Stan Hegt

@StanHacked

Red teamer @ Outflank

.NL
outflank.nl
Vrijeme pridruživanja: kolovoz 2015.
11 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @StanHacked

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @StanHacked

  1. Prikvačeni tweet
    5. svi 2019.

    Evil Clippy: our new tool for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse many macro security analysis tools. Read our blog post for details:

    10 replies 404 proslijeđena tweeta 878 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. 27. sij

    If 's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:

    145 proslijeđenih tweetova 292 korisnika označavaju da im se sviđa
    Poništi
  3. 20. sij

    These stickers aren’t made for laptops only.

    27 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    18. sij

    Okay here it is, Zipper a new file and folder compression utility for CobaltStrike. Blue Teams/Hunters/Defenders: Lookout for non file-compression related processes creating (random named) zipfiles within temp folders.

    131 proslijeđeni tweet 264 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    9. sij

    Spray-AD, a new Kerberos password spraying tool for Cobalt Strike that might come in handy when assessing Active Directory environments for weak passwords (generates event IDs 4771 instead of 4625).

    248 proslijeđenih tweetova 469 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. 9. sij

    Video recording of my presentation with at Black Hat Asia 2019 is online. MS Office in Wonderland: 50 minutes of offensive tradecraft with Word and Excel. Exploiting fields, Power Query, VBA stomping, Excel4 macros, AMSI bypasses and more fun.

    101 proslijeđeni tweet 190 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    28. pro 2019.

    Just published some thoughts on red teaming, how to approach it, procure it and get in to it...

    15 replies 186 proslijeđenih tweetova 419 korisnika označava da im se sviđa
    Poništi
  8. 21. pro 2019.

    Cool! My lightning talk submission for is accepted: "The caveats of implementing smart cards and MFA in Active Directory". 25 Minutes packed with nasty security details of AD, Kerberos and NTLM. Looking forward to another edition of this awesome conference!

    1 reply 23 proslijeđena tweeta 82 korisnika označavaju da im se sviđa
    Poništi
  9. 18. pro 2019.

    Happy to announce that I'll be speaking at Goa 2020 on attacking developers via malicious code. Expect a journey into COM, typelibs and inner workings of Visual Studio. This research builds on the shoulders of giants and .

    16 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    5. pro 2019.

    Final slides of my presentation yesterday at Black Hat Europe 2019, about malicious VBA macros and recent advances in the attack & defence sides: Featuring /olevba, ViperMonkey, MacroRaptor, EvilClippy

    184 proslijeđena tweeta 328 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    12. stu 2019.

    NTLM reflection is back to haunt windows. Read about Ghost Potato here (this time with a fixed link):

    15 replies 347 proslijeđenih tweetova 625 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    10. stu 2019.

    I've done a dirty update on SharpShooter to provide 64-bit compatibility for SLK Macros (based on and work 👍). Let me know if you'd like a PR in the original repo.

    13 proslijeđenih tweetova 31 korisnik označava da mu se sviđa
    Poništi
  13. proslijedio/la je Tweet
    8. stu 2019.

    There's a new Excel 0day which may allow for the automatic & silent execution of embedded macros on macOS 😱 New blog post: "[0day] Abusing XLM Macros in Slk Files" 👾🍎 Shoutouts to / for initial bug discovery & their analysis 🙏🤩

    6 replies 235 proslijeđenih tweetova 396 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    5. stu 2019.
    Odgovor korisnicima

    For example, if you're unfortunate enough to still be using macOS Sierra (10.12.x), Safari will launch Excel to open an arbitrary file with zero user interaction. This makes for a complete drive-by download situation.

    1 reply 5 proslijeđenih tweetova 11 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    3. stu 2019.

    Lol, another SLK/XML macro warning bypass. Recommendation do NOT “Disable all macros without notification” on excel4mac, this setting enabled direct execution of any Xlm macro.. Nice find

    30 proslijeđenih tweetova 80 korisnika označava da im se sviđa
    Poništi
  16. 30. lis 2019.

    Our new blog post on abusing the SYLK file format. This 1980s file type can host macros in modern versions of MS Office / Excel without hitting protected mode. Post includes recommendations for mitigation (note: active abuse in the wild).

    6 replies 123 proslijeđena tweeta 207 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    22. lis 2019.

    New C# Tradecraft -> SharpHide. A nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null terminated) registry key.

    117 proslijeđenih tweetova 234 korisnika označavaju da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    20. lis 2019.

    New blog and Recon-AD tool: Active Directory Recon using ADSI and Reflective DLLs

    11 replies 259 proslijeđenih tweetova 468 korisnika označava da im se sviđa
    Poništi
  19. 14. lis 2019.

    Net-GPPPassword, 's C#/.NET port of 's PowerShell-based Get-GPPPassword. Retrieves plaintext password for accounts pushed through Group Policy Preferences. The technique is dated, but still valuable in some of our gigs.

    1 reply 73 proslijeđena tweeta 199 korisnika označava da im se sviđa
    Poništi
  20. 8. lis 2019.

    Just heard that my latest vulnerability submission is eligible for max bounty (15,000 USD) in the MS Office bounty program. Thanks ! Hope this motivates others to find bugs, disclose them to vendors and make the world a bit safer. Write-up will follow after fix.

    9 replies 5 proslijeđenih tweetova 98 korisnika označava da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    30. ruj 2019.

    Posted some VBA code for loading a DotNet assembly directly using mscorlib + Assembly.Load by manually accessing the VTable of the IUnknown. Hopefully it saves someone else some time, but it's not the cleanest approach I was hoping for.

    113 proslijeđenih tweetova 236 korisnika označava da im se sviđa
    Poništi

@StanHacked još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·