decidedlygray

@decidedlygray

between the blackhat and whitehat there is the gray. hacker, flow state addict, IoT/things pentester | views=my own. изучаю

Minneapolis, MN
Vrijeme pridruživanja: kolovoz 2015.

Tweetovi

Blokirali ste korisnika/cu @decidedlygray

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @decidedlygray

  1. proslijedio/la je Tweet
    28. sij

    PInjectra’s Stack Bombing Process Injection example was only the beginning. I wrote a practical implementation of it that performs process migration using shared Memory, self-loading/linking DLLs, and an RWX ROP chain. Also included: a detection for it

    Poništi
  2. proslijedio/la je Tweet

    Coming up at 2pm, , , and will be targeting a remote code execution with continuation against the Triangle Microworks SCADA Data Gateway in the DNP3 category. This could be the most exciting demo of the contest.

    Poništi
  3. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    Poništi
  4. proslijedio/la je Tweet
    22. sij

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    22. sij

    Despite its incredible security enhancements, PowerShell continues to be abused by adversaries. A strong knowledge of PowerShell enables defenders to effectively manage and respond to its abuse. (1/4)

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    14. sij

    I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell PoC exploit code:

    Poništi
  7. proslijedio/la je Tweet
    14. sij

    Support added to crack Citrix NetScaler (SHA512) hashes with hashcat 6.0.0:

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    14. sij

    Ok AES-256 encrypted LDAP passwords in ns.conf in ADC/NetScaler have been broken. You need to change those too.

    Poništi
  9. proslijedio/la je Tweet
    14. sij

    Voting is now open for the top 10 new web hacking techniques of 2019:

    Poništi
  10. proslijedio/la je Tweet
    9. sij

    Responder 3.0.0.0 is out! Massive upgrade, support for both py3 and py2, many bug fix, enhancements and Q.A++ on all servers, poisoners and tools. Enjoy! ;)

    Poništi
  11. proslijedio/la je Tweet
    13. sij

    In this post, dissects Mimikat'z kernel mode driver, Mimidrv, and walks through some of the capabilities available to us in ring 0. Check it out:

    Poništi
  12. proslijedio/la je Tweet
    13. sij

    This is clever: find an unlocked Windows computer, pop in a USB and it shows a fake login/lock screen ("hmm, did I lock my PC when I went for a coffee?") User enters credentials into *your* app & you just stole the username/password. 🤯

    Poništi
  13. proslijedio/la je Tweet
    12. sij

    Citrix Netscaler AMIs on default vulnerable out of the box. The root password is set to the instance ID; that can be read from the metadata URL. CVE-2019-19781 from nobody to ssh as root in seconds.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    10. sij

    Just published a new blogpost with more details about the Citrix ADC Remote Command Execution.

    Poništi
  15. proslijedio/la je Tweet
    10. sij

    Recently I was on a pentest and needed to manage Active Directory groups from Linux to achieve privilege escalation. If you find yourself in a similar scenario, this is what you can do:

    Poništi
  16. proslijedio/la je Tweet
    10. sij

    Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges (binaries + writeups by hacking topics)

    Poništi
  17. proslijedio/la je Tweet
    9. lis 2019.

    One liner to import whole list of subdomains into Burp suite for automated scanning! cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s

    Poništi
  18. proslijedio/la je Tweet
    10. sij
    Poništi
  19. proslijedio/la je Tweet
    10. sij

    Shadow-Box v2: The Practical and Omnipotent Sandbox for ARM via

    Poništi
  20. proslijedio/la je Tweet
    9. sij

    Released a new version of with multiple improvements:70+ unique checks, improved scan performance, new fuzzy logic to bypass weak WAF rules. cc .

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·