Jack Halon

@jack_halon

Security Consultant, Researcher and Red Team Operator at | Powered by ☕🍻🍩

Vrijeme pridruživanja: listopad 2016.

Tweetovi

Blokirali ste korisnika/cu @jack_halon

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jack_halon

  1. proslijedio/la je Tweet
    prije 24 sata

    Custom Signed Kernel Driver's Pretty cool 😃 Without the need to enable TestSigning. Sample Project:

    Poništi
  2. proslijedio/la je Tweet
    4. velj

    Last year, researched and published a command-and-control module for SMB DOUBLEPULSAR. Since then, we've researched and reverse-engineered the RDP version of the implant. Today we're publishing that research and a module for it. Details:

    Poništi
  3. 4. velj

    My colleague just released a simple Yocto tutorial for Raspberry Pi's! It's a cool tutorial that shows you how to create custom-tailored embedded Linux "distributions" for your specific needs. Awesome for creating custom dropboxes!

    Poništi
  4. proslijedio/la je Tweet
    3. velj

    Really glad to finally get a blogpost out about this. Hopefully this is useful and gives Red Teamers ideas on how to use the BYOI concept in their own payloads. If anyone is interested in a few more follow up posts about this will gladly oblige :)

    Poništi
  5. 1. velj

    As an ex Security Engineer, these are so true it hurts. Take note everyone! Some really good points here.

    Poništi
  6. proslijedio/la je Tweet
    31. sij

    Wrote a post on how to use GadgetToJScript with Covenant & Donut Thanks to for the answering my queries and helping me while exploring tool 🙏

    Poništi
  7. proslijedio/la je Tweet
    31. sij

    Want to see how the red team weaponizes threat intel for R&D and TTP development? Check out some research I did with and . Also includes some new executables that can be used for DLL abuse.

    Poništi
  8. 29. sij

    Alright Twitter! You have spoken and I have listened! Seems people are more interested in a Video Series, so that's what I'll do! To get a better idea of what you'll want to me to focus on in the videos, I'll do a live AMA/Q&A Twitch Stream in a few weeks! So stay tuned 😎👍

    Poništi
  9. proslijedio/la je Tweet
    28. sij

    Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: PS: "Did you ever play tic-tac-toe?"

    Poništi
  10. proslijedio/la je Tweet
    28. sij

    [Educational] One of the best blog posts that I ever read about going from 0 to unauth RCE in f**king Mikrotik OS step by step:

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    28. sij

    New blog (and tool): Attacking Azure, Azure AD, and Introducing PowerZure

    Prikaži ovu nit
    Poništi
  12. 27. sij

    A question to my readers and followers! Would you be interested in me starting a weekly stream/video series? Specifically focused around answering your questions, learning basic Red Teaming + Windows AD, coding, short tutorials, etc?

    Poništi
  13. proslijedio/la je Tweet
    27. sij

    If 's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:

    Poništi
  14. proslijedio/la je Tweet
    26. sij

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    3. pro 2019.

    🔥👾 (finally) a macOS implant that support direct in-memory execution of remote payloads! New blog post: "Lazarus Group Goes 'Fileless' H/T

    Poništi
  16. proslijedio/la je Tweet
    25. sij
    Poništi
  17. proslijedio/la je Tweet
    23. sij

    New article! Anti-virus Exploitation: Malwarebytes 4.0.4 - Protection Not Found - Hijacking Malwarebytes via COM IPC

    Poništi
  18. proslijedio/la je Tweet
    24. sij

    As promised! New blog post for the challenge is out now! Took me a while, but it's done 😴😁 Enjoy everyone!

    Poništi
  19. proslijedio/la je Tweet
    24. sij

    Post-exploitation tip: Do you know how to trivially & remotely hijack an session without prompt nor warning on user's side using signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details:

    Poništi
  20. 24. sij

    As promised! New blog post for the challenge is out now! Took me a while, but it's done 😴😁 Enjoy everyone!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·