Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @cnotin
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @cnotin
-
Prikvačeni tweet
Windows credential theft without Mimikatz, admin nor touching LSASS?
Discover #Kekeo by@gentilkiwi to abuse CredSSP / TSPKG (RDP SSO)!
Read the article to learn how to exploit it & how to discover such dangerous configuration in your environment
https://clement.notin.org/blog/2019/07/03/credential-theft-without-admin-or-touching-lsass-with-kekeo-by-abusing-credssp-tspkg-rdp-sso/ …pic.twitter.com/s3u5Saa4kS
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
3. Server sends an "Hello Request" to trigger a re-negotiation
4. New TLS handshake and now the "Server Hello" is accompanied by a "Certificate Request"
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
TIL that a website can require HTTPS client certificate authentication on specific directories. What happens on the TLS level in that case?
Follow the flow
1. classic 1st TLS handshake: no "Certificate Request" from server
2. HTTP request to protected directory
...Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you want to learn more about CVE-2020-0601 /
#CurveBallhttps://twitter.com/SecuInsider/status/1219672101432545283 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Notin proslijedio/la je Tweet
NSA pdf says how to detect spoofed signatures: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF … "Certificates containing explicitly-defined elliptic curve parameters which only partially match a standard curve are suspicious" Defender can simply check authenticode signed files to identify such anomalies
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Security pitfalls in authenticating users and protecting secrets with biometry on mobile devices (Apple & Android)"
New blog on how to securely use biometry in mobile apps
I share examples, incorrect usages of some methods and recommendations
https://clement.notin.org/blog/2019/12/17/security-pitfalls-in-authenticating-users-and-protecting-secrets-with-biometry-on-mobile-devices-apple-android/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"When Windows Hello fails at securely authenticating users and protecting credentials"
New blog on bypassing #WindowsHello for biometric auth used by some desktop apps
I share examples, incorrect usages of risky methods and recommendations
https://clement.notin.org/blog/2019/12/17/When-Windows-Hello-fails-at-securely-authenticating-users-and-protecting-credentials/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Or... It looks like msv1_0 is an hybrid SSP/AP. Does mimikatz dump the AP part and shows it under "msv" then the SSP part under "SSP"?
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Other derived hostnames:
Gateway: <name>.azure-api.net
Dev portal: <name>.portal.azure-api.net
New dev portal: <name>.developer.azure-api.net
Management: <name>.management.azure-api.net
Git: <name>.scm.azure-api.net
(some might require auth though)
https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-internal-vnet#access-on-default-host-names …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Let's say that during a pentest you discover requests to <name>.azure-api.net
Congratulations it means that you found an API hosted by Azure API Management!
The root doesn't reveal anything but you can go to <name>.portal.azure-api.net to see its documentation (& more!)
pic.twitter.com/a8ZBIk4xsj
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The email is very well crafted too. I don't see any obvious hint... Moreover, people are used to download and run exe files to join such conferencing systems... Go try to train normal people to detect that!
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Wow someone actually used an
#OpenRedirect vulnerability in a#phishing campaign with fake#webex invites
I always thought that it interested only pentesters and lazy bug bounty hunters
https://twitter.com/alex_lanstein/status/1192092706396233728 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
TIL that Windows Defender has a signature for classic Windows local privilege escalation techniques using sethc, utilman, etc.!
But of course @Oddvarmoe found a few bypasses using variations: https://www.trustedsec.com/blog/playing-with-old-hacks/ …pic.twitter.com/6a2qPvDG3p
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tip to easily display the outputs (normal/error) of JavaScript Promises that are often used in modern apps/APIs
promise.then(console.log,console.error)
Play with it:
https://jsbin.com/vepekoneti/1/edit?js,console …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
And they offer bounties to people helping in discovering and fixing vulnerabilities
https://securitylab.github.com/bounties
GitHub is also now a CVE CNA so they will help triage and deliver CVE numbers to discovered vulnerabilities.https://twitter.com/campuscodi/status/1195122383398612992 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It's also a coalition of other companies who invest together in this common effort
pic.twitter.com/Q8aRJCKiYX
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'm very excited by
@GHSecurityLab from@github
Helping find vulnerabilities in opensource components at scale using technologies such as CodeQL from @Semmle (recently acquired
)
https://securitylab.github.com/ https://twitter.com/GHSecurityLab/status/1195033755179634688 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Have I told you how much I LOVE CyberChef by @GCHQ? It's very useful to process data and chain operations. Now I use less often grep, sort, cut, sed..
Use it live on https://gchq.github.io/CyberChef/ or download zip https://github.com/gchq/CyberChef/releases …
See screenshot of a recipe I just used!pic.twitter.com/aLrkBXvyk8
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tired of manually gathering and testing SSH passwords and keys?
Try BabooSSH and automate this!
https://github.com/cybiere/baboossh …
It even supports pivoting via consecutive tunnels by automatically finding the shortest path in the graph
(#OSCP anyone?)#pentest#tool https://twitter.com/Cybiere/status/1187428191557902336 …pic.twitter.com/BnRUxFfpTq
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Python 3 "concurrent.futures" is really powerful to quickly execute tasks in threads
See ThreadPoolExecutor:
https://docs.python.org/3/library/concurrent.futures.html#threadpoolexecutor …
And this example:
https://docs.python.org/3/library/concurrent.futures.html#threadpoolexecutor-example …
No need to create a tasks queue, the threads, a results queue, etc.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Existing APIs called cross-origin, and using cookie-based sessions (instead of eg tokens sent via headers), will fail so get ready!
Also, older browsers are still unprotected by default so usual protections still apply!Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Low volume / high signal
I code