lɐʍɹǝuɔǝ ɯnuɹo

@munrobotic

Technical Director @ NCC Group, Anti-silo Activist, Thinkerer, Perpetual Student.

Scottish Highlands, UK
Vrijeme pridruživanja: rujan 2010.

Tweetovi

Blokirali ste korisnika/cu @munrobotic

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @munrobotic

  1. proslijedio/la je Tweet

    Have you ever seen a detection that you felt was too brittle or narrowly focused? In this post, I explore an idea I call "Capability Abstraction" where I seek to demonstrate where that feeling comes from for me.

    Poništi
  2. proslijedio/la je Tweet
    5. velj

    I commissioned this comic in late-2011 to market what would become Cobalt Strike. I'm always amazed at how well the overall "story" has held up. Open question: How many pen testers "report in" with a salute to the customer CEO at the end of an engagement?

    Poništi
  3. proslijedio/la je Tweet
    3. velj

    Burp Suite extension to perform Kerberos authentication

    Poništi
  4. proslijedio/la je Tweet
    4. velj

    Custom Signed Kernel Driver's Pretty cool 😃 Without the need to enable TestSigning. Sample Project:

    Poništi
  5. proslijedio/la je Tweet
    3. velj

    Really glad to finally get a blogpost out about this. Hopefully this is useful and gives Red Teamers ideas on how to use the BYOI concept in their own payloads. If anyone is interested in a few more follow up posts about this will gladly oblige :)

    Poništi
  6. proslijedio/la je Tweet
    3. velj

    A reminder (in case you're slow like me) that Twitter is now supporting full app-based 2FA for accounts in all regions and you no longer have to provide a phone number for SMS-based 2FA. Go get at em!

    Poništi
  7. proslijedio/la je Tweet
    1. velj

    is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with 's execute-assembly command.

    Poništi
  8. proslijedio/la je Tweet
    1. velj

    For those of you using a NV GPU with Volta or Turing chipset, listen up! We hacked our way into the post-48k GPU shared memory region. This improved bcrypt cracking performance by an average of 25%. For instance a GTX2080Ti improved from 42116 H/s to 54770 H/s

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    1. velj

    Also, if you have a GV100 (TITAN V, V100) the bcrypt cracking performance should be *doubled* but really only this exact chipset. So far this is only a theoretical value. I can't verify because I don't have this GPU for testing. Someone can verify?

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    1. velj

    Load encrypted PE from XML Attribute. MSBuild is still the best.😅 MSBuild sets Property then calls Execute. Use this example to decouple payloads & prove that all security products have a "Single File Bias". Decouple payloads to subvert detection.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    31. sij

    The code to execute in JS via "System.Runtime.InteropServices.RegistrationServices" here: You need to expose a static method public static void UnRegisterClass(string key) And of course you need an assembly object :) Cheers

    Poništi
  12. proslijedio/la je Tweet
    31. sij

    Pushed a new Rubeus release after getting some additional feedback from our most recent AT:RTO students. The full changes are detailed here . To highlight a few new features- "/nowrap" globally prevents base64 blobs from line-wrapping, (1/4)

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    31. sij

    Lots of other changes, fixes, and additions as well. Thank you to everyone who contributed, and I hope everyone else finds the new changes useful! Again, a full changelog is available at (4/4)

    Prikaži ovu nit
    Poništi
  14. 31. sij

    Friends in the UK... Remember to set your clocks back 46 years tonight.

    Poništi
  15. proslijedio/la je Tweet
    28. sij

    New Blog Post from on Azure. Ryan discusses Azure and Azure AD's components, reviews some of the attacks, and release PowerZure to help understand the attacks. Link: PowerZure:

    Poništi
  16. proslijedio/la je Tweet
    28. sij

    ICYMI - released MoveKit and StayKit, a collection of aggressor scripts, .NET projects, and templates to enhance lateral movement and persistence on your engagements. Link: MoveKit: StayKit:

    Poništi
  17. proslijedio/la je Tweet
    27. sij

    Just pushed a somewhat big update to SILENTTRINITY with a lot of forward compatibility fixes for Python 3.8 and made the PowerShell "stageless" stager public. Plus more modules and bug fixes

    Poništi
  18. proslijedio/la je Tweet
    24. sij

    Interesting recent change (at least 1903) to SeTokenCanImpersonate which determines if you can impersonate an access token. The Session ID is now checked so that you can't impersonate same user session 0 tokens outside of session 0.

    Poništi
  19. proslijedio/la je Tweet
    19. sij

    command-line MSBuild.exe detection's got your down? How about MSBuild without MSBuild.exe?

    Poništi
  20. proslijedio/la je Tweet
    22. sij

    I just published a ~45 page whitepaper on attacking and defending terraform infrastructure as code in GitHub. Includes attack scenarios, hardening, detections, etc. Deep thanks to and for their inspiration and research. ❤️ 1/3

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·