zw0scura

#FakeLogonScreen is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with #CobaltStrike's execute-assembly command. https://github.com/bitsadmin/fakelogonscreen …pic.twitter.com/2pAOk9InLM

KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore, https://github.com/hfiref0x/KDU pic.twitter.com/s154qYlIKR

Firefox now shows what telemetry data it's collecting about you Just go to about:telemetry https://www.zdnet.com/article/firefox-now-shows-what-telemetry-data-its-collecting-about-you/ …pic.twitter.com/erW5EamI93

Load encrypted PE from XML Attribute. MSBuild is still the best. https://github.com/XwingAngel/PELoader/ … MSBuild sets Property then calls Execute. Use this example to decouple payloads & prove that all security products have a "Single File Bias". Decouple payloads to subvert detection.pic.twitter.com/648rujlLQn

1\ I've written a little compiler to ship ML models as standalone Yara rules, and done proof of concept detectors for Macho-O, RTF files, and powershell scripts. So far I have decision trees, random forests, and logistic regression (LR) working. https://github.com/inv-ds-research/yaraml_rules …pic.twitter.com/sfuXEkHeNO

"Using object linking, it is possible to link the RTF files to the remote object which could be the link to the malicious resource hosted on the remote server. This leads the resulting RTF file to behave as a downloader" https://www.mcafee.com/blogs/other-blogs/mcafee-labs/an-inside-look-into-microsoft-rich-text-format-and-ole-exploits/ … #malware #cybersecuritypic.twitter.com/P43YmutaZJ

Be a smart defender! No excuses, don’t need expensive EDR or fancy tools. @olafhartong on monitoring using available tools for intelligent monitoring, linked to @MITREattack ,+ready to use for threat hunting! Sysmon module + TH app —> http://github.com/olafhartong  #infosec #NLSecureIDpic.twitter.com/vmdsoIWouh

Windows passwords decryption from dump files #infosec #pentest #redteam https://github.com/AlessandroZ/LaZagneForensic …pic.twitter.com/50cBDaEUNA

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. #infosec #pentest #redteam https://github.com/SECFORCE/Tunna pic.twitter.com/StLPqTShsN

Using Alternate Data Streams to Bypass User Account Controls #infosec #pentest #redteam https://redcanary.com/blog/using-alternate-data-streams-bypass-user-account-controls/ …pic.twitter.com/nZpvFowVLE

Given a Pcap File, plot a network diagram displaying hosts in the network, network traffic, highlight important traffic #infosec #pentest #redteam #blueteam https://github.com/Srinivas11789/PcapXray/blob/master/README.md …pic.twitter.com/eYuOERHxP9

Log Sources - ordered by priority - with ratings in different categories - personal and highly subjective assessment - from my most recent slide deck on low hanging fruits in security monitoring #SIEM #SecurityMonitoring #ThreatHuntingpic.twitter.com/wuWImWLB77