WHOAMI
@wh0amitzRed Team / Offensive Security, Cameo in @StrawHat_CTF for pentest. Web Security / Windows / Active Directory / Post Exploitation
Similar User
@Octoberfest73
@C0d3Cr4zy
@Netlas_io
@Lyutoon_
@b1ue0cean7
@yuvalavra
@OtterHacker
@Hadess_security
@endermanch
@0rang3c4t
@cyberwarfarelab
@vcslab
@ZeroMemoryEx
@J1an45
@hacks_zach
SharpADWS is an Active Directory Recon and Exploit tool for Red Teams via the ADWS protocol, Inspired by @FalconForceTeam Without the LDAP protocol, it can easily bypass most traffic monitoring for LDAP #BloodHound #redteam #Pentesting #CyberSecurity github.com/wh0amitz/Sharp…
M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx A Kerberos relay & forwarder for MiTM attacks! >Relays Kerberos AP-REQ tickets >Manages multiple SMB consoles >Works on Win& Linux with .NET 8.0 >... GitHub: github.com/decoder-it/Krb…
Relaying DCOM has always intrigued me, so I decided to dive in. Started with a MiTM attack using a fake DNS entry, targeting certificate requests to an ADCS server and relaying to SMB.
It seems amazing to me that MS have spent years talking about this feature and have not fixed well known public bypasses. My similar Kerberos trick probably works tiraniddo.dev/2022/03/bypass… as does googleprojectzero.blogspot.com/2019/12/callin… if you accept a prompt :)
Administrator Protection, introduced in the latest Windows Insider Canary build, is a solid security enhancement... uhh.. really?? can be bypassed with @splinter_code's clever SspiUacBypass tool. Check it out here: github.com/antonioCoco/Ss…
''New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication'' #infosec #pentest #redteam #blueteam thehackernews.com/2024/08/new-wi…
New Module 46: Exploiting EDRs For Evasion - Preventing EDR From Taking Action This module demonstrates a logic vulnerability in an EDR. Setting the "Read-Only" attribute on a malicious file prevents it from being quarantined or deleted. We exploit this vulnerability to…
NEW release (v1.3) of ADOKit is out NOW which includes 7 new modules from @NicolasHeiniger and myself, among other fixes/improvements. I will be doing a talk on ADOKit at @BlackHatEvents #BlackHatArsenal next week on Wednesday at 1:55pm PT at Station 5👍 github.com/xforcered/ADOK…
[Tool & Blog release] - smbtakeover, a technique to unbind/rebind port 445 without loading a driver, loading a module into LSASS, or rebooting the target machine. The goal is to ease exploitation of targeted NTLM relay primitives while operating over C2. Github repo is linked at…
Implementing a session manager is a tons of fun… and pain 😅 Have learned so much about CreateProcess and Logon APIs studying @splinter_code’s RunasCs, a very handy tool once again 🙌🏻
Oldy but goody from one of my favorite researchers, itm4n, about DLL proxying and privilege escalation from implmentations outside of "c:\Program Files" itm4n.github.io/dll-proxying/
''CcmPwn: leverages the CcmExec service to remotely hijack user sessions'' #infosec #pentest #redteam #blueteam meterpreter.org/ccmpwn-leverag…
We have a (draft) @metasploit exploit module in the queue for CVE-2024-4577, the new PHP CGI argument injection vuln disclosed yesterday. h/t to @orange_8361 for the discovery and @watchtowrcyber for their analysis. github.com/rapid7/metaspl…
An interesting SSRF fix bypass (CVE-2024-4084) in AnythingLLM that I found a few months ago has been made public. #llm #Pentesting #CyberSecurity #BugBounty huntr.com/bounties/bf445…
CVE-2024-4084 A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to… cve.org/CVERecord?id=C…
As expected, NTLM is now "deprecated." learn.microsoft.com/en-us/windows-… @splinter_code Was wondering what would have happened if we had discovered #LocalPotato after this article🤔
Just published a short blog post on abusing the SeRelabelPrivilege ;) decoder.cloud/2024/05/30/abu…
One thing I always look for when starting in a network without AD creds is user enumeration with RPC null sessions. impacket SAMR (samrdump) and LSARPC (lookupsid) tools will give you only a small part of the story. Here's my minimal RID cycling script gist.github.com/naksyn/8204c76……
ADCS strikes again (sounds a lot like ESC1). Just as a reminder, despite our recommendation of alerting IT administrators of this very common dangerous misconfiguration (AT A MINIMUM via an event log). Microsoft chose not to include any additional logging in ADCS.
So MSRC first say that they cannot reproduce ,now say that no security boundary is crossed. Tested this on few different machines and it was successful on all of them. This is bug in GamingServices , non default service so impact is not high. github.com/Wh04m1001/Gami…
I created another variant of our so-loved *potato family, the #FakePotato. But have to wait MSRC response before disclosing, hopefully soon ;)
United States Trends
- 1. Bengals 59,5 B posts
- 2. Eagles 47,9 B posts
- 3. Ravens 33,7 B posts
- 4. Justin Tucker 3.125 posts
- 5. Maddox 5.971 posts
- 6. Steelers 77,2 B posts
- 7. Kirk Cousins 11,3 B posts
- 8. Jets 53,4 B posts
- 9. Colts 29 B posts
- 10. Vikings 35,3 B posts
- 11. #SKOL 7.038 posts
- 12. Falcons 22,9 B posts
- 13. #HereWeGo 12,4 B posts
- 14. Bryce Young 3.796 posts
- 15. Seahawks 34,9 B posts
- 16. Trevor Lawrence 27,5 B posts
- 17. Penix 5.470 posts
- 18. Cardinals 15 B posts
- 19. Mark Andrews 2.456 posts
- 20. Russ 19,2 B posts
Who to follow
-
Octoberfest7
@Octoberfest73 -
Joas Antonio
@C0d3Cr4zy -
Netlas.io
@Netlas_io -
Lyutoon
@Lyutoon_ -
b1ue0cean
@b1ue0cean7 -
Yuval Avrahami
@yuvalavra -
OtterHacker
@OtterHacker -
HADESS
@Hadess_security -
Enderman
@endermanch -
0rangecat
@0rang3c4t -
CyberWarFare Labs
@cyberwarfarelab -
VCSLab
@vcslab -
Mairon
@ZeroMemoryEx -
Jlan🌈
@J1an45 -
Zach Hanley
@hacks_zach
Something went wrong.
Something went wrong.