Forwarded from APT
🔐 Crack.sh is dead, Long Live Shuck.sh
Recently, many of you might've noticed that Crack.sh is currently unavailable. While it's been an invaluable tool in our arsenal, the landscape is ever-changing, and we need to pivot. Meet Shuck.sh, an emerging service that offers similar capabilities, leveraging the extensive Have I Been Pwned (HIBP) database.
🚀 Key Features:
— Shuck It: Instantly shuck NetNTLMv1, PPTP VPN, and WPA-Enterprise MSCHAPv2 challenges against HIBP's NT-hash database.
— Tech Insight: Efficient binary search for DES-keys collisions from a subset of the HIBP database.
— Fast & Free: Got around 100 NetNTLMv1 challenges? Extract their corresponding NT-Hashes in roughly 10 seconds.
One significant advantage of Shuck.sh over other tools is its ability to be deployed locally. For those concerned about security and privacy, you can set up Shuck.sh on your own environment using its script from the GitHub repository.
🔗 Shuck.sh
🔗 GitHub Repository
🔗 Pwned Passwords Version 8 (Torrent)
#ntlmv1 #des #mschapv2 #bruteforce
Recently, many of you might've noticed that Crack.sh is currently unavailable. While it's been an invaluable tool in our arsenal, the landscape is ever-changing, and we need to pivot. Meet Shuck.sh, an emerging service that offers similar capabilities, leveraging the extensive Have I Been Pwned (HIBP) database.
🚀 Key Features:
— Shuck It: Instantly shuck NetNTLMv1, PPTP VPN, and WPA-Enterprise MSCHAPv2 challenges against HIBP's NT-hash database.
— Tech Insight: Efficient binary search for DES-keys collisions from a subset of the HIBP database.
— Fast & Free: Got around 100 NetNTLMv1 challenges? Extract their corresponding NT-Hashes in roughly 10 seconds.
One significant advantage of Shuck.sh over other tools is its ability to be deployed locally. For those concerned about security and privacy, you can set up Shuck.sh on your own environment using its script from the GitHub repository.
🔗 Shuck.sh
🔗 GitHub Repository
🔗 Pwned Passwords Version 8 (Torrent)
#ntlmv1 #des #mschapv2 #bruteforce
🔥19👍6😢3😁1
CVE-2023-36745: Microsoft Exchange Server RCE
https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/
PoC: https://github.com/N1k0la-T/CVE-2023-36745
#exploit #ad #redteam #pentest
https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/
PoC: https://github.com/N1k0la-T/CVE-2023-36745
#exploit #ad #redteam #pentest
Daily CyberSecurity
Microsoft Exchange Server RCE (CVE-2023-36745) Flaw Gets PoC Exploit
Proof-of-concept (PoC) exploit code has been published for a Microsoft Exchange Server vulnerability tracked as CVE-2023-36745
🔥31👍7😁2😢1
Если кто-то не совсем разобрался с техникой DLL Hijacking, или может совсем не в курсе, что это такое, советую данный материал. Очень хорошая работа!
https://elliotonsecurity.com/perfect-dll-hijacking/
So today, we're doing 100% original research reverse engineering the Windows library loader to not just cleanly workaround Loader Lock but, in the end, disable it outright. Plus, coming up with some stable mitigation & detection mechanisms defenders can use to help guard against DLL hijacking.
#maldev #redteam
https://elliotonsecurity.com/perfect-dll-hijacking/
So today, we're doing 100% original research reverse engineering the Windows library loader to not just cleanly workaround Loader Lock but, in the end, disable it outright. Plus, coming up with some stable mitigation & detection mechanisms defenders can use to help guard against DLL hijacking.
#maldev #redteam
Elliot on Security
Elliot on Security - Perfect DLL Hijacking
Disengaging Loader Lock to do anything directly from DLLMain...
👍28🔥20
Чуть-чуть про Lateral Movement через DCOM
https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922
#ad #lateralmovement #pentest #redteam
https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922
#ad #lateralmovement #pentest #redteam
Medium
Lateral Movement: Abuse the Power of DCOM Excel Application
In this post, we will talk about an interesting lateral movement technique called ActivateMicrosoftApp() method within the distributed…
👍9🔥6🎉2
Forwarded from Offensive Twitter
😈 [ Almond OffSec @AlmondOffSec ]
Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post by @lowercase_drm introduces them through the lens of Python libraries.
🔗 https://offsec.almond.consulting/ldap-authentication-in-active-directory-environments.html
🐥 [ tweet ]
Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post by @lowercase_drm introduces them through the lens of Python libraries.
