thing, abusing it is another.
In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader! 🚀
🔗 https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061.html
🔗 https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061_part2.html
🐥 [ tweet ]
Finding a buggy driver is one thing, abusing it is another.
In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader! 🚀
🔗 https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061.html
🔗 https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061_part2.html
🐥 [ tweet ]
🔥8
😈 [ Daniel @VirtualAllocEx ]
New blog post in a while — this one covers "executing" shellcode from non-executable memory and "bypassing" DEP/NX.
Since I didn’t have a proofreader this time, I’d really appreciate it if you could let me know about any errors or misinterpretations you spot in the article.
Blog:
🔗 https://redops.at/en/blog/the-emulators-gambit-executing-code-from-non-executable-memory
Code:
🔗 https://github.com/VirtualAlllocEx/HWBP-DEP-Bypass
🐥 [ tweet ]
New blog post in a while — this one covers "executing" shellcode from non-executable memory and "bypassing" DEP/NX.
Since I didn’t have a proofreader this time, I’d really appreciate it if you could let me know about any errors or misinterpretations you spot in the article.
Blog:
🔗 https://redops.at/en/blog/the-emulators-gambit-executing-code-from-non-executable-memory
Code:
🔗 https://github.com/VirtualAlllocEx/HWBP-DEP-Bypass
🐥 [ tweet ]
🔥12👍3
Offensive Xwitter
😈 [ Yuval Gordon @YuG0rd ] BadSuccessor is dead… or is it? The patch for CVE-2025-53779 fixed the priv-esc. While no longer a vulnerability, the tactic still applies in certain scenarios. Defenders should be aware of it. Details: 🔗 https://www.akamai.…
😈 [ Logan Goins @_logangoins ]
I feel like @YuG0rd's briefly mentioned new dMSA account takeover mechanism in his last blog didn't get enough attention. A new account takeover mechanism is on the horizon. I wrote a blog detailing it, releasing with a new BOF I wrote called BadTakeover
🔗 https://specterops.io/blog/2025/10/20/the-near-return-of-the-king-account-takeover-using-the-badsuccessor-technique/
🐥 [ tweet ]
I feel like @YuG0rd's briefly mentioned new dMSA account takeover mechanism in his last blog didn't get enough attention. A new account takeover mechanism is on the horizon. I wrote a blog detailing it, releasing with a new BOF I wrote called BadTakeover
🔗 https://specterops.io/blog/2025/10/20/the-near-return-of-the-king-account-takeover-using-the-badsuccessor-technique/
🐥 [ tweet ]
🔥5
😈 [ SpecterOps @SpecterOps ]
Credential Guard was supposed to end credential dumping. It didn't.
@bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Blog:
🔗 https://specterops.io/blog/2025/10/23/catching-credential-guard-off-guard/
Tool:
🔗 https://github.com/bytewreck/DumpGuard
crack[.]sh successor:
🔗 https://ntlmv1.com
🐥 [ tweet ]
Credential Guard was supposed to end credential dumping. It didn't.
@bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Blog:
🔗 https://specterops.io/blog/2025/10/23/catching-credential-guard-off-guard/
Tool:
🔗 https://github.com/bytewreck/DumpGuard
crack[.]sh successor:
🔗 https://ntlmv1.com
🐥 [ tweet ]
🔥15
😈 [ Bobby Cooke @0xBoku ]
Venom C2 tool drop! 🐍
During a recent red team engagement we needed a simple python agent that needs no dependencies to setup persistence on some exotic boxes we landed on.
The server, agent, and client were made mid-engagement and kept our foothold for weeks. I have no use for this anymore, so thought i'd share it instead of letting it evaporate into the /dev/null.
🔗 https://github.com/boku7/venom
🐥 [ tweet ]
Venom C2 tool drop! 🐍
During a recent red team engagement we needed a simple python agent that needs no dependencies to setup persistence on some exotic boxes we landed on.
The server, agent, and client were made mid-engagement and kept our foothold for weeks. I have no use for this anymore, so thought i'd share it instead of letting it evaporate into the /dev/null.
🔗 https://github.com/boku7/venom
🐥 [ tweet ]
🔥16😁1
😈 [ Andrea P @decoder_it ]
Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅
🔗 https://decoder.cloud/2025/11/24/reflecting-your-authentication-when-windows-ends-up-talking-to-itself/
🐥 [ tweet ]
Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅
🔗 https://decoder.cloud/2025/11/24/reflecting-your-authentication-when-windows-ends-up-talking-to-itself/
🐥 [ tweet ]
🔥11
😈 [ SpecterOps @SpecterOps ]
NTLM relays failing because of EPA? 😒
@zyn3rgy & @Tw1sm break down how to enumerate EPA settings across more protocols + drop new tooling (RelayInformer) to make relays predictable.
Blog:
🔗 https://specterops.io/blog/2025/11/25/less-praying-more-relaying-enumerating-epa-enforcement-for-mssql-and-https/
Tool:
🔗 https://github.com/zyn3rgy/RelayInformer
🐥 [ tweet ]
NTLM relays failing because of EPA? 😒
@zyn3rgy & @Tw1sm break down how to enumerate EPA settings across more protocols + drop new tooling (RelayInformer) to make relays predictable.
Blog:
🔗 https://specterops.io/blog/2025/11/25/less-praying-more-relaying-enumerating-epa-enforcement-for-mssql-and-https/
Tool:
🔗 https://github.com/zyn3rgy/RelayInformer
🐥 [ tweet ]
🔥7👍3