Acebond

@aceb0nd

Addicted to powerlifting, obsessed with security. Tweets are my own.

Your Network
Vrijeme pridruživanja: ožujak 2017.

Tweetovi

Blokirali ste korisnika/cu @aceb0nd

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @aceb0nd

  1. proslijedio/la je Tweet
    31. sij

    Join me and on Tuesday, February 11th as we unveil 3.0! We will demo new attack primitives, performance improvements, and changes in the GUI. Register for the webinar here (recording available afterwards):

    Poništi
  2. 29. sij

    New blog post! 10 web vulnerabilities that you might not know exist and should be on the lookout for Let me know what out of the ordinary vulns you have discovered in the comments below😀

    Poništi
  3. proslijedio/la je Tweet
    26. sij

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    23. sij

    PoC (Denial-of-Service) for CVE-2020-0609 & CVE-2020-0610 Please use for research and educational purpose only.

    Poništi
  5. proslijedio/la je Tweet
    22. sij

    Shout-out to for pointing this out in his blog on inter-realm keys:

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    Poništi
  7. proslijedio/la je Tweet
    21. sij

    I have changed my views. Rust needs to exist. There will always be people who, for whatever reason, are bad at making choices and don’t want to code in Go. If Rust did not exist then those people would choose C++. 😇

    Poništi
  8. proslijedio/la je Tweet
    17. sij

    If you have AppLocker deployed, be aware that most times when Windows 10 is updated/upgraded, it creates a TASKS_MIGRATED folder under C:\windows\system32 that has the CREATOR OWNER, meaning that users can create and execute files from the folder and bypassing AppLocker 😱

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    17. sij

    After 's nice demo I totally reworked SharpLocker: - 11KB PowerShell payload - contains encoded NET assembly - tries to use correct LockScreen background and user picture - returns result to PS as String Comparison with real LockScreen:

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    16. sij

    New tool coming soon... Zipper, a CobaltStrike tool written in C which allows you to compress files and folders from local and UNC paths. Useful for RedTeams when large files/folders need to be exfiltrated.

    Poništi
  11. proslijedio/la je Tweet
    16. sij

    -2020-2551 Weblogic RCE via iiop protocol, funny bug:D

    Poništi
  12. 15. sij

    and then buy a beer with the money you saved.

    Prikaži ovu nit
    Poništi
  13. 15. sij

    If a website lets you apply discount codes but limits you to one, try Burp Turbo Intruder last-byte synchronization to race condition the backend logic and apply multiple discount codes.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    13. sij

    This is clever: find an unlocked Windows computer, pop in a USB and it shows a fake login/lock screen ("hmm, did I lock my PC when I went for a coffee?") User enters credentials into *your* app & you just stole the username/password. 🤯

    Poništi
  15. 13. sij

    What have I become? I've written a blog post aimed at management level employees that explains how webapp penetration tests work. Hopefully someone find this useful 😃

    Poništi
  16. proslijedio/la je Tweet

    I’m calling CVE-2019-19781 Shitrix, as media won’t reuse a swear word, but I can remember it.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    11. sij

    Interested in the Citrix Netscaler exploit for CVE-2019-19781? just uploaded it to Github

    Poništi
  18. proslijedio/la je Tweet
    7. sij

    It's 2020 and you have NetBIOS, LLMNR, SMB sign off but WPAD is still on. EWW! mitm6 -i eth0 -d <domain> -t ldaps://<DomainController> -wh attacker-wpad --delegate-access export KRB5CCNAME=<TGS_ccache_file> –k –no-pass <VictimPC>

    Poništi
  19. proslijedio/la je Tweet
    7. sij

    nobody would ever expose, without authentication, smb.conf on a perimeter security device. Citrix: hold my appliance while I show you something...

    Poništi
  20. proslijedio/la je Tweet
    13. kol 2019.

    tfw you open zoom's linux client

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·