🔗 https://offsec.almond.consulting/ldap-authentication-in-active-directory-environments.html
🐥 [ tweet ]
👍9
Как украсть сессию Slack в Ripcord. Даже не слышал про этот клиент😁
https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
#redteam #pentest
https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
#redteam #pentest
👍8😱4😁1
LocalPotato (Windows LPE) обновлён и теперь поддерживает HTTP/WebDAV.
Git: https://github.com/decoder-it/LocalPotato
Blog: https://decoder.cloud/2023/11/03/localpotato-http-edition/
#git #lpe #redteam #redteam
Git: https://github.com/decoder-it/LocalPotato
Blog: https://decoder.cloud/2023/11/03/localpotato-http-edition/
The HTTP/WebDAV scenario is currently unpatched (Microsoft decision, we reported it) and works on updated systems.
#git #lpe #redteam #redteam
🔥15😢3👍1😁1
Forwarded from RedTeam brazzers (Pavel Shlundin)
Как и в том году мой бывший коллега со своей командой CTI создали новый огромный отчёт. На этот раз про азиатским APT группировки!
Отчёт содержит 370 страниц подробного анализа о различных азиатских APT группировок с описанием TTPs, анализом действий атакующих на основе "Unified Kill Chain" и много других крутых штук, отчёт доступен для скачивания в RU и EN вариантах.
P.S. Данный материал на 14:00 по мск эксклюзив.
Отчёт содержит 370 страниц подробного анализа о различных азиатских APT группировок с описанием TTPs, анализом действий атакующих на основе "Unified Kill Chain" и много других крутых штук, отчёт доступен для скачивания в RU и EN вариантах.
P.S. Данный материал на 14:00 по мск эксклюзив.
👍19🔥5
Forwarded from RedTeam brazzers (Pavel Shlundin)
👍26🔥6😁1
Microsoft Access можно использовать для принудительной аутентификации и сброса NTLM на любой порт
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
#fishing #pentest #redteam
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
#fishing #pentest #redteam
Check Point Research
Abusing Microsoft Access "Linked Table" Feature to Perform NTLM Forced Authentication Attacks - Check Point Research
What is NTLM? What common attacks exist against it? NTLM is an extremely deprecated authentication protocol introduced by Microsoft in 1993. It is a challenge-response protocol: the server keeps a secret called an “NTLM hash” derived from the user’s password…
👍16😱4🔥3
Если кто хочет потренироваться в обходе различных техник детекта, частично применяемых в EDR, то вот хорошее средство)
https://github.com/Xacone/BestEdrOfTheMarket
#evasion #edr #git #redteam #blueteam
https://github.com/Xacone/BestEdrOfTheMarket
Defensive Techniques ⚔️
* Multi-Levels API Hooking
* SSN Hooking/Crushing
* IAT Hooking
* Shellcode Injection Detection
* Reflective Module Click Me Load More Detection
* Call Stack Monitoring
In progress:
* Heap Monitoring
* ROP Mitigation
* AMSI Patching Mitigation
* ETW Patching Mitigation
#evasion #edr #git #redteam #blueteam
GitHub
GitHub - Xacone/BestEdrOfTheMarket: EDR Lab for Experimentation Purposes
EDR Lab for Experimentation Purposes. Contribute to Xacone/BestEdrOfTheMarket development by creating an account on GitHub.
🔥33👍8🥰3😁1
This media is not supported in your browser
VIEW IN TELEGRAM
специально для тебя делал а ты даже не запабликовал😁😁😅
А много же кто @clevergod знает) у него ещё канал есть @securixy_kz😉
😁96🔥9👍6
Forwarded from APT
📄 ADCS: New Ways to Abuse ManageCA Permissions
The Certsrv service exhibits a race condition during the creation of CRL files, any standard user with ManageCA ACL and publish the CDP and carry out arbitrary file movements, ultimately leading to domain elevation of privileges.
🔗 https://whoamianony.top/posts/ad-cs-new-ways-to-abuse-manageca-permissions/
#ad #adcs #manageca #privesc
The Certsrv service exhibits a race condition during the creation of CRL files, any standard user with ManageCA ACL and publish the CDP and carry out arbitrary file movements, ultimately leading to domain elevation of privileges.
🔗 https://whoamianony.top/posts/ad-cs-new-ways-to-abuse-manageca-permissions/
#ad #adcs #manageca #privesc
👍10🔥4
Скрипт для IDA Pro, подключающий OpenAI GPT для помощи в анализе кода 😳😳
https://github.com/JusticeRage/Gepetto
Сам не тестировал, но обязательно посмотрю в ближайшее время
#reverse #git
https://github.com/JusticeRage/Gepetto
Сам не тестировал, но обязательно посмотрю в ближайшее время
#reverse #git
🔥62👍5🥰1😢1