Empire Strikes Back, now with a GUI - Starkiller - A brief article about how to run Empire in Docker connect it with its frontend and enstablish persistence on a compromised machine. Check it out
https://t.co/et6bILCAFy
A disgruntled employee inserted a "kill switch" into his employers network. In the event he was laid off, his malicious code would trigger.
The code included the function "IsDLEnabledInAD"
His name was Davis Lu
Truly an epic gamer moment. He got sentenced to 4 years in prison
CVE-2023-23397
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability.
https://t.co/0beKMen1Fl
Details:
https://t.co/VdTW9uViLk
#infosec#CyberSecurity#Pentesting#redteam
Meterpreter + Metasploit is absolutely awesome. And anyway, it is not even certain that Defender will catch it: add the stageless payload using basic encoding into a template exe (thread exec), disable autoload of stdapi (you can load it later after callback), and that's all. 💥
Are you already snafflin?
If not, you should really start. It will fetch you a lot of gems from Windows shares and SharePoint servers <3
https://t.co/tWuwZQ4s62 from @mikeloss and @sh3r4_hax
and
https://t.co/CYbacn21FE from @nicolasheiniger
CrackMapExec can now retrieve gMSA passwords using LDAP protocol and option --gmsa 🔥 Thanks to @pentest_swissky for this addition into CME 🫡
Also, I probably don't say it enough but thanks to all the sponsors from @porchetta_ind 🪂
Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.
HardeningKitty
- checks and hardens your Windows configuration
by @0x6d69636b
https://t.co/oVQx24QSx5
Someone has even built a web reference for all tests
https://t.co/wyrMLG11hr
#BugBounty#bugbountytips
If you find a file upload function for an image, try introducing an image with XSS in the filename like so:
<img src=x onerror=alert('XSS')>.png
"><img src=x onerror=alert('XSS')>.png
"><svg onmouseover=alert(1)>.svg
<<script>alert('xss')<!--a-->a.png
Super excited to finally release #BlueHound - a new open-source tool that adds dashboards, reporting, sharing and automation capabilities to #Bloodhound
Check out the blog post at https://t.co/ljAhLYm1uH and get your copy from https://t.co/9Y3Jf0b5Ww
https://t.co/E5vBxDoHtU
Want to read an article, but there’s a paywall?
Simply insert the URL into 12ft Ladder.
All sites have a non-paywall version they send to Google for SEO.
12ft finds the cached, un-paywalled version of the page.
Now you’re in.