Francesco Soncina

@phraaaaaaa

OSCE // OSCP // Ethical Hacker & Red Teamer // Full Stack Developer // CTF Player

Amsterdam, NL
Vrijeme pridruživanja: ožujak 2011.

Tweetovi

Blokirali ste korisnika/cu @phraaaaaaa

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @phraaaaaaa

  1. Prikvačeni tweet
    4. velj

    x0rro — A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2 Often AVs rely on simple signatures to detect malicious software and I needed a tool in order to confirm this behavior and be able to produce a working bypass. That’s why I wrote x0rro.

    Poništi
  2. proslijedio/la je Tweet
    24. sij

    Post-exploitation tip: Do you know how to trivially & remotely hijack an session without prompt nor warning on user's side using signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details:

    Poništi
  3. proslijedio/la je Tweet
    4. velj

    Last year, researched and published a command-and-control module for SMB DOUBLEPULSAR. Since then, we've researched and reverse-engineered the RDP version of the implant. Today we're publishing that research and a module for it. Details:

    Poništi
  4. proslijedio/la je Tweet
    31. sij

    Happy week, folks. This week's wrap-up has a sweet Meterpreter enhancement courtesy of , plus an in-depth look at our recent password-cracking overhaul thanks to longtime contributor h00die.

    Poništi
  5. proslijedio/la je Tweet
    24. sij

    Here's a cool trick to break out of AppLocker in Citrix environment: 1. Open a dummy RTF file in wordpad 2. Add ftp.exe as an object 3. Click to open ftp (or other similar apps) 4. ftp>!{commmand/app to run} for example: ftp>!cmd <-- blocked? ftp>!powershell <-- not blocked?:)

    Poništi
  6. proslijedio/la je Tweet
    23. sij

    New article! Anti-virus Exploitation: Malwarebytes 4.0.4 - Protection Not Found - Hijacking Malwarebytes via COM IPC

    Poništi
  7. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    Poništi
  8. proslijedio/la je Tweet
    23. sij

    This is a cool trick. This works because a custom service trigger is defined. Action: 1 (SC_ACTION_RESTART) Guid: Microsoft-Windows-Feedback-Service-TriggerProvider ETW Provider Type: 0x14 (SERVICE_TRIGGER_TYPE_CUSTOM)

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    22. sij

    I just published a ~45 page whitepaper on attacking and defending terraform infrastructure as code in GitHub. Includes attack scenarios, hardening, detections, etc. Deep thanks to and for their inspiration and research. ❤️ 1/3

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    7. sij

    Full analysis and exploit for Windows kernel ws2ifsl use-after-free (CVE-2019-1215) by our researcher

    Poništi
  11. proslijedio/la je Tweet
    20. sij

    As promised, a short post on Hyper-V admin privesc: /cc

    Poništi
  12. proslijedio/la je Tweet
    18. sij

    Automatically generating solutions to a corrupted keygenme with , using for the analysis. Cutter and angr are incredibly powerful and useful tools for solving this type of challenge

    Poništi
  13. proslijedio/la je Tweet
    17. sij

    If you have AppLocker deployed, be aware that most times when Windows 10 is updated/upgraded, it creates a TASKS_MIGRATED folder under C:\windows\system32 that has the CREATOR OWNER, meaning that users can create and execute files from the folder and bypassing AppLocker 😱

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    16. sij

    this person's been doing a nice job of keeping blue team notes for the MSFT crypt.dll vuln, AKA CVE-2020-0601

    Poništi
  15. proslijedio/la je Tweet
    15. sij

    Registration for the 2020 Metasploit community CTF is now open. 1,000 teams, four days to find flags, unlimited shells. Play starts January 30. NOTE: Teams only need to register ONE account. Get it:

    Poništi
  16. proslijedio/la je Tweet
    15. sij

    If you’re on an internal Red Team that’s struggling to build trust with leadership and defenders, NOW is a great time to pause your op and go help out. Your perspective and mindset will complement their own, and and help quell fear of the unknown. Go help.

    Poništi
  17. proslijedio/la je Tweet
    14. sij

    Blink: Intent to Deprecate and Freeze: The User-Agent string

    Poništi
  18. proslijedio/la je Tweet
    13. sij

    I've been poking around the Windows kernel a lot lately and one of my favorite samples I've referenced is Mimikatz's driver, Mimidrv. I took some time and documented all of its functions and included some write-ups on important kernel structures. Post: 1/3

    Prikaži ovu nit
    Poništi
  19. 14. sij
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·