Inspired by @TrustedSec article on remotely starting Windows services, enjoy our python unauthenticated EFS trigger developed with @Hypnoze57
Enjoy!
https://t.co/lfXowfPYtv
It is not #Crowdstrike related nor that sexy, ok but still :
2 more unfixed CVE (SQLi including a preauth. one) released by our team CVE-2024-28298 CVE-2024-28297
https://t.co/UmG8eEr3hg
And
https://t.co/maKktjV9CT
cc @_kx90@Hypnoze57 ;)
Yesterday our teammate @Hypnoze57 released #SharpHound4Cobalt
https://t.co/7IVBnZmgqM
The goal?
SharpHound data sent in-memory nothing dropped on the disk + sent to Cobalt Strike downloads through https://t.co/zRmakc2Q1G instead -> more #Opsec during real-life engagements👌
Happy to release my first offensive security tool on GitHub 😀 !
DNSlivery - Easy files and payloads delivery over DNS
https://t.co/czRpcQvW2D
Special thanks to @joff_thyer, @securityweekly and @MDSecLabs for the inspiration.
Just release the first version of my forward shell https://t.co/y7imAb1PHr
Thx to @ippsec I wasn't knowing that something like this was possible before watching his videos !
Just published a new blog. Stealing internal server files from @IKEA.com by exploiting a LFI bug in their PDF library. Furthermore an in-depth discussion about Responsible Disclosures. Read more: https://t.co/otqIfhxsKs Would love to hear your opinion and feedback!