Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @leoloobeek
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @leoloobeek
-
Prikvačeni tweet
Just published a post (its been a while) on proxying COM objects during hijacking to avoid crashing the process. Also includes some insight into in-process COM servers and weaponization! Feedback welcome.
#redteamhttps://adapt-and-attack.com/2019/08/29/proxying-com-for-stable-hijacks/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Great thread, I echo the love for tracking pixels. I try to put them everywhere I can which doesn't impact OPSEC. You should never walk away from a phishing campaign without any new knowledge.https://twitter.com/malcomvetter/status/1222539003565694985 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
If
@tiraniddo's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:https://github.com/outflanknl/Scripts/blob/master/ShellcodeToJScript.js …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
New stealthy lateral movement technique looks incredible (existing socket hijacking). Definitely something to keep eyes on when released. The PDF paper is extremely impressive and worth the read.https://twitter.com/DissectMalware/status/1218358898865901569 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Exploring code coverage for module stomping - injecting into unused code areas in legitimately loaded DLLs - http://williamknowles.io/living-dangerously-with-module-stomping-leveraging-code-coverage-analysis-for-injecting-into-legitimately-loaded-dlls/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Deep Dive to Citrix ADC Remote Code Execution, CVE-2019-19781, new blog post By
@0x09AL https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/ …https://youtu.be/5U5Hk2CzIAkHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
New tool: rubeus2ccache Generates ccache files directly from Rubeus dump output. Major thanks to
@_dirkjan for basically writing anything hard. https://github.com/curi0usJack/rubeus2ccache … Merry Christmas Red Team!
pic.twitter.com/e8MWCDurq2
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Quick arbitrary disk read (LPE) exploit for the Nalpeiron licensing service. https://github.com/monoxgas/mailorder … Avoid NLSSRV32 and Nitro PDF =< v10.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This was such a great experience to not only share what I do everyday but hear some really thoughtful questions and comments. The next generation is on top of infosec and I'm excited to see what they bring!!https://twitter.com/NHKnights/status/1205601838541819905 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Well segmented networks have caused me the most headaches when I'm attacking networks. I can't stress how much harder it becomes for me as an attacker. If you haven't already, make it your New Years resolution to deploy the Windows firewall and make attackers lives much harderhttps://twitter.com/cryps1s/status/1205464824169275392 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
HKLM:\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusion\ScanningEngines\ can be monitored to identify unauthorized SEP policy exceptions. It can also be used by red teams to identify SEP policy exceptions that can be leveraged to avoid detection.
#NetSPIHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
A Tough Outlook for Home Page Attacks
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html …
Blog has #APT33
, #APT34
, and #UNC1194
home page persistence & RCE.
We talk CVE-2017-11774 patch tampering in-the-wild and made a hardening guide!
Cool TTPs (pictured) #GuardrailsOfTheGalaxypic.twitter.com/lxIDPNLovs
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
I wrote a blog post about some of my work in Electron, also covers work by
@IAmMandatory@infosec_au and more:https://know.bishopfox.com/research/reasonably-secure-electron …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
[Blog] A simple write-up for a recent discovery - CVE-2019-1378 - WUA Priv Eschttps://twitter.com/ember_sec/status/1195103549484494848 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Thanks to
@NCCGroupInfosec for releasing their write up on CVE-2019-1405 and CVE-2019-1322. I figured it is time for me to learn some COM stuff so I whip up a PoC. Source: https://github.com/apt69/COMahawk . Video: https://vimeo.com/373051209 Thanks to@leoloobeek and@TomahawkApt69Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Oooh this is cool research by
@danyaldrew, NTLM reflection is back by waiting for the NTLM challenge cache entry to timeout... awesome posthttps://shenaniganslabs.io/2019/11/12/Ghost-Potato.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Re-rentrant self-loading and code execution with the registration free COM. https://opsec.tech/post/hands_free_com_self_load/ …pic.twitter.com/ZCgclJHn6j
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
New blog post looking at how Cobalt Strike’s “blockdlls” command works, how to recreate it in our own payloads, and a quick look at Arbitrary Code Guard.https://blog.xpnsec.com/protecting-your-malware/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Neat Trickbot analysis, enjoyed the read. Pirated CS was used amongst other stuff. Server mentioned has default CS self-signed certificate (146473198) and has 50050 exposed. Lots of opportunity for discovery here.
#trickbothttps://www.sneakymonkey.net/2019/10/29/trickbot-analysis-part-ii/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
[blog] Covenant: Developing Custom C2 Communication Protocols Covenant v0.4 is now out as well

https://posts.specterops.io/covenant-developing-custom-c2-communication-protocols-895587e7f325 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leo Loobeek proslijedio/la je Tweet
Convert your Go EXE to shellcode: 1. Build this patched version of Go 2. go build -buildmode=pie to include .reloc section in your PE 3. donut -f target.exe https://go-review.googlesource.com/c/go/+/152759/ https://github.com/TheWover/donut props to
@TheRealWover and odzhan for the awesome toolHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.