Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
Blokirali ste korisnika/cu @djhohnstein
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @djhohnstein
-
Prikvačeni tweet
My first blog on abusing the Service Control Manager and DLL hijacks for lateral movement. I cover methodology, detections and proof of concept code. Thanks to
@mattifestation/@Cyb3rWard0g for all their detection contributions!https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Have you ever seen a detection that you felt was too brittle or narrowly focused? In this post, I explore an idea I call "Capability Abstraction" where I seek to demonstrate where that feeling comes from for me.https://medium.com/@jaredcatkinson/capability-abstraction-fbeaeeb26384 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Linux Kernel Module Rootkit — Syscall Table Hijackinghttps://medium.com/bugbountywriteup/linux-kernel-module-rootkit-syscall-table-hijacking-8f1bc0bd099c?source=rss----7b722bfd1b8d---4 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore, https://github.com/hfiref0x/KDU pic.twitter.com/s154qYlIKR
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Super stoked to have the opportunity to present here again! This is live streamed, I will be releasing the slides afterwards, and there will be a tool update to accommodate the new capabilities. I can’t wait! https://twitter.com/objective_see/status/1222580473471234048 …pic.twitter.com/VndRFS3Dhn
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Using SharpRDP for lateral movement but blocked with a medium integrity process (UAC)
?
Well ... not a problem anymore !
Just updated SharpRDP with the option 'privileged' allowing you to run a process with High integrity (if your user is local admin) !
1/3 

https://twitter.com/0xthirteen/status/1220041004167892992 …pic.twitter.com/Ll3ZhxKaza
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Day 2 of
@SpecterOps Red Team training. It was great to finally meet@harmj0y this morning.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Move Faster, Stay Longer https://posts.specterops.io/move-faster-stay-longer-6b4efab9c644 … blog about extending CS and tools to go with it.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
This is a cool trick. https://twitter.com/0gtweet/status/1220275790757158914 … This works because a custom service trigger is defined. https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_trigger … Action: 1 (SC_ACTION_RESTART) Guid: Microsoft-Windows-Feedback-Service-TriggerProvider ETW Provider Type: 0x14 (SERVICE_TRIGGER_TYPE_CUSTOM)pic.twitter.com/MeIqz81Poy
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Revisiting RDP lateral movement https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3 … and releasing a project that will be part of a bigger tool coming next week
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Lots of inspiration from studying the projects released by
@0xdabbad00@arkadiyt@alexchantavy and@awscloud to determine what exposures can exist in#AWS.#infosec#cloudsecurity https://know.bishopfox.com/events/rob-ragan-and-oscar-salazar-at-acod-2020 …pic.twitter.com/9dEUy3zrOZ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
I've been poking around the Windows kernel a lot lately and one of my favorite samples I've referenced is Mimikatz's driver, Mimidrv. I took some time and documented all of its functions and included some write-ups on important kernel structures. Post: https://posts.specterops.io/mimidrv-in-depth-4d273d19e148 … 1/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Remember that you can use a ~/.gitignore_global file to include all your dev tools-related git exclusions, instead of annoyingly doing it per project.pic.twitter.com/XjOqHz7WQb
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
4 days into new decade and I might've discovered the best feature for me already.pic.twitter.com/zsswZp6qBL
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Analysis of the JS loader of
#Terraloader https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Additional%20Analysis/Terraloader/02-01-20/Analysis.md … thanks to@VK_Intel@Ledtech3@fumik0_Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Ever wanted to inject a shared library into an already-running linux process, without using ptrace? Well, now you can... https://github.com/DavidBuchanan314/dlinject …https://asciinema.org/a/290906
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
Today I found a new, open source tool from Microsoft: etl2pcapng. "Utility that converts an .etl file containing a Windows network packet capture into .pcapng format." Forked it and added code to add a comment to each packet containing the process id (PID) https://github.com/DidierStevens/etl2pcapng …pic.twitter.com/M4YjexVF82
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
My new research & PoC code for bypassing EDR & memory scanners which should be a valuable read for anyone who has designed/analyzed Windows malware. I aim to shed light on the technique of DLL hollowing & introduce original tricks in the processhttps://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
New tool: rubeus2ccache Generates ccache files directly from Rubeus dump output. Major thanks to
@_dirkjan for basically writing anything hard. https://github.com/curi0usJack/rubeus2ccache … Merry Christmas Red Team!
pic.twitter.com/e8MWCDurq2
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
One of my my favorite posts on disclosure is http://addxorrol.blogspot.com/2019/08/rashomon-of-disclosure.html …. Thank you
@halvarflake for taking the time to write down your thoughts and viewpoints. One of my favorite excerpts:pic.twitter.com/U7QxE4dy1W
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dwight Hohnstein proslijedio/la je Tweet
[New Post] Persistence - Application Shimming https://pentestlab.blog/2019/12/16/persistence-application-shimming/ …
#persistence#redteamHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.