Offensive Twitter
23.04.202517:05
Раунд 3
💡Каждый год мы зажигаем новые яркие лампочки в гирлянде отечественного рынка кибербезопасности — компетентных специалистов, которые остаются за кадром большой работы по поиску уязвимостей.
Участие все еще бесплатное, а прием заявок продлиться до 30 июня. В этом году появились новые номинации от спонсоров проекта: Совкомбанк Технологии и BI.ZONE Bug Bounty.
🥇Главный приз за победу — стеклянная именная статуэтка и макбук!
🥈🥉За вторые и третьи места призеры получат айфоны и смарт-часы.
🎬OFFZONE подарит финалистам билеты на свою конференцию 2025.
✏️А учебный центр CyberEd гранты на обучения.
Ну и конечно, самая ценная награда за участие — почет и уважение сообщества этичных хакеров.
Отправляйте заявки на сайте, участвуйте и побеждайте!
https://t.me/justsecurity/382
#pentest_awards
Открыли прием заявок на Pentest award 2025!
💡Каждый год мы зажигаем новые яркие лампочки в гирлянде отечественного рынка кибербезопасности — компетентных специалистов, которые остаются за кадром большой работы по поиску уязвимостей.
Участие все еще бесплатное, а прием заявок продлиться до 30 июня. В этом году появились новые номинации от спонсоров проекта: Совкомбанк Технологии и BI.ZONE Bug Bounty.
🥇Главный приз за победу — стеклянная именная статуэтка и макбук!
🥈🥉За вторые и третьи места призеры получат айфоны и смарт-часы.
🎬OFFZONE подарит финалистам билеты на свою конференцию 2025.
✏️А учебный центр CyberEd гранты на обучения.
Ну и конечно, самая ценная награда за участие — почет и уважение сообщества этичных хакеров.
Отправляйте заявки на сайте, участвуйте и побеждайте!
https://t.me/justsecurity/382
#pentest_awards
20.04.202513:31
😈 [ hasherezade @hasherezade ]
Centralized resource for listing and organizing known injection techniques and POCs:
🔗 https://github.com/itaymigdal/awesome-injection
🐥 [ tweet ][ quote ]
Centralized resource for listing and organizing known injection techniques and POCs:
🔗 https://github.com/itaymigdal/awesome-injection
🐥 [ tweet ][ quote ]
06.04.202513:13
😈 [ ippsec @ippsec ]
After using Python for so long, I've been trying to switch to GoLang over the last two years just to try something new. I'm finally somewhat confident in being able to write I'd try to create a video series to help others. This is the first video:
🔗 https://youtu.be/uJFW4c4QE0U
🐥 [ tweet ]
After using Python for so long, I've been trying to switch to GoLang over the last two years just to try something new. I'm finally somewhat confident in being able to write I'd try to create a video series to help others. This is the first video:
🔗 https://youtu.be/uJFW4c4QE0U
🐥 [ tweet ]
30.03.202517:54
😈 [ Duncan Ogilvie 🍍 @mrexodia ]
Success! Claude 3.7 with my IDA Pro MCP server managed to solve the crackme that was previously failing🦾
The trick was adding a convert_number tool and stress to always use it for conversions. It took ~7 minutes to run and the cost was $1.85. Also includes an analysis report.
🔗 https://github.com/mrexodia/ida-pro-mcp
🐥 [ tweet ]
Success! Claude 3.7 with my IDA Pro MCP server managed to solve the crackme that was previously failing🦾
The trick was adding a convert_number tool and stress to always use it for conversions. It took ~7 minutes to run and the cost was $1.85. Also includes an analysis report.
🔗 https://github.com/mrexodia/ida-pro-mcp
🐥 [ tweet ]
рип цтфы категории пвн15.03.202507:16
😈 [ 5pider @C5pider ]
spend some time rewriting stardust to be more minimalist and easier to use! I needed a generic minimal shellcode template that works for both x86 and x64 out of the box so I rewrote stardust to do so.
It is now written in C++20 and utilizing some of its language features. The template can be used to easily write shellcode fast in a more modern and less painful way.
The project can be compiled in release or debug mode, where as debug mode will just allow the use of DBG_PRINTF, which calls DbgPrint under the hood to print out strings to the currently attached debugger.
There are more things i have added so consider checking it out. I removed global variable access since i no longer use it nor require it (went for diff design heh). If u still need that feature I would recommend to change the branch to "globals-support" where the old version is hosted.
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
spend some time rewriting stardust to be more minimalist and easier to use! I needed a generic minimal shellcode template that works for both x86 and x64 out of the box so I rewrote stardust to do so.
It is now written in C++20 and utilizing some of its language features. The template can be used to easily write shellcode fast in a more modern and less painful way.
The project can be compiled in release or debug mode, where as debug mode will just allow the use of DBG_PRINTF, which calls DbgPrint under the hood to print out strings to the currently attached debugger.
There are more things i have added so consider checking it out. I removed global variable access since i no longer use it nor require it (went for diff design heh). If u still need that feature I would recommend to change the branch to "globals-support" where the old version is hosted.
