Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @matterpreter
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @matterpreter
-
Prikvačeni tweet
I've been poking around the Windows kernel a lot lately and one of my favorite samples I've referenced is Mimikatz's driver, Mimidrv. I took some time and documented all of its functions and included some write-ups on important kernel structures. Post: https://posts.specterops.io/mimidrv-in-depth-4d273d19e148 … 1/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
https://sandboxescaper.blogspot.com/2020/01/chasing-polar-bears-part-2.html … Fuck it, I can't focus at all today. It's a mess, sorry.. I've also uploaded the discussed bug to github. Maybe someone can make sense of it. It's a junction bug that's a little more complicated then a simple "bait and switch". Hope it's useful to someone.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Revisiting RDP lateral movement https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3 … and releasing a project that will be part of a bigger tool coming next week
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Just released Satellite, a payload hosting and proxy software for red team operations. In the blog post, I discuss the feature set of Satellite as well as why an operator would choose it over Apache or Nginx.https://posts.specterops.io/satellite-a-payload-and-proxy-service-for-red-team-operations-aa4500d3d970 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hey Defender friends. Turns out that removing those services with Unicode/non-printable characters is pretty hard, so I wrote you a tool to help with that. I'll be releasing the offensive PoC later this week or early next week. https://github.com/matterpreter/OffensiveCSharp/commit/089c1db4909ab365b45fb69e45abb1adcac2861e#diff-e8991566df61818c826e7964e3078579 …pic.twitter.com/SCEV9WtpnF
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thankfully, you can remove them by deleting the keys with regedit, which is able to render Unicode characters.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Want to make service removal really fun? Create a service with a unicode name. The service will run but won't show in sc.exe, services.msc, or taskmgr.exe and will sometimes cause a critical error while trying to find it with PowerShell/WMI. Unicode wins again.
pic.twitter.com/qiAoSya623
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I want to sincerely thank
@gentilkiwi for releasing Mimidrv. It is an invaluable resource for understanding how we can leverage kernel functions for offense
3/3Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
My intent with the post is to put out documentation for Mimidrv, but also show some of the specifics of why operating in the kernel is so powerful and demonstrate the practical application through existing tooling. 2/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
[Blog] Local Privilege Escalation in EA's Origin Clienthttps://enigma0x3.net/2019/12/10/cve-2019-19248-local-privilege-escalation-in-eas-origin-client/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Cobalt Strike 4.0 – Bring Your Own Weaponization http://blog.cobaltstrike.com/2019/12/05/cobalt-strike-4-0-bring-your-own-weaponization/ …pic.twitter.com/JSD1znj9la
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Today I was able to release the first post of a series of blog posts about attacking FreeIPA, an open source alternative to Windows Active Directory inside of unix environments. This post covers authentication, and situational awareness.https://posts.specterops.io/attacking-freeipa-part-i-authentication-77e73d837d6a …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
We are hosting a training event in Alexandria, VA. on January 27th - 30th. Both the Red Team Operations and Detection courses will be offered. Sign up here: Red Team Operations: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-january-2020-tickets-75971674323 … Detection:https://www.eventbrite.com/e/adversary-tactics-detection-training-course-dc-january-2020-tickets-75971658275 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Collection of (undocumented) Microsoft Windows kernel structures for various Windows versionshttps://www.vergiliusproject.com/
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Want to make your life reversing obfuscated .NET so much easier? Most obfuscated .NET malware I've seen loads a mostly deobfuscated version of itself w/ Assembly.Load(byte[]). Running the sample w/ .NET 4.8 permits in-mem assembly recovery with AMSI ETW.https://posts.specterops.io/antimalware-scan-interface-detection-optics-analysis-methodology-858c37c38383 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Assessing the Effectiveness of a New Security Data Source: Windows Defender Exploit Guard https://medium.com/palantir/assessing-the-effectiveness-of-a-new-security-data-source-windows-defender-exploit-guard-860b69db2ad2 …
@duff22b and@cryps1s were wizards at assessing and deploying this in the@PalantirTech env! Event fields thoroughly documented here:https://github.com/palantir/exploitguard …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Antimalware Scan Interface Detection Optics Analysis Methodology: Identification and Analysis of AMSI for WMIhttps://posts.specterops.io/antimalware-scan-interface-detection-optics-analysis-methodology-858c37c38383 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
Posted some VBA code for loading a DotNet assembly directly using mscorlib + Assembly.Load by manually accessing the VTable of the IUnknown. Hopefully it saves someone else some time, but it's not the cleanest approach I was hoping for.https://gist.github.com/monoxgas/1b36031c5593ebfed3229f4424f77090 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Matt Hand proslijedio/la je Tweet
There are an infinite number of ways to subvert Sysmon if you have admin privilege on the server. This is a cat and mouse game that's not winnable.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Releasing a new tool to aide in Sysmon evasion, Shhmon (https://github.com/matterpreter/Shhmon …) with an associated blog post including defensive recommendationshttps://posts.specterops.io/shhmon-silencing-sysmon-via-driver-unload-682b5be57650 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.