Clément Notin

@cnotin

Pentester & cyber-stuff auditor 😈 Low volume / high signal 👌 & 👨‍🎓 I code 🤓 I play with 🎉 alum

France   
Vrijeme pridruživanja: veljača 2011.

Tweetovi

Blokirali ste korisnika/cu @cnotin

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @cnotin

  1. Prikvačeni tweet
    31. srp 2019.

    🤔 Windows credential theft without Mimikatz, admin nor touching LSASS? 💡 Discover by to abuse CredSSP / TSPKG (RDP SSO)! ➡️ Read the article to learn how to exploit it & how to discover such dangerous configuration in your environment

    Poništi
  2. 30. sij

    3. Server sends an "Hello Request" to trigger a re-negotiation 🤝 4. New TLS handshake and now the "Server Hello" is accompanied by a "Certificate Request" 😉

    Prikaži ovu nit
    Poništi
  3. 30. sij

    TIL that a website can require HTTPS client certificate authentication on specific directories. What happens on the TLS level in that case? 🤔 ⬇️ Follow the flow ⬇️ 1. classic 1st TLS handshake: no "Certificate Request" from server 2. HTTP request to protected directory 🔒 ...

    Prikaži ovu nit
    Poništi
  4. 21. sij

    If you want to learn more about CVE-2020-0601 /

    Poništi
  5. proslijedio/la je Tweet
    14. sij
    Odgovor korisniku/ci

    NSA pdf says how to detect spoofed signatures: "Certificates containing explicitly-defined elliptic curve parameters which only partially match a standard curve are suspicious" Defender can simply check authenticode signed files to identify such anomalies

    Poništi
  6. 17. pro 2019.

    "Security pitfalls in authenticating users and protecting secrets with biometry on mobile devices (Apple & Android)" 📄 New blog on how to securely use biometry in mobile apps 👍 ➡️ I share examples, incorrect usages of some methods and recommendations 😉

    Prikaži ovu nit
    Poništi
  7. 17. pro 2019.

    "When Windows Hello fails at securely authenticating users and protecting credentials" 📄 New blog on bypassing for biometric auth used by some desktop apps 👍 ➡️ I share examples, incorrect usages of risky methods and recommendations 😉

    Prikaži ovu nit
    Poništi
  8. 11. pro 2019.

    Or... It looks like msv1_0 is an hybrid SSP/AP. Does mimikatz dump the AP part and shows it under "msv" then the SSP part under "SSP"? 🤔

    Prikaži ovu nit
    Poništi
  9. 5. pro 2019.

    😉 Other derived hostnames: Gateway: <name>.azure-api.net Dev portal: <name>.portal.azure-api.net New dev portal: <name>.developer.azure-api.net Management: <name>.management.azure-api.net Git: <name>.scm.azure-api.net (some might require auth though) ➡️

    Prikaži ovu nit
    Poništi
  10. 5. pro 2019.

    Let's say that during a pentest you discover requests to <name>.azure-api.net 🤔 🎉 Congratulations it means that you found an API hosted by Azure API Management! The root doesn't reveal anything but you can go to <name>.portal.azure-api.net to see its documentation (& more!) 🕵️

    Prikaži ovu nit
    Poništi
  11. 21. stu 2019.

    The email is very well crafted too. I don't see any obvious hint... Moreover, people are used to download and run exe files to join such conferencing systems... Go try to train normal people to detect that! 😖

    Prikaži ovu nit
    Poništi
  12. 21. stu 2019.

    Wow someone actually used an vulnerability in a campaign with fake invites 😲 I always thought that it interested only pentesters and lazy bug bounty hunters 😁

    Prikaži ovu nit
    Poništi
  13. 19. stu 2019.

    💡 TIL that Windows Defender has a signature for classic Windows local privilege escalation techniques using sethc, utilman, etc.! 😉 But of course found a few bypasses using variations:

    Poništi
  14. 18. stu 2019.

    Tip to easily display the outputs (normal/error) of JavaScript Promises that are often used in modern apps/APIs 😉 ➡️ promise.then(console.log,console.error) Play with it:

    Poništi
  15. 15. stu 2019.

    And they offer bounties to people helping in discovering and fixing vulnerabilities 🛠 ➡️ GitHub is also now a CVE CNA so they will help triage and deliver CVE numbers to discovered vulnerabilities.

    Prikaži ovu nit
    Poništi
  16. 15. stu 2019.

    It's also a coalition of other companies who invest together in this common effort 🙌

    Prikaži ovu nit
    Poništi
  17. 15. stu 2019.

    I'm very excited by from 👏 Helping find vulnerabilities in opensource components at scale using technologies such as CodeQL from (recently acquired 😉) ➡️

    Prikaži ovu nit
    Poništi
  18. 30. lis 2019.

    🛠️ Have I told you how much I LOVE CyberChef by ? It's very useful to process data and chain operations. Now I use less often grep, sort, cut, sed.. ➡️ Use it live on or download zip 👨‍🍳 See screenshot of a recipe I just used!

    Poništi
  19. 24. lis 2019.

    Tired of manually gathering and testing SSH passwords and keys? 🤔 ➡️ Try BabooSSH and automate this! It even supports pivoting via consecutive tunnels by automatically finding the shortest path in the graph 🤓 ( anyone?)

    Poništi
  20. 27. ruj 2019.

    Python 3 "concurrent.futures" is really powerful to quickly execute tasks in threads 💡 ➡️ See ThreadPoolExecutor: ➡️ And this example: No need to create a tasks queue, the threads, a results queue, etc. 😉

    Poništi
  21. 24. ruj 2019.

    Existing APIs called cross-origin, and using cookie-based sessions (instead of eg tokens sent via headers), will fail so get ready! 😉 Also, older browsers are still unprotected by default so usual protections still apply!

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·