A#root

@rootfudimo

Global Security Team

Australia
Vrijeme pridruživanja: ožujak 2016.

Tweetovi

Blokirali ste korisnika/cu @rootfudimo

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rootfudimo

  1. proslijedio/la je Tweet
    24. sij

    Quickly identify users / groups / password policy of the domain with prettyloot after dumping domain info using ntlmrelayx ! The script reads all files from the loot directory and prints information like a classic enum4linux output 😊

    Poništi
  2. proslijedio/la je Tweet
    23. sij

    There was once upon a time when I understood that not every Infosec professional had the opportunity to pop companies full end to end. I started to write to share out some ideas, themes, and messages to help others to think about more areas. 🤷‍♂️🧧

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    24. sij

    modexp is one of my fav. researchers; while I often skim on details he is killing it with posts that combine an extensive and comprehensive research on interesting and often nuanced topics and a very well written narrative top quality right there

    Poništi
  4. proslijedio/la je Tweet
    23. sij

    PoC (Denial-of-Service) for CVE-2020-0609 & CVE-2020-0610 Please use for research and educational purpose only.

    Poništi
  5. proslijedio/la je Tweet
    22. sij

    If you're playing with Kerberos and want to view the encrypted parts in Wireshark you can do so with a keytab file. Since impacket was missing structures for this I added a script to my forest trust tools repo which easily allows adding multiple keys:

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    21. sij

    Hey Defender friends. Turns out that removing those services with Unicode/non-printable characters is pretty hard, so I wrote you a tool to help with that. I'll be releasing the offensive PoC later this week or early next week.

    Poništi
  7. proslijedio/la je Tweet
    21. sij

    Added 2 more PoC scripts to the OffensiveDLR repo. One of which embeds the SSharp Compiler within a Posh script (Can be easily embedded from within any .NET language.) SSharp code compilation does not call csc.exe :)

    Poništi
  8. proslijedio/la je Tweet

    Because I prefer C, little POC to create your own EC alternative keys > With a lots of keys included in the release.

    Poništi
  9. proslijedio/la je Tweet
    19. sij

    command-line MSBuild.exe detection's got your down? How about MSBuild without MSBuild.exe?

    Poništi
  10. proslijedio/la je Tweet
    18. sij

    Okay here it is, Zipper a new file and folder compression utility for CobaltStrike. Blue Teams/Hunters/Defenders: Lookout for non file-compression related processes creating (random named) zipfiles within temp folders.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    18. sij

    If you are unable to install the patch for RDP vulns CVE-2020-0609 and CVE-2020-0610, points out a workaround

    Poništi
  12. proslijedio/la je Tweet

    Because VBA is not all, with Microsoft PowerShell signed script. Very useful with AllSigned or RemoteSigned execution policy🤪

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet

    Ho, by the way, is not only about TLS & Authenticode... it's also for S/MIME and other signatures. Yes, it's also valid against mail signature verification ❤️ I hope nobody rely on it for legal / workflow validation

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    17. sij

    If you have AppLocker deployed, be aware that most times when Windows 10 is updated/upgraded, it creates a TASKS_MIGRATED folder under C:\windows\system32 that has the CREATOR OWNER, meaning that users can create and execute files from the folder and bypassing AppLocker 😱

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    16. sij

    Updated PoC to include the root trusted CA "Microsoft ECC Product Root Certificate Authority 2018" Also included a signed and unsigned 7z.exe for you to test out. Please only use for research and education.

    Poništi
  16. proslijedio/la je Tweet
    16. sij
    Poništi
  17. proslijedio/la je Tweet
    14. sij

    COMMENTARY ON CVE-2020-0601: I have been speaking to several players on this on background and there are a few things they want to highlight / clarify based on the public discourse so far.

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    15. sij

    Nothing super exciting, but I updated the Alternate Data Stream gist with two binaries to dump content from an ADS to a file: expand c:\ads\file.txt:test.exe c:\temp\evil.exe esentutl.exe /Y C:\temp\file.txt:test.exe /d c:\temp\evil.exe /o Gist:

    Poništi
  19. proslijedio/la je Tweet
    15. sij
    Poništi
  20. proslijedio/la je Tweet
    15. sij

    [Blog] Avira VPN Local Privilege Escalation Uses some fun tricks to circumvent service DACL and integrity checks.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·