Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @itm4n
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @itm4n
-
And somehow I ended up in the top 10...
https://twitter.com/1ns0mn1h4ck/status/1218822369327927296?s=19 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
For anyone interested in my presentation on Local RPC in .NET the HITB version is now up on YouTube.https://youtu.be/2GJf8Hrxm4k
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
To bring in the new year here's a new blog post about empirically testing Windows Service Hardening to see if it is really not a security boundary even on Windows 10. https://tyranidslair.blogspot.com/2020/01/empirically-assessing-windows-service.html … h/t
@cesarcerHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Finally took the time to implement Base Relocation in my VBA RunPE. https://github.com/itm4n/VBA-RunPE Damn! That was challenging!
Big thanks to @hasherezade for sharing great content on Process Hollowing!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
New blog post: "CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM" where I mostly talk about Tokens and Impersonation.
https://itm4n.github.io/cdpsvc-dll-hijacking/ …pic.twitter.com/pqi7k2thcS
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
Remember IKEEXT privesc on Windows 7 !? Similar technique found by
@zeifan and explained by@itm4n to#privesc from a LOCAL SERVICE to SYSTEM on Window 10 using the CDPSvc service !
WON'T FIX
https://nafiez.github.io/security/eop/2019/11/05/windows-service-host-process-eop.html …
https://itm4n.github.io/cdpsvc-dll-hijacking/ …
https://github.com/itm4n/CDPSvcDllHijacking …pic.twitter.com/dweF1TVPpaHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
#Juicypotato knocked to our door and wanted to get listen and ... we kindly answered! From Service Account to SYSTEM again cc@decoder_it 0xea31(@DonkeysTeam)https://decoder.cloud/2019/12/06/we-thought-they-were-potatoes-but-they-were-beans/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Here is a short blog post showing how a service running with the LocalServiceAndNoImpersonation flag may get all its privileges back.
https://itm4n.github.io/localservice-privileges/ …pic.twitter.com/18vRPXaqq3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
Remotely extract a memory dump of lsass using Pypykatz and Impacket in less than a second
Will be integrated to #CrackMapExec as a module when the switch to python3 will be done
Thx to @SkelSec and@HackAndDo !https://twitter.com/HackAndDo/status/1200460785476091904 …Pour le week-end, voici un nouvel article présentant une technique pour lire le contenu d'un dump de lsass **à distance**, évitant ainsi la détection des AV (#mimikatz) et le téléchargement de dumps volumineux (80-150Mo). Bon week-end !
https://beta.hackndo.com/remote-lass-dump-passwords/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
There is my writeup about my research on DsSvc. I finally got 4 CVEs on this service, all of them are easy to lead EoP. It is a really simple but long story lol
https://whereisk0shl.top/post/a-simple-story-of-dssvc …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
From arbitrary file overwrite to SYSTEM http://decoder.cloud/2019/11/13/from-arbitrary-file-overwrite-to-system/ …pic.twitter.com/IaizMNIuGp
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
Blog: CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service -https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
Released to go with my
#POC2019 talk, a project which contains a C# client for almost every ALPC RPC server on Windows 7 through Windows 10 1909. Could be useful for EoP research, fuzzing etc.https://github.com/tyranid/WindowsRpcClients …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
Hey
#infosec twitter, meet#BabooSSH, ssh spreading made easy for red teams in a hurry : https://github.com/cybiere/BabooSSH … Try it, use it, expand it, gimme feedback, and hack the planet !Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
We are proud to share a NTFS
#0day in MFT parsing! You too, plug a USB key and BSOD (probably not exploitable by plug&pwn)! Microsoft WONTFIX [EN] https://exatrack.com/public/vuln_NTFS_EN.pdf … [FR] https://exatrack.com/public/vuln_NTFS_FR.pdf …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
Windows Error Reporting privilege escalation (CVE-2019-1315) https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html … Fixed in October updates
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
New from
@slyd0g - Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe Justin walks through the technique and shows options to modify the approach. Several detection methods are included too. Check it out:https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
MiniDumpWriteDump via COM+ Services DLL (rundll32 C:\windows\system32\comsvcs.dll MiniDump "[lsass_pid] dump.bin full")https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
[Blog] Avira Optimizer Local Privilege Escalation:https://posts.specterops.io/avira-optimizer-local-privilege-escalation-af109b7df5b1 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Clément Labro proslijedio/la je Tweet
Remember not long ago when one of the first things you did after installing Windows was to install a 3rd party AV? Dec. 2014: Challenger Oct. 2015: Challenger Feb 2016: Challenger Jan. 2017: Challenger Jan. 2018: Visionary Aug. 2019: Leader
#AV#EPP#WDAV#MDATP#MSFT#Gartner https://twitter.com/MsftSecIntel/status/1165058663746138112 …pic.twitter.com/xc4l7312Q8
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.