Script Kitties

@ScriptKitties

"Cats are a very mysterious kind of folk. There is always more passing in their minds than we are aware of." - Sir Walter Scott

the curious cats
Vrijeme pridruživanja: siječanj 2015.

Tweetovi

Blokirali ste korisnika/cu @ScriptKitties

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ScriptKitties

  1. proslijedio/la je Tweet
    prije 9 sati

    Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner

    Poništi
  2. proslijedio/la je Tweet
    1. velj

    Some essential process execution/cmd lines to monitor for initial access/persist. powershell cmd rundll32 control wscript javaw csc regsvr32 reg certutil bitsadmin schtasks wmic eqnedt32 msiexec cmstp mshta hh curl installutil regsvcs/regasm at msbuild sc cscript msxsl runonce

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    30. sij

    Ever wanted to take a peek at the mimikatz sekurlsa::msv internals? New blog post is all about it plus, it also showcases PyKDumper, a tool that dumps LSASS credentials through WinDBG/PyKD.

    Poništi
  4. proslijedio/la je Tweet
    31. sij

    Fuck it, I can't focus at all today. It's a mess, sorry.. I've also uploaded the discussed bug to github. Maybe someone can make sense of it. It's a junction bug that's a little more complicated then a simple "bait and switch". Hope it's useful to someone.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    24. sij

    Here's a cool trick to break out of AppLocker in Citrix environment: 1. Open a dummy RTF file in wordpad 2. Add ftp.exe as an object 3. Click to open ftp (or other similar apps) 4. ftp>!{commmand/app to run} for example: ftp>!cmd <-- blocked? ftp>!powershell <-- not blocked?:)

    Poništi
  6. proslijedio/la je Tweet
    24. sij

    Post-exploitation tip: Do you know how to trivially & remotely hijack an session without prompt nor warning on user's side using signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details:

    Poništi
  7. proslijedio/la je Tweet
    21. sij

    Just released Satellite, a payload hosting and proxy software for red team operations. In the blog post, I discuss the feature set of Satellite as well as why an operator would choose it over Apache or Nginx.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    24. lip 2019.
    Poništi
  9. proslijedio/la je Tweet
    19. sij

    command-line MSBuild.exe detection's got your down? How about MSBuild without MSBuild.exe?

    Poništi
  10. proslijedio/la je Tweet
    19. sij
    Poništi
  11. proslijedio/la je Tweet
    17. sij

    Want to make service removal really fun? Create a service with a unicode name. The service will run but won't show in sc.exe, services.msc, or taskmgr.exe and will sometimes cause a critical error while trying to find it with PowerShell/WMI. Unicode wins again.🤦‍♂️

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    18. sij

    Here my GitHub with many scripts useful for red teamers - Enjoy!

    Poništi
  13. proslijedio/la je Tweet
    18. sij

    Okay here it is, Zipper a new file and folder compression utility for CobaltStrike. Blue Teams/Hunters/Defenders: Lookout for non file-compression related processes creating (random named) zipfiles within temp folders.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    17. sij

    Story time: I had a pentest this week, in a locked down environment. It was a RDP like session. The system was preventing powershell, cmd, and other programs. No internet access. I started looking at LOLBins. I discovered I could use diskshadow.

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    Poništi
  16. proslijedio/la je Tweet
    12. sij

    To investigate the OST argument, I decided to try to become an APT. Custom C backdoor, activated by portknock/domain resolution, loads shellcode and calls a reverse shell to a Meterpreter session, or it can download and run arbitrary files.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    6. sij

    is there a soc tier 0 job? seems like most soc tier 1 jobs want 1-2 years in a soc.

    Poništi
  18. proslijedio/la je Tweet
    5. sij

    A Red Teamer's Guide to GPOs and OUs, by

    Poništi
  19. proslijedio/la je Tweet
    1. sij

    New version of minidump is out. Some minor improvements added, and now it comes with a command-line shell for browsing around the dump file. Available on github and pip

    Poništi
  20. proslijedio/la je Tweet
    27. pro 2019.

    You know you can embed C# in a PowerShell script, (but the PowerShell scanning and logging makes it no longer great for hacking, not to mention that it internally compiles and loads a .dll) but did you know about the C# REPL scriptcs? - Known good EXE/DLL's - No AMSI, logging...

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·