Mohamed El Azaar

@med0x2e

Redteamer, used to be a Java|Angular Developer, Security & Manga/Anime enthusiast

Dubai, United Arab Emirates
github.com/med0x2e
Vrijeme pridruživanja: ožujak 2013.
10 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @med0x2e

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @med0x2e

  1. Prikvačeni tweet
    7. lis 2019.

    A signature based bypass for AMSI using GadgetToJScript; a tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS based scripts.

    5 replies 70 proslijeđenih tweetova 112 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    31. sij

    Want to see how the red team weaponizes threat intel for R&D and TTP development? Check out some research I did with and . Also includes some new executables that can be used for DLL abuse.

    127 proslijeđenih tweetova 240 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    31. sij

    Wrote a post on how to use GadgetToJScript with Covenant & Donut Thanks to for the answering my queries and helping me while exploring tool 🙏

    47 proslijeđenih tweetova 82 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    16. sij

    That epic Microsoft moment❤️ Recently worked on and ECC, so yes, 10 and 2016/2019 only. Previous versions like Windows 7 did not support personnal EC curves (only few NIST standard ones)

    8 replies 368 proslijeđenih tweetova 813 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    12. sij

    Please read.

    61 proslijeđeni tweet 72 korisnika označavaju da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    9. stu 2019.

    "Information is power. But like all power, there are those who want to keep it for themselves." Aaron Schwartz would be 33 by now.

    11 replies 92 proslijeđena tweeta 332 korisnika označavaju da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    4. stu 2019.

    New blog post looking at how Cobalt Strike’s “blockdlls” command works, how to recreate it in our own payloads, and a quick look at Arbitrary Code Guard.

    13 replies 336 proslijeđenih tweetova 596 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    26. lis 2019.

    Quick POC to spawn a process with PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON using VBA.

    92 proslijeđena tweeta 253 korisnika označavaju da im se sviđa
    Poništi
  9. 31. lis 2019.

    If you've ever come across an IOS application built with Kony & Frida fu doesn't help in bypassing SSL pinning; add below entries to info.plist: <key>allowselfsignedcertificate</key> <true/> <key>allowbundledonly</key> <string>NO</string> package -> sign -> deploy -> have fun.

    4 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    30. lis 2019.

    Our new blog post on abusing the SYLK file format. This 1980s file type can host macros in modern versions of MS Office / Excel without hitting protected mode. Post includes recommendations for mitigation (note: active abuse in the wild).

    6 replies 123 proslijeđena tweeta 207 korisnika označava da im se sviđa
    Poništi
  11. 27. lis 2019.

    To be specific, 10 lines of code to inject shellcode into the current running process using a classic CreateThread based shellcode injection method.

    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. 27. lis 2019.

    Calling win32 API from jscript/vbscript using ExecuteExcel4Macro in less than 10 lines of JS code. 0/56 on VT and not getting flagged by WinDefender/AMSI for the moment. A simple script to automate the process; & credits:

    108 proslijeđenih tweetova 211 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    18. tra 2019.

    My first blog on abusing the Service Control Manager and DLL hijacks for lateral movement. I cover methodology, detections and proof of concept code. Thanks to / for all their detection contributions!

    275 proslijeđenih tweetova 535 korisnika označava da im se sviđa
    Poništi
  14. 25. lis 2019.

    Added VBA support (-e for hex or b64 VBA gadgets encoding)

    13 proslijeđenih tweetova 27 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    20. lis 2019.

    PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON can be your friend

    6 replies 22 proslijeđena tweeta 87 korisnika označava da im se sviđa
    Poništi
  16. 19. lis 2019.

    Running Mimikatz using GadgetToJScript from JS or VBS ‘cscript mimi.js privilege::debug < safe.txt’ Steps:

    122 proslijeđena tweeta 251 korisnik označava da mu se sviđa
    Poništi
  17. proslijedio/la je Tweet
    15. lis 2019.

    Releasing my bloodhound helper tool, cypheroth. It helps save time you would have spent running bloodhound cypher queries in the neo4j web interface by dumping all the important info out to spreadsheets. Comes with a great set of starting queries.

    163 proslijeđena tweeta 386 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    11. lis 2019.

    Don't like AV on the box? Hook the admin password prompt with Frida and disable it as regular user 🙃

    Yay! received acknowledgement for a McAfee pwn we used this one during our last red team together with for a nice pwnage.
    5 replies 32 proslijeđena tweeta 117 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    10. lis 2019.

    Combine ()'s SILENTTRINITY with ()'s GadgetToJScript. We can use js/vbs as a stager for SILENTTRINITY.

    37 proslijeđenih tweetova 107 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    3. lis 2019.

    I don't remember who posted this on Twitter a few years ago, but whoever you are: you have improved every night I've spent in a hotel since.

    3.765 replies 72.469 proslijeđenih tweetova 401.255 korisnika označava da im se sviđa
    Poništi

@med0x2e još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·