Dwight Hohnstein

@djhohnstein

Operator at SpecterOps. Opinion is my own.

Vrijeme pridruživanja: siječanj 2018.

Tweetovi

Blokirali ste korisnika/cu @djhohnstein

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @djhohnstein

  1. Prikvačeni tweet
    18. tra 2019.

    My first blog on abusing the Service Control Manager and DLL hijacks for lateral movement. I cover methodology, detections and proof of concept code. Thanks to / for all their detection contributions!

    Poništi
  2. proslijedio/la je Tweet

    Have you ever seen a detection that you felt was too brittle or narrowly focused? In this post, I explore an idea I call "Capability Abstraction" where I seek to demonstrate where that feeling comes from for me.

    Poništi
  3. proslijedio/la je Tweet
    5. velj
    Poništi
  4. proslijedio/la je Tweet
    2. velj

    KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore,

    Poništi
  5. proslijedio/la je Tweet
    29. sij

    Super stoked to have the opportunity to present here again! This is live streamed, I will be releasing the slides afterwards, and there will be a tool update to accommodate the new capabilities. I can’t wait!

    Poništi
  6. proslijedio/la je Tweet
    27. sij

    Using SharpRDP for lateral movement but blocked with a medium integrity process (UAC) 🛂 ? Well ... not a problem anymore ! 😁 Just updated SharpRDP with the option 'privileged' allowing you to run a process with High integrity (if your user is local admin) ! 🔥 1/3 ⬇️⬇️⬇️

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    28. sij

    Day 2 of Red Team training. It was great to finally meet this morning.

    Poništi
  8. proslijedio/la je Tweet
    27. sij

    Move Faster, Stay Longer blog about extending CS and tools to go with it.

    Poništi
  9. proslijedio/la je Tweet
    23. sij

    This is a cool trick. This works because a custom service trigger is defined. Action: 1 (SC_ACTION_RESTART) Guid: Microsoft-Windows-Feedback-Service-TriggerProvider ETW Provider Type: 0x14 (SERVICE_TRIGGER_TYPE_CUSTOM)

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    Poništi
  11. proslijedio/la je Tweet
    20. sij
    Poništi
  12. proslijedio/la je Tweet
    13. sij

    I've been poking around the Windows kernel a lot lately and one of my favorite samples I've referenced is Mimikatz's driver, Mimidrv. I took some time and documented all of its functions and included some write-ups on important kernel structures. Post: 1/3

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    2. sij

    Remember that you can use a ~/.gitignore_global file to include all your dev tools-related git exclusions, instead of annoyingly doing it per project.

    Poništi
  14. proslijedio/la je Tweet
    4. sij

    4 days into new decade and I might've discovered the best feature for me already.

    Poništi
  15. proslijedio/la je Tweet
    3. sij
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet

    Ever wanted to inject a shared library into an already-running linux process, without using ptrace? Well, now you can...

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    28. pro 2019.

    Today I found a new, open source tool from Microsoft: etl2pcapng. "Utility that converts an .etl file containing a Windows network packet capture into .pcapng format." Forked it and added code to add a comment to each packet containing the process id (PID)

    Poništi
  18. proslijedio/la je Tweet
    8. lis 2019.

    My new research & PoC code for bypassing EDR & memory scanners which should be a valuable read for anyone who has designed/analyzed Windows malware. I aim to shed light on the technique of DLL hollowing & introduce original tricks in the process

    Poništi
  19. proslijedio/la je Tweet
    17. pro 2019.

    New tool: rubeus2ccache Generates ccache files directly from Rubeus dump output. Major thanks to for basically writing anything hard. Merry Christmas Red Team! 🎄

    Poništi
  20. proslijedio/la je Tweet
    16. pro 2019.

    One of my my favorite posts on disclosure is . Thank you for taking the time to write down your thoughts and viewpoints. One of my favorite excerpts:

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    16. pro 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·