몾 Artemis @mixic@nanao.cybtex.fr
247365
Inscrit·e en mar. 2022
Simple tool called IOCTL_VOLSNAP_QUERY_NAMES_OF_SNAPSHOTS returns all snapshot, including hidden ones.
Volume Snapshot Service / Volume Shadow Copy
DLLirant
This tool automatize the DLL hijacking researches on a specified binary.
DelegationBOF
This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently, it supports RBCD, Constrained, Constrained w/Protocol Transition, and Unconstrained Delegation checks.
몾 Artemis
a partagé
CVE-2018-25032 could potentially allow a Denial-of-Service (#DoS) attack. This bug was reported by Danilo Ramos of Eideticom, Inc. It has lain in wait 13 years before being found! The « bug » was introduced in zlib 1.2.2.2, with the addition of the Z_FIXED option. #vuln #informatique
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Impacket : It is now possible to add a computer account via SMB from a NTLM Relay with ntlmrelayx
Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code. It is based on the lcscript project that extends ChaiScript with native Windows API call support. Mochi was built to allow remote loading of ChaiScript files that orchestrate lower level code and execute offensive actions with the Windows API.
An explanation of SHA-1 hashes recorded in Amcache
- Amcache registry hive
%WINDIR%\AppCompat\Programs\Amcache.hve
https://blog.nviso.eu/2022/03/07/amcache-contains-sha-1-hash-it-depends/
Windows System Resource Usage Monitor (SRUM)
- SRUM artifacts
%WINDIR%\System32\SRU\SRUDB.dat
How to bypass the macOS privacy framework (TCC) using old app versions ?
https://wojciechregula.blog/post/macos-red-teaming-bypass-tcc-with-old-apps/
CVE-2022-0847
A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
Back in 2016, an exploit called Hot Potato was revealed and opened a Pandora's box of local privilege escalations at the window manufacturer. Over the next few years, Microsoft kept patching « Won't fix », which eventually got bypassed with new techniques, always bringing new potatoes.
The goal of this article is to present all the exploits from the first one to the last one, how they work and how to use it. So, let's dive into the incredible Mousline mash up of impersonations and privilege escalations.
https://hideandsec.sh/books/windows-sNL/page/in-the-potato-family-i-want-them-all
Bindings for Microsoft WinDBG TTD
We have not yet found any victims of this malware.
À quoi ça rime de donner de l'écho ? Galvaniser l'auditoire ? Créer des imitateurs ? Voyons.. TrendMicro.. vous avez pourtant des cerveaux, non ? Alors servez-vous en.
Microsoft AppLocker bypass by hash caching misuse
https://github.com/gtworek/PSBits/tree/master/AppLockerBypass
Duke: You Wanna Dance?
CrackHound
A way to introduce plain-text passwords into BloodHound. This allows you to upload all your cracked hashes to the Neo4j database and use it for reporting purposes (csv exports) or path finding in BloodHound using custom queries.
SyscallPack : Beacon Object File (BOF) and Shellcode for full DLL unhooking.
247365
Inscrit·e en mar. 2022
