Just added `dump` to SharpSphere for dumping LSASS from any powered on Windows VM, without needing guest credentials. DC hosted on vSphere? Your vCenter users are DA.
Guide: https://t.co/RPycWK8fhr
Code: https://t.co/SBzIRKWypE
Twice a year we dive into the latest, notable tradecraft that has caught our attention in the world of phishing and initial access over the past six months. From Pastejacking, to image-less QR codes, to zip concatenation.
📚 Read our new Top 10: https://t.co/QziOqJxBT9
😈 Phishing via "Pastejacking"
JavaScript in HTML attachments is used to copy malicious PowerShell content to users' clipboards, before coercing them into running the code to fix fake OneDrive errors.
🛡️Test your exposure with our recreated payload: https://t.co/hLTjc1Ledj
@TrellixARC A really great write up, thank you.
A shameless plug, but if anyone's looking for a sample, you can grab a re-created version of this payload for free over at @delivr_to - https://t.co/dMvoVaaAID
Adversaries are turning to Microsoft Management Console documents to deliver malware⚠️
💡These MSC files contain plaintext XML and allow for arbitrary code exec & custom file icons, as well as convincing visuals, as seen in this Kimsuky APT example: https://t.co/Gb7ETxQcBu
🧵
💡 Our latest blog explores the offensive potential of Google Web Toolkit (GWT) for HTML Smuggling.
With technical walkthroughs, code examples and detection rules. Check out our latest research here: https://t.co/LTXsRMiBmx
As adversary tradecraft continues to evolve, we’ve put together a new ‘Top 10’, highlighting today’s notable and trending techniques 🔟
🔐 SMB Auth Coercion for Cred Theft
🗒️ Bring Your Own Interpreter Abuse
📦 Esoteric Containers
See our new list here: https://t.co/xkJjOHnI3t
I’m extremely excited to announce that @sublime_sec has raised a $20M Series A led by @indexventures with participation from @DAlperovitch
I wrote about our journey from black box to open platform, and where we're headed:
https://t.co/r66XmNMKG0
A fresh take on traditional HTML smuggling techniques - Rust-based WebAssembly payloads that can call native JavaScript functions 👀
Read our latest blog for code examples, https://t.co/ayUQfHGQyb payloads and detection rules: https://t.co/suHh5gDDvE
A fresh take on traditional HTML smuggling techniques - Rust-based WebAssembly payloads that can call native JavaScript functions 👀
https://t.co/w3gXHiAbKV
A new #Pikabot sample added to the collection ⚡️🤖
✅ OneDrive branded PDF lure
✅ Heavily-obfuscated Zipped JScript Download
✅ Curl and Rundll32 for next-stage DLL download and execution
Test your defences now: https://t.co/eCAN4FqzNW
🧵
Bring Your Own Interpreter👜📎
From an initial script or LNK, DarkGate malware delivery uses curl to download the AutoIt interpreter and execute next-stage scripts.
We've added new payloads for you to test: https://t.co/HptSuMDqaG
🧵
Did some 'real phishing' today (thanks @delivr_to) with a suspicious Zoom download page. First piece of analysis showed great understanding that the branding did not match the email sender domains. Recommendations are on point also. Great tool to augment your phishing response.
Want to send https://t.co/ayUQfHHonJ payloads from your own domains?📫
https://t.co/ayUQfHHonJ now supports Custom Senders! Configure your SendGrid account (more providers coming soon!) and select your sending address, and you're good to go🛠️
https://t.co/z8ISxG7aJG
That’s a wrap for summer camp this year! ✌️
Thanks to everyone that came out to our workshops with @sublime_sec at @BSidesLV and @defcon!
Some great questions, discussions and hunting all the email threats! 🔥
Catch you next year!
[PROMO] Missed the boat on BSidesLV tickets? We've got a free ticket to give away!
Enter your email here and we'll pick a winner on Friday 10AM PT https://t.co/qRZRDIJdeh
[NEW FEATURE] https://t.co/ayUQfHGQyb now integrates with Microsoft 365 Defender🛡️
View the results of Defender's analysis of sent emails directly from your campaign and get better visibility of what was blocked, and why.
https://t.co/I05zOyPzmO
[BLOG] With an increase in threat actor usage of SVG Smuggling, our new research blog documents ways the image format can be abused, and how we can detect it! 🔍
https://t.co/4QYqXUupQM
[PROMO] https://t.co/fHhIgBl2xQ is teaming up with @sublime_sec to bring you a masterclass in email detection engineering at DEFCON31
To celebrate, we're giving you 31% OFF🔥a year's subscription, or your first 3 months
Use code DEFCON31 during checkout to apply your discount!
[DETECTION] We’ve added a new @sublime_sec rule to our detections repo for docs with embedded RTF files using remote resources, as exploited in CVE-2023-36884 ⚠️🔍
https://t.co/GsPLPVXMEo