0xBB
@bb_hacks
Someone who breaks stuff, sometimes even on purpose!
You might like
I'm super please to announce the release of NSGenCS - an extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows. Pick a technique and delivery method or create your own - new ones can be added in under a minute github.com/t3hbb/NSGenCS
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/germ…
Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. ibm.com/think/x-force/…
Fancy breaking out of ConstrainedLanguageMode, disabling userland ETW and bypassing AMSI? All at once and all with one tool? Signed by Microsoft? Well have I got some good news for you : shells.systems/one-tool-to-ru…
Plain text credentials from Palo Alto GlobalProtect v6.3.2-525 Will update github.com/t3hbb/PanGP_Ex… later but the new pattern (~line 300) is {0x48, 0x8D, 0x15, 0x63, 0x62, 0x4E, 0x00} BlueSky Account : [email protected]
Hey @AXS_UK, pretty sure that's not my IP address, being a private one (RFC1918 and all that). #HappyNewYear
So Palo Alto apparently silently updated (nothing in the release notes I could see) and decided rather than fix the issue, they would just stop the PoC working. So here is the tool getting plaintext creds on the latest version. Stop blocking the tool and start fixing the issue
Fancy retrieving plaintext user credentials, deactivation passcodes and uninstall passwords for Palo Alto Global Protect VPN? Thank goodness Palo Alto make that easy for you ... Full write up here : shells.systems/extracting-pla… Tooling available here : github.com/t3hbb/PanGP_Ex…
Rewards offered for information leading to the capture of The UnitedHealthcare CEO killer: NYPD: $10k FBI: $50k UnitedHealthcare: $0
Make sure to take your chances this holiday season to grab a free gift from the "cybercrime santa" 😂
Hi, it's tuts-for-nerds giveaway 6. (we movin' 'n' groovin') Our friend @mrgretzky hooked us up with 12 vouchers for the Evilginx Mastery course. Initially we were supposed to do this 12 does before Christmas, but we're swamped. Please forgive us, Kuba. I love you. If you'd…
🐋 Orca has arrived! The latest Proxmark3 source code is here, packed with fixes, features, and expanded capabilities. From enhanced iClass tools to new Python/Lua support, this is our most versatile update yet. 🔗 github.com/rfidresearchgr… #Proxmark3 #RFIDHacking #Orca
Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: synacktiv.com/publications/r…
Fancy retrieving plaintext user credentials, deactivation passcodes and uninstall passwords for Palo Alto Global Protect VPN? Thank goodness Palo Alto make that easy for you ... Full write up here : shells.systems/extracting-pla… Tooling available here : github.com/t3hbb/PanGP_Ex…
Did you know that 7z can browse .VHD and .VMDK files? You can open them right up, and even directly browse ntfs filesystems. On a pentest and find a bunch of disk images? Copy the SAM/SECURITY/SYSTEM hives directly from the images, no mounting, copying, or fussing around.
I am proud of you, my friend. I just needed to let you know!
Cards Against Humanity is suing Elon Musk & SpaceX for $15M They're being accused of trespassing on and damaging company-owned property in Texas "We bought a plot of land on the US-Mexico border to stop racist billionaire Donald Trump’s dumb wall. But this year, an even…
Cortex XDR full bypass with stock meterpreter payload. Screenshot from tooling demo, apologies for quality.
Just a brief article showing how easy it is to figure out where the canary files are kept on systems using Cortex XDR and how to avoid them. Issue was reported to Palo Alto, but it was determined to be a non-issue, so … here you go 😊 shells.systems/cortex-xdr-ran…
This is the way
One thing we don't do at #TrustedSec is double book our folks on multiple engagements. One, it hurts the quality of the assessment/engagement and two (most importantly) - it burns out the consultant. A cool program we implemented a few years ago is bonus work. It's work that we…
United States Trends
- 1. #DWTS 14.2K posts
- 2. Robert 93.9K posts
- 3. Elaine 68.9K posts
- 4. Carrie Ann N/A
- 5. Veterans Day 461K posts
- 6. Jeezy 3,048 posts
- 7. #WWENXT 5,437 posts
- 8. Northern Lights 4,734 posts
- 9. Louisville 9,016 posts
- 10. #aurora 1,641 posts
- 11. Woody 21.7K posts
- 12. Jaland Lowe N/A
- 13. Meredith 2,825 posts
- 14. Bindi 1,306 posts
- 15. Tom Bergeron N/A
- 16. Britani N/A
- 17. Oweh N/A
- 18. #DancingWithTheStars N/A
- 19. Tangle and Whisper 6,190 posts
- 20. Vogt 2,340 posts
You might like
-
Thomas Seigneuret
@_zblurx -
Ido Veltzman
@Idov31 -
Bad Sector Labs
@badsectorlabs -
waldoirc
@waldoirc -
Ryan Cobb
@cobbr_io -
SEKTOR7 Institute
@SEKTOR7net -
sinusoid
@the_bit_diddler -
LuemmelSec
@theluemmel -
Charlie Clark
@exploitph -
ed
@sprocket_ed -
Dwight Hohnstein
@djhohnstein -
☠️ Brandon
@__mez0__ -
adr
@aaaddress1 -
Dave Cossa
@G0ldenGunSec -
BallisKit
@BallisKit
Something went wrong.
Something went wrong.