Twitter | Search | |
πŸ₯ Benjamin Delpy
a kiwi coding mimikatz, kekeo, wanakiwi, etc. github:
6,919
Tweets
323
Following
36,611
Followers
Tweets
πŸ₯ Benjamin Delpy 12h
Replying to @JamesAtack
It only depends on your capacity to trust the person possessing the private key. Other ways, authenticode is a joke.
Reply Retweet Like
πŸ₯ Benjamin Delpy 14h
Replying to @JamesAtack
Digital signature is important
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 20
Replying to @gerhart_x
Not a big fan of source code, it kills the reverse game. On another subject, I'm not only on Windows / AD stuff ;)
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 19
15% is for Pass-The-Part of the password
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 18
Replying to @TalBeerySec
Any binaries to reverse ? ;)
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 18
Replying to @TalBeerySec
Hmm not sure I rebind before each call
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
Jake Williams Oct 17
The scene right after marketing launched that "Carbon Black stops mimikatz" campaign and said "hold my beer"
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 11
But of course, the guy in my room + a big guy at the end of my talk "helped" me to publish it faster :')
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 11
Nobody stole the code. Binaries was on the interne for ~1year, and was a little bit reversed by *at least* china/us Maybe they tried with a guy in my room (maybe not :')), in all cases as it was first conference where I presented the tool, it was planned to publis after the talk
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 11
"not sure how much you know about the history of that tool, but it was private before being stolen clandestinely, it can easily be countered by hooking lsass" what ?
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
Vincent Le Toux (Paris) Oct 11
How to be hidden from audit tool which use LDAP queries? Simple, abuse MaxValRange, defined in MS-ADTS 3.1.1.3.4.6 If you need to setup a multi valued property (serviceprincipalname for example), just fill 1500 idiot values. Then at 1501th, put your real value. thanks
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
Robᡉʳᡗ Graham😷, provocateur Oct 8
Replying to @matthew_d_green
It sounds like it's time for "the talk". "Look son, sometimes a man and a woman love each other very much.They want to send love letters to each other. Let's call them Alice and Bob...."
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 8
Replying to @Plutoberth
Kiwi Userland High Level module vs Kiwi Userland Low Level module there are Kiwi Kernel stuff in the driver too ;)
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 7
The same ability that your session can use the credentials. Credentials belong to system, it decrypts it and use them to logon (or to keep them to logon later), exactly like a normal user.
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 7
Replying to @iansus @passingthehash
System is computer account , not related to privilege Services are not ( always ) system , but have same credentials but can be restricted , and not having credentials ( of course when not using explicit account )
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 6
Replying to @MsftSecIntel
I’m not sure targets have VC build chain on endpoints 🀨 They probably just abuse a msbuild task to load an assembly, with an updated in memory... But you may have more details to share πŸ€·β€β™‚οΈ
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
Costin Raiu Oct 6
Possibly the most popular phrase of 2020: "Let me try to share my screen. Can you all see my screen?"
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 4
Yes, bonus points for security companies, all legits ;)
Reply Retweet Like
πŸ₯ Benjamin Delpy Oct 4
We had a mail thread where found « virtual patching » only deal with zero logon not encrypted traffic ....
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
Iceman - Proxmark3 evangelist - β˜• Oct 2
Ever curious on looking at HF signals on a ? When giving some serious β™₯️ to HF 14B commands , this was quite useful! πŸ™ who added the old 14b' (14b prime) support in the pm3 client!
Reply Retweet Like