Will

@harmj0y

Technical architect . Code: Empire | BloodHound | GhostPack | PowerSploit | Veil-Framework. One time I broke forest trusts with

Seattle, WA
blog.harmj0y.net
Vrijeme pridruživanja: kolovoz 2012.
118 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @harmj0y

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @harmj0y

  1. Prikvačeni tweet
    28. stu 2018.

    Active Directory forests are no longer a security boundary thanks to 's printer bug. Check out for weaponization and mitigation details and 's post for detection guidance

    21 reply 888 proslijeđenih tweetova 1.339 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    1. velj

    Load encrypted PE from XML Attribute. MSBuild is still the best.😅 MSBuild sets Property then calls Execute. Use this example to decouple payloads & prove that all security products have a "Single File Bias". Decouple payloads to subvert detection.

    5 replies 149 proslijeđenih tweetova 309 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    31. sij

    The code to execute in JS via "System.Runtime.InteropServices.RegistrationServices" here: You need to expose a static method public static void UnRegisterClass(string key) And of course you need an assembly object :) Cheers

    1 reply 43 proslijeđena tweeta 90 korisnika označava da im se sviđa
    Poništi
  4. 31. sij

    Lots of other changes, fixes, and additions as well. Thank you to everyone who contributed, and I hope everyone else finds the new changes useful! Again, a full changelog is available at (4/4)

    7 proslijeđenih tweetova 17 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. 31. sij

    "kerberoast" has also had some love- disabled accounts now excluded by default, new "/pwdsetafter", "/pwdsetbefore", and "/resultlimit" arguments for better targeting (from ), "/simple" flag for easy hash output, and "/stats" to list roastable user stats (3/4)

    1 reply 4 proslijeđena tweeta 11 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. 31. sij

    There's a new kerberos password brute-forcing module ("brute") from , the triage/klist/dump actions now have standardized "/user","/LUID","/service", and "/server" targeting, and implemented something I've wanted for a while: cross-domain S4U functionality (2/4)

    1 reply 5 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. 31. sij

    Pushed a new Rubeus release after getting some additional feedback from our most recent AT:RTO students. The full changes are detailed here . To highlight a few new features- "/nowrap" globally prevents base64 blobs from line-wrapping, (1/4)

    85 proslijeđenih tweetova 172 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    30. sij

    On this same note, disable Chrome sync in your organizations. I can't tell you how many times I've seen domain/server admin creds saved to Chrome with sync enabled. I can guarantee your admins' home computers and personal devices aren't secured as well as your corporate devices.

    I made the fatal mistake of syncing my Chrome stuff because a manual transfer of my Chrome profile wasn't working. Now if I try to disable Chrome sync, it wipes everything that was just synced on every machine. Does everyone just accept Chrome sync or what is the alternative?
    15 proslijeđenih tweetova 50 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    30. sij

    For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes.

    134 proslijeđena tweeta 354 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    29. sij

    Super stoked to have the opportunity to present here again! This is live streamed, I will be releasing the slides afterwards, and there will be a tool update to accommodate the new capabilities. I can’t wait!

    6 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    29. sij

    Great, now skidz and APT alike are going to be able to freeload off of more OffSec tooling to create amazing documentation and report-outs.

    We have just pushed some *big* updates to Ghostwriter's master branch that I think you'll like. We've got WYSIWIG editors, autocomplete, new reports, and more! Check it out:
    15 proslijeđenih tweetova 69 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    29. sij

    We have just pushed some *big* updates to Ghostwriter's master branch that I think you'll like. We've got WYSIWIG editors, autocomplete, new reports, and more! Check it out:

    51 proslijeđeni tweet 127 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    27. sij

    Move Faster, Stay Longer blog about extending CS and tools to go with it.

    7 replies 159 proslijeđenih tweetova 254 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    23. sij

    For those not familiar with the reflection API in .NET, one of the things it allows you to do is interact with public/non-public methods in a .NET assembly. There's very little preventing a threat actor from having another threat actor's malicious assembly do their work for them.

    6 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    22. sij

    The .NET framework includes rich offensive capabilities that adversaries aren’t yet using, but we’ve been thinking about detection anyway.

    1 reply 30 proslijeđenih tweetova 73 korisnika označavaju da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    25 replies 485 proslijeđenih tweetova 884 korisnika označavaju da im se sviđa
    Poništi
  17. 22. sij

    This was a lot of work, driven by and helped immensely by . I'm happy I was a part of this <3

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)
    Prikaži ovu nit
    4 proslijeđena tweeta 49 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    22. sij

    Despite its incredible security enhancements, PowerShell continues to be abused by adversaries. A strong knowledge of PowerShell enables defenders to effectively manage and respond to its abuse. (1/4)

    9 replies 181 proslijeđeni tweet 489 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    22. sij

    I just published a ~45 page whitepaper on attacking and defending terraform infrastructure as code in GitHub. Includes attack scenarios, hardening, detections, etc. Deep thanks to and for their inspiration and research. ❤️ 1/3

    5 replies 164 proslijeđena tweeta 458 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    21. sij

    Hey Defender friends. Turns out that removing those services with Unicode/non-printable characters is pretty hard, so I wrote you a tool to help with that. I'll be releasing the offensive PoC later this week or early next week.

    1 reply 102 proslijeđena tweeta 186 korisnika označava da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    19. sij

    command-line MSBuild.exe detection's got your down? How about MSBuild without MSBuild.exe?

    7 replies 254 proslijeđena tweeta 526 korisnika označava da im se sviđa
    Poništi

@harmj0y još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·