Ryan Hausknecht

@Haus3c

Security Consultant @ SpecterOps, Cyber Security Instructor at UNCC. Wastes a lot of money on cars.

Cleveland - Charlotte, NC
Vrijeme pridruživanja: studeni 2015.

Tweetovi

Blokirali ste korisnika/cu @Haus3c

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Haus3c

  1. Prikvačeni tweet
    28. sij

    New blog (and tool): Attacking Azure, Azure AD, and Introducing PowerZure

    Prikaži ovu nit
    Poništi
  2. prije 16 sati

    I made a PowerShell script when researching COM objects that has like 30 foreach and if loops and will search every COM object method for a keyword, e.g. finding COM objects with a method containing 'ExecuteShell'. Maybe someone else will find it useful.

    Poništi
  3. proslijedio/la je Tweet
    31. sij

    Join me and on Tuesday, February 11th as we unveil 3.0! We will demo new attack primitives, performance improvements, and changes in the GUI. Register for the webinar here (recording available afterwards):

    Poništi
  4. proslijedio/la je Tweet
    30. sij

    For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes.

    Prikaži ovu nit
    Poništi
  5. 28. sij

    Finally, I know this lacks the defensive recommendations. There's a lot, so it has it's own article. It is written and being peer-reviewed. It'll be out early next week.

    Prikaži ovu nit
    Poništi
  6. 28. sij

    There's no reason to ever run this on a compromised system. This would just be ran from an assessment VM, hence why it's installing packages.

    Prikaži ovu nit
    Poništi
  7. 28. sij

    I initially wanted to write this in C# and had it about half way done then realized KeyVaults use a different API and the documentation for Graph was so poor, I didn't want to jump into another poorly documented API when C# has no real advantage for it.2/3

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    27. sij

    Move Faster, Stay Longer blog about extending CS and tools to go with it.

    Poništi
  9. proslijedio/la je Tweet
    25. sij

    I don't think and get enough credit for really driving a massive change in the way infosec views active directory. Novel attacks and C2 are great, but Bloodhound has cultivated a whole new school of thought in infosec. Its a whole different level of awesome.

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    Poništi
  11. proslijedio/la je Tweet
    21. sij

    Just released Satellite, a payload hosting and proxy software for red team operations. In the blog post, I discuss the feature set of Satellite as well as why an operator would choose it over Apache or Nginx.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    13. sij

    I've been poking around the Windows kernel a lot lately and one of my favorite samples I've referenced is Mimikatz's driver, Mimidrv. I took some time and documented all of its functions and included some write-ups on important kernel structures. Post: 1/3

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    18. pro 2019.

    (12/?) Some of the great content creators for AD pentesting include: - - - - Do your research and you'll find plenty more.

    Prikaži ovu nit
    Poništi
  14. 16. pro 2019.

    Today's win: Found Citrix webapp>One of the Apps was Notepad>Open notepad, click "save as" to browse filesystem>browse to cmd.exe and opened it up>execute an msbuild payload.

    Poništi
  15. 14. pro 2019.

    Love this query, it just saved our butts in a recent engagement. It can also be modified slightly for specific domains, in case of results overload or specific hunting

    Poništi
  16. 13. pro 2019.

    I've taken most queries from my cheatsheet and put them into the customqueries.json, so instead of copy+paste you can just click and shoot. Just replace your .json with this one (or the contents)

    Poništi
  17. proslijedio/la je Tweet
    25. stu 2019.

    Today I was able to release the first post of a series of blog posts about attacking FreeIPA, an open source alternative to Windows Active Directory inside of unix environments. This post covers authentication, and situational awareness.

    Poništi
  18. 26. lis 2019.

    Thank you to those who came out to my talk at Triangle InfoSec Con in Raleigh yesterday. Here are the slides in case you missed it or couldn't get in! Video is coming soon.

    Poništi
  19. proslijedio/la je Tweet
    4. lis 2019.

    I'm happy to announce the official swag store is now open for business! Red and blue shirts will ALWAYS be available at the following URL:

    Poništi
  20. 1. lis 2019.

    Such a great article by my teammate . Great job breaking down how access token manipulation is done, the rights needed, and detections around it.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·