몾 Artemis @mixic@nanao.cybtex.fr

Microsoft AppLocker bypass by hash caching misuse

︀

https://github.com/gtworek/PSBits/tree/master/AppLockerBypass

Duke: You Wanna Dance?

LukHash - Round The World

CrackHound

A way to introduce plain-text passwords into BloodHound. This allows you to upload all your cracked hashes to the Neo4j database and use it for reporting purposes (csv exports) or path finding in BloodHound using custom queries.

https://github.com/trustedsec/crackhound

SyscallPack : Beacon Object File (BOF) and Shellcode for full DLL unhooking.

https://github.com/cube0x0/SyscallPack

SysWhispers3 is a SysWhispers on Steroids.

AV/EDR evasion by generating header/ASM files implants can use to make direct system calls.

https://github.com/klezVirus/SysWhispers3

+ Hyntrospect: a fuzzer for Hyper-V devices

+ A Brief History of iMessage Exploitation

+ Security Analysis of MTE Through Examples

+ Relaying to Greatness : Windows Privilege Escalation by abusing the RPC/DCOM protocols

• 👨🏻‍💻 nmap -p 443 --script pjl-info-config <ip>

• 👨🏻‍💻 nmap -p 443 --script http-lexmark-version <ip>

Related articles:

🖨 https://research.nccgroup.com/2022/02/17/bypassing-software-update-package-encryption-extracting-the-lexmark-mc3224i-printer-firmware-part-1/

🖨 https://research.nccgroup.com/2022/02/18/analyzing-a-pjl-directory-traversal-vulnerability-exploiting-the-lexmark-mc3224i-printer-part-2/

⌨️ Online Assembler & Disassembler

😍 http://shell-storm.org/online/Online-Assembler-and-Disassembler/