APT

2022-08-11 09:31:38 ClipboardInject

Abusing the clipboard to inject code into remote processes

This PoC uses the clipboard to copy a payload into a remote process, eliminating the need for VirtualAllocEx/WriteProcessMemory

https://www.x86matthew.com/view_post?id=clipboard_inject

#maldev #injection #clipboard #redteam Open / Comment

2022-08-09 13:01:36 BlueHound

It is an open-source tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network
It is a fork of NeoDash, reimagined, to make it suitable for defensive security purposes.

Blog:
https://zeronetworks.com/blog/bluehound-community-driven-resilience/

Tool:
https://github.com/zeronetworks/BlueHound

#ad #sharphound #blueteam Open / Comment

2022-08-09 10:25:00 TamperingSyscalls

This is a 2 part novel project consisting of argument spoofing and syscall retrival which both abuse EH in order to subvert EDRs. This project consists of both of these projects in order to provide an alternative solution to direct syscalls.

Research:
https://fool.ish.wtf/2022/08/feeding-edrs-false-telemetry.html

Source:
https://github.com/rad9800/TamperingSyscalls

#edr #evasion #maldev #syscall #tampering Open / Comment

2022-08-05 17:31:37 On Detection: Tactical to Functional

The goal of this series is to facilitate a conversation about the more technical aspects of attacks and how a deeper understanding at the more foundational levels helps to provide a batter base to build assumptions from.

Part 1: Discovering API Function Usage through Source Code Review
Part 2: Operations
Part 3: Expanding the Function Call Graph

#maldev #pinvoke #winapi #detection #blueteam #ttp Open / Comment

2022-08-05 12:12:06 Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!

https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7

#ad #adcs #certypy #bloodhound Open / Comment

2022-08-04 14:25:05 https://habr.com/ru/company/angarasecurity/blog/680138/ Open / Comment

2022-07-25 10:13:02 PPLDump

RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows.

https://github.com/last-byte/RIPPL

#ad #ppl #lsass #tools Open / Comment

2022-07-24 15:05:40 PSAsyncShell: Asynchronous Firewall Bypass

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell.

Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections.

Research:
https://darkbyte.net/psasyncshell-bypasseando-firewalls-con-una-shell-tcp-asincrona/

Source:
https://github.com/JoelGMSec/PSAsyncShell

#ad #powershell #reverse #shell Open / Comment

2022-07-22 22:06:09 [ mpgn_x64, mpgn ]

Me after writing ONE vulnerablity out of 10 for the pentest report

[ tweet ]

Жиза же ну Open / Comment

2022-07-22 17:11:01 OSINT Tools

Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT.

Remini:
The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result.
https://app.remini.ai/

Cleanup.Pictures:
One of the best online photo object removal tools I've ever seen.
https://cleanup.pictures/


#OSINT #IMINT #ImageAnalysis #tools Open / Comment