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
09.03.202508:08
😈 [ 📔 Michael Grafnetter @MGrafnetter ]
New Indicator of Compromise (IoC) by the NTLM Relay Attack with Shadow Credentials, thanks to bugs in Impacket, a popular Python implementation. Will probably be fixed in the near future.
🔗 https://www.dsinternals.com/en/indicator-of-compromise-shadow-credentials-ntlm-relay-impacket/
🐥 [ tweet ]
New Indicator of Compromise (IoC) by the NTLM Relay Attack with Shadow Credentials, thanks to bugs in Impacket, a popular Python implementation. Will probably be fixed in the near future.
🔗 https://www.dsinternals.com/en/indicator-of-compromise-shadow-credentials-ntlm-relay-impacket/
🐥 [ tweet ]
23.04.202511:04
😈 [ R.B.C. @G3tSyst3m ]
Discovered a somewhat novel UAC bypass. Had fun learning this one. It takes advantage of machines that have the Intel ShaderCache directory installed in the appdata directory. Also uses junctions + arbitrary write, etc.
🔗 https://g3tsyst3m.github.io/uac%20bypass/Bypass-UAC-via-Intel-ShaderCache/
🐥 [ tweet ]
Discovered a somewhat novel UAC bypass. Had fun learning this one. It takes advantage of machines that have the Intel ShaderCache directory installed in the appdata directory. Also uses junctions + arbitrary write, etc.
🔗 https://g3tsyst3m.github.io/uac%20bypass/Bypass-UAC-via-Intel-ShaderCache/
🐥 [ tweet ]
03.04.202520:25
😈 [ Bobby Cooke @0xBoku ]
As promised... this is Loki Command & Control! 🧙♂️🔮🪄
Thanks to @d_tranman for his work done on the project and everyone else on the team for making this release happen!
🔗 https://github.com/boku7/Loki
🐥 [ tweet ]
As promised... this is Loki Command & Control! 🧙♂️🔮🪄
Thanks to @d_tranman for his work done on the project and everyone else on the team for making this release happen!
🔗 https://github.com/boku7/Loki
🐥 [ tweet ]
28.03.202509:36
😈 [ Oddvar Moe @Oddvarmoe ]
Many people wanted my slides from the Windows Client Privilege Escalation webinar yesterday.
Here are links to the slides and the recording of the webinar.
Slides:
🔗 https://www.slideshare.net/slideshow/windows-client-privilege-escalation-shared-pptx/277239036
Recording:
🔗 https://youtu.be/EG2Mbw2DVnU?si=rlx-GG2QMQpIxQYi
🐥 [ tweet ]
Many people wanted my slides from the Windows Client Privilege Escalation webinar yesterday.
Here are links to the slides and the recording of the webinar.
Slides:
🔗 https://www.slideshare.net/slideshow/windows-client-privilege-escalation-shared-pptx/277239036
Recording:
🔗 https://youtu.be/EG2Mbw2DVnU?si=rlx-GG2QMQpIxQYi
🐥 [ tweet ]
14.03.202514:25
😈 [ Thomas Seigneuret @_zblurx ]
Fear no more for LDAP Signing and Channel binding with Impacket based tools 😎
🔗 https://github.com/fortra/impacket/pull/1919
🐥 [ tweet ]
Fear no more for LDAP Signing and Channel binding with Impacket based tools 😎
🔗 https://github.com/fortra/impacket/pull/1919
🐥 [ tweet ]
02.03.202507:32
😈 [ T3nb3w @T3nb3w ]
🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection
Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research!
Blog:
🔗 https://mohamed-fakroud.gitbook.io/red-teamings-dojo/abusing-idispatch-for-trapped-com-object-access-and-injecting-into-ppl-processes
Code:
🔗 https://github.com/T3nb3w/ComDotNetExploit
Original:
🔗 https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
🐥 [ tweet ]
🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection
Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research!
Blog:
🔗 https://mohamed-fakroud.gitbook.io/red-teamings-dojo/abusing-idispatch-for-trapped-com-object-access-and-injecting-into-ppl-processes
Code:
🔗 https://github.com/T3nb3w/ComDotNetExploit
Original:
🔗 https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
🐥 [ tweet ]
22.04.202513:06
😈 [ ippsec @ippsec ]
New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts!
🔗 https://youtu.be/BhLpqRev80s
🐥 [ tweet ]
New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts!
🔗 https://youtu.be/BhLpqRev80s
🐥 [ tweet ]
16.04.202510:37
😈 [ NetSPI @NetSPI ]
Microsoft patched critical vulnerabilities (CVE-2025-21299, CVE-2025-29809) in Q1 2025.
NetSPI research reveals Kerberos canonicalization bypasses Hyper-V isolation of credentials, compromising Windows security.
Read the full article:
🔗 https://www.netspi.com/blog/technical-blog/adversary-simulation/cve-2025-21299-cve-2025-29809-unguarding-microsoft-credential-guard/
🐥 [ tweet ]
Microsoft patched critical vulnerabilities (CVE-2025-21299, CVE-2025-29809) in Q1 2025.
