kozie
@k0zmerthreat simulation @ r̴e̴d̴a̴c̴t̴e̴d̴ - 🚩 w/ ATeam
Similar User
@vulnlab_eu
@rayanlecat
@0xr0BIT
@filip_dragovic
@xct_de
@ATeamJKR
@topotam77
@TheCyberGeek19
@snowscan
@Arz_101
@olivier_boschko
@szymex73
@Kucharskov
@Tract0r_
@Geiseric4
Small technical update: Impacket and therefore NetExec now support LDAP Channel Binding🔥 Finally you can use all the great features NetExec has to offer even in more mature environments
M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx A Kerberos relay & forwarder for MiTM attacks! >Relays Kerberos AP-REQ tickets >Manages multiple SMB consoles >Works on Win& Linux with .NET 8.0 >... GitHub: github.com/decoder-it/Krb…
Is Kerberos relaying so limited? I'd say no, thanks to @tiraniddo CredMarshalTargetInfo trick. In this case, I'm relaying SMB to HTTP (ADCS) with a modified version of @cube0x0 krbrelay using DFSCoerce and PetitPotam - classic ESC8 attack with Kerberos, no DCOM involved ;)
Following up on my earlier tweet (x.com/decoder_it/sta…) regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it! github.com/decoder-it/Krb…
Is Kerberos relaying so limited? I'd say no, thanks to @tiraniddo CredMarshalTargetInfo trick. In this case, I'm relaying SMB to HTTP (ADCS) with a modified version of @cube0x0 krbrelay using DFSCoerce and PetitPotam - classic ESC8 attack with Kerberos, no DCOM involved ;)
Join me and @Steph3nSims for the next Off By One Security stream!
Join me this Friday (4-Oct) at 11AM PT for the next Off By One Security stream with guest @thenopcode for a stream on the impact the Control Flow Guard (CFG) mitigation has on Windows Exploits! youtube.com/watch?v=A-vtsq… discord.gg/offbyonesecuri… @offby1security
COM is old but gold—for attackers! 🚨 In our latest blog, Sylvain Heiniger (@sploutchy) exposes a privilege escalation vulnerability in the Google Chrome updater. Want to know how cross-session EoP still happens today? Check it out! #COM blog.compass-security.com/2024/10/com-cr…
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though): gist.github.com/snovvcrash/cad…
Just wrapped up DEF CON Demo Labs and published Maestro, a new tool for lateral movement with Intune from C2. Thanks to everyone who came to check it out! I'll be posting a blog and wiki with more info soon, but here's the code and link to today's slides: github.com/Mayyhem/Maestro
OST's Stage1 C2 is now Outflank C2, an optimised, OPSEC focused custom C2 framework with: •Native implants for Windows, macOS and Linux •Dynamic code exec •Proxying support •Peer-to-peer C2 between all three implants Get more info at bit.ly/4cgw8rl
The next Red Team Lab on Vulnlab will be released on August 8, 2024. This lab features over 10 machines and is rated Easy. The Active Directory environment mirrors what you typically encounter in penetration tests and is complemented by a robust SOC.
My talk on automating red team inf is out! There is a slight change to the release schedule mentioned in the talk. The API poc will be coming soon, but there have been some delays. Keep an eye out. Thanks for having me #x33fcon ! Looking forward to the next one!
ScriptBlock Smuggling is a new technique, developed by @_Hubbl3 & @Cx01N_ that allows that allows for the spoofing of PowerShell security logs & bypasses AMSI without the need for reflection or memory patching. Learn all about in our new blog post! bc-security.org/scriptblock-sm…
Recently I was writing up a blog about Secure Kernel and NT working together to initialize Kernel CFG. I realized there were a lot of concepts in SK I was unfamiliar with. Because of this I wrote a post on one of those topics - Secure Image Objects. Enjoy! connormcgarr.github.io/secure-images/
📣 Give it up to the brave ones who made it to the vault of hope 📣 #BusinessCTF24 has come to an end, and these are its champions: 🥇 @Synacktiv 🥈 GMO Cybersecurity by IERAE 🥉 @vulnlab_eu Thank you, everyone, for participating in the epic #CTF, and of course, stay tuned for…
Was inspired by @vendetce to dig into Kerberos TGT renewal with Impacket this morning. Short example script in a PR here to do just that ⤵️ github.com/fortra/impacke…
New blog: Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes. Some tips and tricks on abusing TAPs for Windows Hello persistence and NT hash recovery over Cloud Kerberos Trust. dirkjanm.io/lateral-moveme…
Taking a cue from @D1iv3 and @decoder_it's work on inducing authentication out of remote DCOM I thought I'd quickly write up a post about getting Kerberos authentication out of the initial OXID resolving call. tiraniddo.dev/2024/04/relayi…
DllMain Rules Rewritten are Microsoft's infamous DllMain Rules - rewritten. After countless spent hours researching and reverse engineering the new and old Windows loaders, they are now complete. github.com/ElliotKillick/…
"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: decoder.cloud/2024/04/24/hel… 😃
Hey Vulnlab Community! Just taking a moment to reflect on how far we've come together. It's been about a year since Vulnlab first launched, and now we've got around 100 vulnerable machines spread across 50 labs, 2300 Discord members and more than 700 lab users! The main focus…
United States Trends
- 1. Bama 36,6 B posts
- 2. Pete 220 B posts
- 3. Knicks 13,4 B posts
- 4. Miami 109 B posts
- 5. Clemson 19 B posts
- 6. #WWENXT 24,6 B posts
- 7. Sabres 4.289 posts
- 8. Danny Wolf N/A
- 9. #RHOBH 3.445 posts
- 10. minghao 36 B posts
- 11. #HardKnocks 2.313 posts
- 12. Wemby 7.519 posts
- 13. NBA Cup 10,3 B posts
- 14. #drinkIKOA N/A
- 15. Amari Williams N/A
- 16. XDefiant 13 B posts
- 17. #GoAvsGo 2.239 posts
- 18. Gundam 156 B posts
- 19. South Carolina 27,6 B posts
- 20. Ron DeSantis 16 B posts
Who to follow
-
Vulnlab
@vulnlab_eu -
Rayan Bouyaiche
@rayanlecat -
r0BIT
@0xr0BIT -
Filip Dragovic
@filip_dragovic -
Martin Mielke
@xct_de -
jkr
@ATeamJKR -
topotam
@topotam77 -
TheCyberGeek
@TheCyberGeek19 -
Snowscan
@snowscan -
ARZ
@Arz_101 -
Boschko 🇨🇦
@olivier_boschko -
szymex73
@szymex73 -
Michał Kucharski
@Kucharskov -
Tract0r
@Tract0r_ -
Geiseric
@Geiseric4
Something went wrong.
Something went wrong.