|
HoangSpecial
@
SpecialHoang
Philadelphia, PA
|
|
Security Researcher | Pentester | Red Team | APT69
|
|
|
68
Tweetovi
|
46
Pratim
|
1.016
Osobe koje vas prate
|
| Tweetovi |
|
HoangSpecial
@SpecialHoang
|
28. sij |
|
Similarly, I also happen to get to use forced exception through pointer destruction which is another nice trick to pair up with VEH. AGAIN, sorry for necroing this haha.
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
28. sij |
|
Sorry for replying to something a year back, was scrolling through my Twitter and realized I never replied, my fault. I think you know this by now that a lot of games do anticheat do use DR register as a way to stop debuggers from placing hwbp but your comment is correct =).
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
18. sij |
|
I wish i was 10
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
17. sij |
|
One of the smartest hacker I know. The man, the legend, leoloobeek
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
3. sij |
|
If you can show me the code. It have a custom cmd that you can use, just ends with &. This should let you execute anything in cmd as admin. Sorry for the late reply, holiday and travel. Do let me know if you need more help we can hit up DM.
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
31. pro |
|
This was always a known thing in project's file is it not? Just give a quick look around project file and solution file before opening.
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
13. pro |
|
MiniDumpWriteDump is a wrapper for tons of other functions (+ ReadProcessMemory) to construct a usable structure that Mimikatz later parses. Best you can do is perform an IAT hook and redirect ReadProcessMemory to your syscall. See doxygen.reactos.org/d8/d5d/minidum…
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
4. pro |
|
It does not involve packets. You can use packet but it is highly obfuscated and will take a lot lot lot lot of work to get there but it will also give you the most freedom.
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
3. pro |
|
There is a vtable for it that you can hook using VMT. You just have to be creative and look for it. It's there.
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
29. stu |
|
one & should be good I think and I'm not sure 1909 is vulnerable. Let's me know the result, I'm curious :D
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
29. stu |
|
Append & to the end of the command. Maybe give that a try?
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
29. stu |
|
Yeah seem like it was just patched. Glad we worked this out
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
29. stu |
|
Sorry for late reply. It should say the password on completion which seem like you already got your hand on. You can also use the custom command line to add your own account if you don't want to use the hard-coded one. Glad it worked out!
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
26. stu |
|
Messaged you, let's get this figured out =)
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
14. stu |
|
Sounds good mate! Glad I wasn't the only one.
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
14. stu |
|
Thanks to @NCCGroupInfosec for releasing their write up on CVE-2019-1405 and CVE-2019-1322. I figured it is time for me to learn some COM stuff so I whip up a PoC.
Source: github.com/apt69/COMahawk .
Video: vimeo.com/373051209
Thanks to @leoloobeek and @TomahawkApt69
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
30. lis |
|
I don't RT much unless it is really good or it is from @TomahawkApt69. In this case, @nixbyte was able to fulfill both criteria. Looking forward to seeing this being used in every red team C2! twitter.com/nixbyte/status…
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
28. lis |
|
Not with those vuln drivers =)
|
||
|
|
||
| HoangSpecial proslijedio/la je tweet | ||
|
Eversec CTF
@EverSecCTF
|
8. ruj |
|
Thanks to all of our crew for the tireless work this weekend. New friends, late nights, and a new found hatred of barcodes. 🥇🏆💻@DerbyCon @DerbyConCTF #DerbyCon pic.twitter.com/AOCg6G4iUg
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
8. ruj |
|
We did it #everSec #ctf #derbycon. Thank you to everyone for the carrying and the humbling experience. And thank you to @DerbyConCTF for hosting! pic.twitter.com/Deh1Jvuz3R
|
||
|
|
||