Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @phraaaaaaa
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @phraaaaaaa
-
Prikvačeni tweet
x0rro — A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2 Often AVs rely on simple signatures to detect malicious software and I needed a tool in order to confirm this behavior and be able to produce a working bypass. That’s why I wrote x0rro. https://iwantmore.pizza/posts/x0rro.html …pic.twitter.com/tqNVylQiNk
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Post-exploitation
#Friday tip: Do you know how to trivially & remotely hijack an#RDP session without prompt nor warning on user's side using#Microsoft signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details: https://github.com/kmkz/Pentesting/blob/master/Post-Exploitation-Cheat-Sheet …#Pentestingpic.twitter.com/wHVIYQo73A
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Last year,
@wvuuuuuuuuuuuuu researched and published a command-and-control module for SMB DOUBLEPULSAR. Since then, we've researched and reverse-engineered the RDP version of the implant. Today we're publishing that research and a module for it. Details:https://blog.rapid7.com/2020/02/04/doublepulsar-rce-2-an-rdp-story/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Happy
#metasploitctf week, folks. This week's wrap-up has a sweet Meterpreter enhancement courtesy of@phraaaaaaa, plus an in-depth look at our recent password-cracking overhaul thanks to longtime contributor h00die.https://blog.rapid7.com/2020/01/31/metasploit-wrap-up-50/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Here's a cool trick to break out of AppLocker in Citrix environment: 1. Open a dummy RTF file in wordpad 2. Add ftp.exe as an object 3. Click to open ftp (or other similar apps) 4. ftp>!{commmand/app to run} for example: ftp>!cmd <-- blocked? ftp>!powershell <-- not blocked?:)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
New article! Anti-virus Exploitation: Malwarebytes 4.0.4 - Protection Not Found - Hijacking Malwarebytes via COM IPChttps://0x00sec.org/t/anti-virus-exploitation-malwarebytes-4-0-4-protection-not-found-hijacking-malwarebytes-via-com-ipc/18766 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Revisiting RDP lateral movement https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3 … and releasing a project that will be part of a bigger tool coming next week
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
This is a cool trick. https://twitter.com/0gtweet/status/1220275790757158914 … This works because a custom service trigger is defined. https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_trigger … Action: 1 (SC_ACTION_RESTART) Guid: Microsoft-Windows-Feedback-Service-TriggerProvider ETW Provider Type: 0x14 (SERVICE_TRIGGER_TYPE_CUSTOM)pic.twitter.com/MeIqz81Poy
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
I just published a ~45 page whitepaper on attacking and defending terraform infrastructure as code in GitHub. Includes attack scenarios, hardening, detections, etc. Deep thanks to
@tifkin_ and@harmj0y for their inspiration and research.
https://www.sans.org/reading-room/whitepapers/securecode/defending-infrastructure-code-github-enterprise-39380 …
1/3Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Full analysis and exploit for Windows kernel ws2ifsl use-after-free (CVE-2019-1215) by our researcher
@flxflndy https://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
As promised, a short post on Hyper-V admin privesc: https://decoder.cloud/2020/01/20/from-hyper-v-admin-to-system/ … /cc
@padovah4ck@mkolsekHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Automatically generating solutions to a corrupted keygenme with
@angrdothorse, using@r2gui for the analysis. Cutter and angr are incredibly powerful and useful tools for solving this type of challengehttps://binaryresearch.github.io/2020/01/15/Analyzing-ELF-Binaries-with-Malformed-Headers-Part-3-Solving-A-Corrupted-Keygenme.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
If you have AppLocker deployed, be aware that most times when Windows 10 is updated/upgraded, it creates a TASKS_MIGRATED folder under C:\windows\system32 that has the CREATOR OWNER, meaning that users can create and execute files from the folder and bypassing AppLocker
pic.twitter.com/YLUxRxDyxr
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
this person's been doing a nice job of keeping blue team notes for
#curveball the MSFT crypt.dll vuln,#cve20200601 AKA#ChainOfFools https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d … CVE-2020-0601Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Registration for the 2020 Metasploit community CTF is now open. 1,000 teams, four days to find flags, unlimited shells. Play starts January 30. NOTE: Teams only need to register ONE account. Get it: https://blog.rapid7.com/2020/01/15/announcing-the-2020-metasploit-community-ctf/ …
#metasploitctfHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
If you’re on an internal Red Team that’s struggling to build trust with leadership and defenders, NOW is a great time to pause your op and go help out. Your perspective and mindset will complement their own, and and help quell fear of the unknown. Go help.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
Blink: Intent to Deprecate and Freeze: The User-Agent stringhttps://groups.google.com/a/chromium.org/d/msg/blink-dev/-2JIRNMWJ7s/yHe4tQNLCgAJ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Francesco Soncina proslijedio/la je Tweet
I've been poking around the Windows kernel a lot lately and one of my favorite samples I've referenced is Mimikatz's driver, Mimidrv. I took some time and documented all of its functions and included some write-ups on important kernel structures. Post: https://posts.specterops.io/mimidrv-in-depth-4d273d19e148 … 1/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.