Twitter | Pretraživanje | |
decidedlygray
between the blackhat and whitehat there is the gray. hacker, flow state addict, IoT/things pentester | views=my own. изучаю
1.833
Tweetovi
1.318
Pratim
629
Osobe koje vas prate
Tweetovi
decidedlygray proslijedio/la je tweet
Crypt0s 28. sij
PInjectra’s Stack Bombing Process Injection example was only the beginning. I wrote a practical implementation of it that performs process migration using shared Memory, self-loading/linking DLLs, and an RWX ROP chain. Also included: a detection for it
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
Zero Day Initiative 23. sij
Coming up at 2pm, , , and will be targeting a remote code execution with continuation against the Triangle Microworks SCADA Data Gateway in the DNP3 category. This could be the most exciting demo of the contest.
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
Steven 22. sij
Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
SpecterOps 22. sij
Odgovor korisniku/ci @SpecterOps
Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
SpecterOps 22. sij
Despite its incredible security enhancements, PowerShell continues to be abused by adversaries. A strong knowledge of PowerShell enables defenders to effectively manage and respond to its abuse. (1/4)
Reply Retweet Označi sa "sviđa mi se"
decidedlygray 15. sij
Odgovor korisniku/ci @byt3bl33d3r
I am probably totally wrong, but I thought AMSI just triggered on stuff like Assembly.Load? So not sure if just embedding EICAR in the binary would trigger it..
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
ϻг_ϻε 14. sij
I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell PoC exploit code:
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
hashcat 14. sij
Support added to crack Citrix NetScaler (SHA512) hashes with hashcat 6.0.0:
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
Rich Warren 14. sij
Ok AES-256 encrypted LDAP passwords in ns.conf in ADC/NetScaler have been broken. You need to change those too.
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
PortSwigger Research 14. sij
Voting is now open for the top 10 new web hacking techniques of 2019:
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
Responder 9. sij
Responder 3.0.0.0 is out! Massive upgrade, support for both py3 and py2, many bug fix, enhancements and Q.A++ on all servers, poisoners and tools. Enjoy! ;)
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
SpecterOps 13. sij
In this post, dissects Mimikat'z kernel mode driver, Mimidrv, and walks through some of the capabilities available to us in ring 0. Check it out:
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
Mattias Geniar 13. sij
This is clever: find an unlocked Windows computer, pop in a USB and it shows a fake login/lock screen ("hmm, did I lock my PC when I went for a coffee?") User enters credentials into *your* app & you just stole the username/password. 🤯
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
KevTheHermit 12. sij
Citrix Netscaler AMIs on default vulnerable out of the box. The root password is set to the instance ID; that can be read from the metadata URL. CVE-2019-19781 from nobody to ssh as root in seconds.
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
Rio 10. sij
Just published a new blogpost with more details about the Citrix ADC Remote Command Execution.
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
n00py 10. sij
Recently I was on a pentest and needed to manage Active Directory groups from Linux to achieve privilege escalation. If you find yourself in a similar scenario, this is what you can do:
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
MicrosVuln 10. sij
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges (binaries + writeups by hacking topics)
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
D Ξ Ξ P Λ K ⚙️ 9. lis
One liner to import whole list of subdomains into Burp suite for automated scanning! cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
Mobile Security 10. sij
Reply Retweet Označi sa "sviđa mi se"
decidedlygray proslijedio/la je tweet
Sean Harris 10. sij
Shadow-Box v2: The Practical and Omnipotent Sandbox for ARM via
Reply Retweet Označi sa "sviđa mi se"