“I Hunt Sys Admins” by Will Schroeder harmj0y.net/blog/penetesti…

processes that use bits in windows, SCCM client, browsers, outlook, onedrive & some update programs, powershell one was for testing thus it's not that frequent to have it there and if so likely the transfer job name will be known and can be baselined.

Windows / Linux Local Privilege Escalation Workshop (Materials included !) 🥳 github.com/sagishahar/lpe…

pivoting on rwdrv.sys (legit signed driver to discover UEFI other HW related settings) leads to Lojax/DoubleAgent UEFI rootkit. sysmon check eventid 6 with Signature: "ChongKim Chan" (cuz there are many version with diff hashes) - proper discovery for this type of TTP is a must

Useful for #redteam PENTESTING-BIBLE github.com/blaCCkHatHacEE… Nishang github.com/samratashok/ni… Awesome Red Teaming github.com/yeyintminthuht… LOLBins and LOLScripts github.com/LOLBAS-Project… Collection Document github.com/tom0li/collect… Venom github.com/Dliv3/Venom #bugbounty

#vulnScanners Vulns github.com/future-archite… lynis github.com/CISOfy/lynis Scanners-Box github.com/We5ter/Scanner… h4cker github.com/The-Art-of-Hac… trivy github.com/aquasecurity/t… xunfeng github.com/ysrc/xunfeng faraday github.com/infobyte/farad… #bugbountytips,#bugbounty

sometimes you can see a detection opportunity from a short video :) [URL matches, access to ECP url & OTHERS normally is useful for Exchange Admin ppl only, from process exec flow u can monitor any susp child proc of w3wp.exe with parent_cmdline line "*-ap *MSExchangeECPAppPool*"

Undocumented (what a surprise!) EVTX file format flag, making all internal checksums ignored. Good to have if you plan to manipulate the log content.🕵️ Simple "try this at home" #PowerShell script: github.com/gtworek/PSBits…

Have you ever needed to get an earlier version of the Windows binary you're analyzing? Did you end up downloading Windows ISOs or update packages just for that? Not anymore! Introducing Winbindex: m417z.com/winbindex/ m417z.com/Introducing-Wi…

new container, will be set to public soon :D

Excited to publish our research in which Eyal Itkin and I were able to fingerprint 2 of the most active exploit developers for Windows. Together, they account for 16 Windows LPE exploits, of which 5 were 0-Days that were sold to APTs and crime groups. research.checkpoint.com/2020/grapholog…

I waited 2 years for this, rewrote impacket for this, asked cryptographers to remake algos in python for this, spent enormous time of my life to make this happen. and it's finally here this finally works and I can't find the words to express my satisfaction.

lol this site is hot 0dayfans.com

The research I have worked on while working at Semperis about a new gMSA attack was just published. Special thanks to Elad Shamir and Guy Teverovsky for all of their help.

New blog about rootkit detections! File operations hooking explained :) blog.aquasec.com/detect-drovoru…

Check out our new blog about repojacking. We show a massive dataset we used and introduce exploitation scenarios using real repoaitories examples

🚨 Aqua Nautilus researchers have identified the infrastructure of a potentially massive campaign against #cloud native environments. In the first of a two part series, we unfold the story of how we discovered the campaign, speculate on the threat actor, and share mitigation

🚨 Thread: Six Critical AWS Vulnerabilities Found 🚨 We've uncovered serious vulnerabilities in AWS services, leading to potential remote code execution, data manipulation, and more. Here's what you need to know: 🧵[1/7]

AWS: where the shadow knows your secrets. Yakir Kadkoda & Ofek itach show you how attackers find your forgotten resources. #INTENT2024 ☁️🔓