Mitja Kolsek ap John Villamil Chris D We've updated our public servicing criteria to reflect that the Hyper-V Administrators group should be treated as equivalent to Administrators. aka.ms/windowscriteria

As promised, a short post on Hyper-V admin privesc: decoder.cloud/2020/01/20/fro… /cc Chris D Mitja Kolsek

Mapping Injection - Just another Windows Process Injection

github.com/antonioCoco/Ma…

#Juicypotato knocked to our door and wanted to get listen and ... we kindly answered!
From Service Account to SYSTEM again
cc ap 0xea31(@DonkeysTeam)

decoder.cloud/2019/12/06/we-…

Yay, I was awarded a $250 bounty on HackerOne! hackerone.com/phra #TogetherWeHitHarder

Hey MS MSDN folk, I suggest you to put at least <customErrors mode='RemoteOnly' defaultRedirect='customerror.htm'/> in your web.config

You’ve got mail! Postman will go live 2 November 2019 at 19:00:00 UTC. Haystack will be retired! You still have time to hack your way in at: hackthebox.eu/#join

New Feature #Shoutout 📣
Time to redeem your #hacking expertise via #CPEs for your ISC2 Certification!
Earn CPE credit via HTB for all owned machines,Pro Labs and challenges.
Find full description and details here: hackthebox.eu/press/view/8

I have just sent a Pull Request to add support for base64 output in mimikatz `log` command!

This will be useful as first step to bypass AV detection when writing the log to disk.

Usage: `log mimi /base64:on`

github.com/gentilkiwi/mim…

/CC 🥝🏳️‍🌈 Benjamin Delpy

Everyone is unique! Registry will go live 19 October 2019 at 19:00:00 UTC. Ellingson will be retired! You still have time to hack your way in at: hackthebox.eu/#join

It was a big surprise when we realized that #UsoSVC was hackable to esclate to SYSTEM from any SERVICE account, since Windows 1803. We suddenly felt back in the 2000s.
We actually were not alone! Kudos gweeperx for first bood on that!

portal.msrc.microsoft.com/en-us/security…

#CVE2019_1322 #EoP

Just added a PowerShell version of James Forshaw's UAC Bypass SilentCleanup to Donkeys redteam repo:
github.com/d0nkeys/redtea…

Based on:
- github.com/juliourena/pla…
- tyranidslair.blogspot.com/2017/05/exploi…

ConPtyShell Released!

ConPtyShell is a Fully Interactive Reverse Shell for Windows systems.
It uses the new Pseudo Console (ConPty) feature to literally transform your bash in a remote powershell.

github.com/antonioCoco/Co…

#PenTest #Csharp #powershell #shell #conpty
#terminal

CVE-2019-10392 — Yet Another 2k19 Authenticated Remote Command Execution in Jenkins

read the blog post @ iwantmore.pizza/posts/cve-2019…

/cc Jenkins The Hacker News

Exfiltrate Like a Pro: Using DNS over HTTPS as a C2 Channel

DNS over HTTPS is cool. It increases privacy and security by moving DNS from UDP to HTTP/2 😇.. but are you aware that it can be used as a C2 communication channel? 😼

check out the article @ iwantmore.pizza/posts/dnscat2-…

So MS told me that they won't fix in this release the 'vulnerability' in the checks of the 'SeTokenCanImpersonate' routines, as suggested by me (decoder.cloud/2019/07/04/cre…), maybe in the next releases? Meantime, enjoy ;-)

Focus on the good stuff! Scavenger will go live 17 August 2019 at 19:00:00 UTC. Helpline will be retired! You still have time to hack your way in at: hackthebox.eu/#join

Cut off the strings that holds you down! Rope will go live 03 August 2019 at 19:00:00 UTC. Fortune will be retired! You still have time to hack your way in at: hackthebox.eu/#join

Bye bye CFT!

Introducing Rustbuster — A Comprehensive Web Fuzzer and Content Discovery Tool

iwantmore.pizza/posts/rustbust…