During a recent Active Directory intrusion test, Quentin Roland was led to devise a new versatile attack vector targeting Group Policy Objects, allowing their exploitation through NTLM relaying.
synacktiv.com/publications/g…

Bypassing Windows Defender and PPL Protection to Dump LSASS tacticaladversary.io/adversary-tact… #redteam

Here is a first draft on an NTLM relay mindmap 🙂 from authentication coercion to post-relay exploitation. I'll gladly update/correct it if you think there are things wrong or missing.

➡️Featured on The Hacker Recipes thehacker.recipes/ad-ds/movement…

[BLOG]
Ok, I've written about my experience of battling with both managed and unmanaged memory allocations to try and improve b33f | 🇺🇦✊'s Melkor POC.

rastamouse.me/building-a-sli…

EDRSandblast-GodFault: a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections github.com/gabriellandau/…

A few years old but a very well written white paper on Linux containers
Credits NCC Group plc

research.nccgroup.com/wp-content/upl…

#Linux #containers #infosec

I just published Home Grown Red Team: SMB Pivots With Havoc C2 link.medium.com/Ap3Xk0HKjCb

An updated article for lateral movement with Havoc.

SUCH a good read. I love the section where they explicitly explain the process used to write custom shellcode for OpenBSD. Even for a noob to Binary Exploitation that was so easy to follow and really emboldening to go after these sort of bugs.
Bravo!
blog.assetnote.io/2023/08/09/exp…

Excited to share my new research: a POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local/remote processes.

github.com/ShorSec/DllNot…

An accompanying blog post with more details:
shorsec.io/blog/dll-notif…

Lee Chagolla-Christensen , Max Harley , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at github.com/SpecterOps/Nem… and we have a post explaining details at posts.specterops.io/hacking-with-y… 1/3

. Sam Curry's write ups not only contain a 👌 amount of technical details, but also tell a story and describe the mentality required to find these internet breaking bugs.

Also, note the verbiage surrounding 'interesting' or 'curious'. Essential.
Must read:
samcurry.net/points-com/

When making the vulnerable #AWS environment CloudFoxable, Seth Art drew inspo from #security tools like #CloudGoat , flaws.cloud, and #Metasploitable . CloudFoxable provides flags and #attackpaths in a CTF format.

Check out the #challenges ! bfx.social/3X6diwX

It's only a service principal. cyberdom.blog/2023/07/29/per…

Abusing DLLs with RWX sections to fulfill memory allocation primitive and achieve code injection in a local and remote process.

Post by Thiago Peixoto, Felipe Duarte and Ido Naor of Security Joes.

#redteam
securityjoes.com/post/process-m…

Continuing their journey through offensive data, Will Schroeder, Lee Chagolla-Christensen, and Max Harley break down some common challenges in post-exploitation work flows. ghst.ly/45d5oF3

Me and Her0 did a fair bit of research against one of the leading EDRs in the sector. This first post will hopefully be the start of a long saga, documenting all of our findings.

This first part was dated back in 2020:

riccardoancarani.github.io/2023-08-03-att…

Published a write-up on successfully phishing a target using AD FS with MFA. Covers some of the challenges and how I finally got it working 🎣

research.aurainfosec.io/pentest/hook-l…

Backdooring ClickOnce .NET for Initial Access: A Practical Example by an0n infosecwriteups.com/backdooring-cl…

New DLL hijacking opportunities, triggered using DCOM for lateral movement: github.com/WKL-Sec/dcomhi…

Blog on Advanced module stomping and Heap/Stack Encryption is now out, it bypass PE-Sieve and Moneta while sleeping

Blog : labs.cognisys.group/posts/Advanced…

Github Project : github.com/CognisysGroup/…