Twitter | Search | |
Dave Cossa
Red Team / Frequent reader of the first page of Google results / Occasional reader of the second page of Google results
333
Tweets
167
Following
813
Followers
Tweets
Dave Cossa retweeted
Dirk-jan Sep 24
New blog: A different way of abusing Zerologon. No more password reset needed: using the printer bug with Zerologon to relay to DRSUAPI and DCSync directly with ntlmrelayx: Code:
Reply Retweet Like
Dave Cossa retweeted
Dirk-jan Sep 20
It has a few more prerequisites, but I finally managed to get a exploit working that doesn't rely on resetting passwords to exploit. Use the printerbug to make DC1 connect to you, then with lots of magic relay that to DC2 directly to DRSUAPI to DCSync 😁
Reply Retweet Like
Dave Cossa retweeted
A. Hacker Sep 17
Beacon Object File ADVENTURES: Some Zerologon, SMBGhost, and Situational Awareness
Reply Retweet Like
Dave Cossa retweeted
Rich Warren Sep 15
.NET exploit for Zerologon is now released 🥳 Identify and exploit vulnerable DCs using execute-assembly, no python required Includes detection tips for each step of the exploit chain. PRs accepted for more detections! 🙏 Go find those DCs and patch!
Reply Retweet Like
Dave Cossa Sep 14
Replying to @HackingLZ
Next google search: "How to do an authoritative AD restore using impacket"
Reply Retweet Like
Dave Cossa retweeted
Dirk-jan Sep 14
Replying to @_dirkjan
Since there are already public POCs out there now, here is mine: Requires latest impacket version from GitHub!
Reply Retweet Like
Dave Cossa retweeted
Mumbai Sep 14
Finished the code. I've uploaded the entire project for those whom are interested. Whilst should work on x86 ( I'll verify later ) - everything works perfectly on x64. Currently only tested with EB, will test with SmbGhost at another date. Enjoy!
Reply Retweet Like
Dave Cossa retweeted
James Forshaw Sep 8
Opened a fun bug (or is it backdoor?) in a "hidden" COM server which adds a certain Mr DeYoung as an Administrator to your computer with no password. .
Reply Retweet Like
Dave Cossa retweeted
batsec Sep 4
My blog post on Pwning Windows Event Logging with YARA rules is now up. If you have the permissions and the right yara rule, you can completely hide yourself from event logging.
Reply Retweet Like
Dave Cossa retweeted
Tom Carver Sep 4
New blog post is out! Creating a custom dll injector using Cobalt Strike BOF's
Reply Retweet Like
Dave Cossa retweeted
Jonas L Sep 2
Lock screen/Bitlocker bypass/elevation of privilege in Bitlocker
Reply Retweet Like
Dave Cossa Sep 1
New Tool: SharpSecDump - a multithreaded .Net port of the remote SAM + LSA Secrets dumping functionality from impacket's secretsdump Link:
Reply Retweet Like
Dave Cossa retweeted
SpecterOps Aug 31
We are super excited to announce our first virtual conference - SO-CON 2020, Nov 16 - 20, consisting of 4 training courses (2 new) and free talks / workshops showcasing the latest work from our team. More info at: Register at:
Reply Retweet Like
Dave Cossa retweeted
Rich Warren Aug 28
Finally had some time today to write something I've wanted every time I need to dump cookies.. 🍪 Just extract masterkey once, download the Cookie file and import 🪄
Reply Retweet Like
Dave Cossa retweeted
NA Aug 25
Reply Retweet Like
Dave Cossa retweeted
Ellis Springe Aug 26
Its national dog day, so naturally its time to release an update on Max! This update includes a new attack primitive with how it works, as well as some new features to a few of the old functions for better data extraction. Post:
Reply Retweet Like
Dave Cossa Aug 26
Replying to @byt3bl33d3r
Emphatically
Reply Retweet Like
Dave Cossa retweeted
spotless Aug 25
Evening note: "Local Shellcode Execution without Windows APIs"
Reply Retweet Like
Dave Cossa retweeted
b4rtik Aug 23
I made public a repo that I created a few months ago to study some mimikatz features
Reply Retweet Like
Dave Cossa retweeted
Andrew Robbins Aug 17
Pivoting from Azure back down to on-prem AD opens up some very exciting attack path possibilities. In this post, I explain what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems
Reply Retweet Like