NetSPI research reveals Kerberos canonicalization bypasses Hyper-V isolation of credentials, compromising Windows security.
Read the full article:
🔗 https://www.netspi.com/blog/technical-blog/adversary-simulation/cve-2025-21299-cve-2025-29809-unguarding-microsoft-credential-guard/
🐥 [ tweet ]
02.04.202514:16
😈 [ Yehuda Smirnov @yudasm_ ]
Excited to release a tool I've been working on lately: ShareFiltrator
ShareFiltrator finds credentials exposed in SharePoint/OneDrive via the Search API (_api/search/query) and also automates mass downloading of the discovered items.
Blog:
🔗 https://blog.fndsec.net/2025/04/02/breaking-down-sharepoint-walls/
Code:
🔗 https://github.com/Friends-Security/sharefiltrator
🐥 [ tweet ]
Excited to release a tool I've been working on lately: ShareFiltrator
ShareFiltrator finds credentials exposed in SharePoint/OneDrive via the Search API (_api/search/query) and also automates mass downloading of the discovered items.
Blog:
🔗 https://blog.fndsec.net/2025/04/02/breaking-down-sharepoint-walls/
Code:
🔗 https://github.com/Friends-Security/sharefiltrator
🐥 [ tweet ]
24.03.202511:54
😈 [ Wietze @Wietze ]
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters:
🔗 https://wietze.github.io/blog/bypassing-detections-with-command-line-obfuscation
🐥 [ tweet ]
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters:
🔗 https://wietze.github.io/blog/bypassing-detections-with-command-line-obfuscation
🐥 [ tweet ]
13.03.202517:10
😈 [ Andrea Pierini @decoder_it ]
KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
🔗 https://github.com/decoder-it/KrbRelayEx-RPC
🐥 [ tweet ]
KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
🔗 https://github.com/decoder-it/KrbRelayEx-RPC
🐥 [ tweet ]
07.02.202518:04
😈 [ Wietze @Wietze ]
🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own
🔥 68 executables supported out of the box - use right away, make tweaks, or create your own
👉 Now available at
🔗 http://argfuscator.net
🐥 [ tweet ]
🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own
🔥 68 executables supported out of the box - use right away, make tweaks, or create your own
👉 Now available at
🔗 http://argfuscator.net
🐥 [ tweet ]
21.04.202508:06
😈 [ Mr.Z @zux0x3a ]
Last night, I made myself busy and revisited some older methods for exploiting tokens in Windows applications shared by @mrd0x couple of years ago. However, I realized that the integration of AI into applications like Notepad presents new opportunities for exploitation. This led me to write a blog post and modify a BOF to tackle the issue.
a compromised Cowriter Bearer token could be leveraged to extract potentially sensitive information.
🔗 https://0xsp.com/offensive/the-hidden-risk-compromising-notepad-cowriters-bearer-tokens/
🐥 [ tweet ]
Last night, I made myself busy and revisited some older methods for exploiting tokens in Windows applications shared by @mrd0x couple of years ago. However, I realized that the integration of AI into applications like Notepad presents new opportunities for exploitation. This led me to write a blog post and modify a BOF to tackle the issue.
a compromised Cowriter Bearer token could be leveraged to extract potentially sensitive information.
🔗 https://0xsp.com/offensive/the-hidden-risk-compromising-notepad-cowriters-bearer-tokens/
🐥 [ tweet ]
15.04.202516:26
😈 [ 0xdf @0xdf_ ]
OS Enumeration CheatSheet! I'll look at using package versions, common ports, and packet TTLs.
🔗 https://0xdf.gitlab.io/cheatsheets/os
🐥 [ tweet ]
OS Enumeration CheatSheet! I'll look at using package versions, common ports, and packet TTLs.
🔗 https://0xdf.gitlab.io/cheatsheets/os
🐥 [ tweet ]
18.03.202517:51
😈 [ Bobby Cooke @0xBoku ]
Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to @d_tranman and @chompie1337 for all their contributions to Loki C2! @IBM @IBMSecurity @XForce
🔗 https://securityintelligence.com/x-force/bypassing-windows-defender-application-control-loki-c2/
🐥 [ tweet ]
Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to @d_tranman and @chompie1337 for all their contributions to Loki C2! @IBM @IBMSecurity @XForce
🔗 https://securityintelligence.com/x-force/bypassing-windows-defender-application-control-loki-c2/
🐥 [ tweet ]
10.03.202513:29
😈 [ MrAle98 @MrAle_98 ]
Hey there,
Finally published the article on the exploit for CVE-2025-21333-POC exploit.
Here the link to the article:
🔗 https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae
🐥 [ tweet ]
Hey there,
Finally published the article on the exploit for CVE-2025-21333-POC exploit.
Here the link to the article:
🔗 https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae
🐥 [ tweet ]
Reposted from:
Ralf Hacker Channel
06.02.202516:44
Простая реализация
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
ts::multirdphttps://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
Shown 1 - 24 of 58
Log in to unlock more functionality.