bohops

@bohops

One of these days, I'll learn how to use a computer. Thoughts and tweets are my own (hopefully).

The Land of Pleasant Living
Vrijeme pridruživanja: kolovoz 2017.

Tweetovi

Blokirali ste korisnika/cu @bohops

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @bohops

  1. Prikvačeni tweet
    4. svi 2019.

    [Blog] At my talk last week, I disclosed a relatively interesting WDAC/Device Guard bypass technique that took advantage of a "Catalog Hygiene" issue within Windows. Here is a short blog post on the subject -

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    SettingSyncHost.exe as a LolBin cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo

    Poništi
  3. 1. velj

    I've reported a few bugs to this past year and have been impressed with their handling of each issue. Here is their write-up about a recent symlink priv esc bug in the Avast Secure Browser (ASB) Updater:

    Poništi
  4. proslijedio/la je Tweet
    31. sij
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    29. sij

    Couple of rough notes on .NET stuff. Avoiding defender + manually patching AMSI to retain Assembly.Load() functionality =)

    Poništi
  6. proslijedio/la je Tweet
    28. sij

    New blog (and tool): Attacking Azure, Azure AD, and Introducing PowerZure

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    27. sij

    Move Faster, Stay Longer blog about extending CS and tools to go with it.

    Poništi
  8. 25. sij

    I had the privilege of taking one of 's fantastic Red Team Management courses through SANS. I'm really looking forward to his new book, which I'm sure will be a very a valuable resource. Consider picking up a copy and giving Joe a follow

    Poništi
  9. proslijedio/la je Tweet
    24. sij

    Post-exploitation tip: Do you know how to trivially & remotely hijack an session without prompt nor warning on user's side using signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details:

    Poništi
  10. proslijedio/la je Tweet
    24. sij

    In the PowerShell course, blue and red teamers alike were pleased to discover that through abusing an undocumented WMI class (Root\Microsoft\Windows\Powershellv3:PS_ModuleFile), file contents can be retrieved remotely using only WMI.

    Poništi
  11. proslijedio/la je Tweet
    24. sij

    how to be a bad ctor ctor.dll, LaunchSetup <filename>

    Poništi
  12. proslijedio/la je Tweet
    23. sij

    I was just looking over the training courses offered by and saw that their "Adversary Tactics: PowerShell" course has been discontinued. But, I discovered that they have released it on their GitHub!

    Poništi
  13. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    Poništi
  14. proslijedio/la je Tweet
    22. sij

    Despite its incredible security enhancements, PowerShell continues to be abused by adversaries. A strong knowledge of PowerShell enables defenders to effectively manage and respond to its abuse. (1/4)

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    21. sij

    Senior Security Consultant describes the discovery of a privilege escalation in the Intel Trusted Connect Service Client and how to complete the in order to obtain local admin access

    Poništi
  16. proslijedio/la je Tweet
    19. sij

    command-line MSBuild.exe detection's got your down? How about MSBuild without MSBuild.exe?

    Poništi
  17. proslijedio/la je Tweet
    18. sij

    Check out the Progressive House session ‘CVE-0117-2020’ by GrooveMaster on ?

    Poništi
  18. 18. sij

    This is going to be a great RMA experience...

    Poništi
  19. proslijedio/la je Tweet
    18. sij

    ": a Stealthy Lateral Movement Strategy" is now available to read Read if interested to see a new practical lateral movement Demo (TDS (MS SQL) & FTP): Prototype will be released soon

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    17. sij

    If you have AppLocker deployed, be aware that most times when Windows 10 is updated/upgraded, it creates a TASKS_MIGRATED folder under C:\windows\system32 that has the CREATOR OWNER, meaning that users can create and execute files from the folder and bypassing AppLocker 😱

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    17. sij

    Hello and Twitter! We are looking for a CIRT analyst ! Help us keep our IP, data, and importantly our JOURNALISTS safe from digital threats. High tempo ops + learning & growth opportunities + great culture. Check it out!

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·