all the agent code is open source and works with all models
Agent: https://t.co/iHgc13v5KG
Repo: https://t.co/eXLbrlOaM3
Paper: https://t.co/jf3EuKsiyS
someone built a tool that REMOVES LLM CENSORSHIP in 45 minutes with a SINGLE command
its called HERETIC
here is how it works and why everyone is talking about it
Released ClickOnceBlobber - ClickOnce + AppDomain Manager Injection + ProxyBlob for initial access.
Signed host exe (no MoTW), trusted process loading, all traffic over HTTPS to Azure Blob Storage.
Detailed blog post dropping in the coming weeks.
https://t.co/2Mb9FrNwRw
I wrote a fun write-up on ADCS exploitation, including explanations and custom built examples of practical exploitation for all 13 ESC vulnerabilities. It's available on my blog: https://t.co/zZReyPgeMi
Hope this helps anyone who's interested in #activedirectory security :)
Those bad boys got new guns:
- ADCS ESC12 & 13 and ESC8 from WSUS poisoning
- SCCM takeover from passive server
- AD Miner and SOAPHound
- LDAP pass back
- PXE boot attacks
- Creds from third-party softs
...
https://t.co/Q3YeRqPDnc
https://t.co/mq25kTec2V
https://t.co/Ey8wayKWUz
A colleague pointed me today to an insane exploit primitive if you control a PHP include() with a fixed .php extension and no upload:
https://t.co/sy9s72KMKT
I decided to make a homage-post to @homakov and @Nirgoldshlager about different OAuth-token leakage methods I've been researching – ten years after their blog posts that inspired me to start hunt for bugs ♥️ thank you.
https://t.co/pODPvDUOU9
New Writeup - Circumventing Browser Security Mechanisms For SSRF. In this blog post we find our way around browser's mixed content policy to perform a SSRF against headless Chrome. Ft. @S1r1u5_@iamnoooob@rootxharsh
https://t.co/Ma7OSFL24C
Well here it it is, the initial release of lsarelayx. Considered alpha at this stage, so I recommended lab use only for now. Appreciate any feedback, especially non working environments.
https://t.co/uR5R3GvfsZ
We've been assigned with CVE-2021-41349 for pre-auth Reflected XSS in MS Exchange. Found this with @iamnoooob months back while playing with Proxyshell lol.
https://t.co/jLdPSGyEAs
https://t.co/6D5nzfHOMZ
Confirmed: The DNS records that tell systems how to find https://t.co/qHzVq2Mr4E or https://t.co/JoIPxXI9GI got withdrawn this morning from the global routing tables. Can you imagine working at FB right now, when your email no longer works & all your internal FB-based tools fail?
NEW-RELEASE 📢📢
We've opensourced a web client for interactsh - A web-based user interface to visualize all the interactions.
Web Client - https://t.co/hfIZGWqsf2
GitHub Project: https://t.co/P5JQMl08DN
#hackwithautomation#oob#opensource
I found some permission issues when hacking Apple CloudKit. I wrote about three of them @detectify labs, one where I accidentally deleted all shared Apple Shortcuts.
https://t.co/bwNOLJIeIo