recentpopularlog in
« earlier  
Volatility Workbench - A GUI for Volatility memory forensics
Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the command line version
volatility  dfir  windows 
21 hours ago
GitHub - proxycannon/proxycannon-ng: A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
We've created a on-demand proxy tool that leverages cloud environments giving a user the ability to source (all) your traffic from an endless supply of cloud based IP address. Think of it as your own private TOR network for your redteam and pentest engagements.
proxy  pentest  cloud 
21 hours ago
GitHub - sysdream/chashell
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
dns  shell  reverseshell  pentest 
21 hours ago
Twitter
I have a new metaphor for information security.
yesterday
Offensive-WMI.pdf
Tim Medin presentation
wmi  pentest 
3 days ago
Run any app from Ease of Access button on Windows 10 login screen
To open Command Prompt using the Ease of Access button from the Windows 10 login screen, set the Debugger value data to the following value
windows  pentest  debug  registry 
3 days ago
impacket/wmiexec.py at master · SecureAuthCorp/impacket · GitHub
# A similar approach to smbexec but executing commands through WMI.
# Main advantage here is it runs under the user (has to be Admin)
# account, not SYSTEM, plus, it doesn't generate noisy messages
# in the event log that smbexec.py does when creating a service.
wmi  psexec  pentest 
3 days ago
GitHub - FortyNorthSecurity/WMImplant: This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImpl
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
wmi  c2  windows  pentest 
3 days ago
Every Linux networking tool I know
Do you ever feel like there are like 50 different linux networking tools that all do different things and it’s impossible to keep track? That’s because there are about 10 billion linux networking tools. This isn’t even including web/dns servers like apache / nginx / unbound, just regular command line tools! So I made this fun poster with a super short description of each one, in the hopes that it’ll help you keep track and maybe find some new tools to learn about.
linux  network  tools 
4 days ago
Privilege Escalation in Ubuntu Linux (dirty_sock exploit) | Shenanigans Labs
In January 2019, I discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the system.
kernel  linux  privesc  dirty_sock  ubuntu 
4 days ago
Twitter
I have a literal stack of books and a OneNote full of five years worth of stuff to study and I think I…
4 days ago
Twitter
RT : Scratches easily? Has no user serviceable parts? Extremely expensive to fix? It’ll be Rose Gold? The battery won’t…
5 days ago
Twitter
I long since quit using mine in Twitter bio and I've never used them in LinkedIn top line or e-mail si…
5 days ago
A 101 on Domain Fronting - DigiNinja
Domain fronting has been around for years and I've always understood the concept but never actually looked at exactly how it works. That was until recently when I did some work with Chris Truncer who had us set it up as part of a red team test. That was the point I had to get down and understand the actual inner workings. Luckily Chris is a good teacher and the concept is fairly simple when it is broken down into pieces.
domainfronting 
6 days ago
Dotfile madness
This particular problem has been noticed and solved a long time ago with the creation of XDG Base Directory Specification. The specification defines a set of environment variables pointing programs to a directory in which their data or configuration should be stored. It is up to the user to set those variables so if the variables are not available the programs are expected to default to a directory defined by the standard and not the user's home directory.
configuration  files  linux  dotfiles 
6 days ago
Hybrid Cobalt Strike Redirectors · Zach Grace
Working for an organization with a strict data security policy puts a few challenges on a Red Team, especially when it comes to building robust infrastructure. m0ther_ and I set out to build a robust, multi-redirector infrastructure similar to what Raphael Mudge described in his blog post, Cloud-based Redirectors for Distributed Hacking, except we wanted to host the team server on-prem. The post below describes two iterations of infrastructure we built to meet our needs.
cobaltstrike  c2  pentest 
7 days ago
GitHub - jarun/googler: Google from the terminal
googler is a power tool to Google (Web & News) and Google Site Search from the command-line.
cli  google  python  search 
8 days ago
GitHub - OCSAF/freevulnsearch: Free and open NMAP NSE script to query vulnerabilities via the cve-search.org API.
In conjunction with the version scan "-sV" in NMAP, the corresponding vulnerabilities are automatically assigned using CVE (Common Vulnerabilities and Exposures) and the severity of the vulnerability is assigned using CVSS (Common Vulnerability Scoring System).
nmap  script  cvss  vulnerability  scanner 
8 days ago
On Designing and Deploying Internet-Scale Services
Services that are operations-friendly require little human intervention, and both detect and recover from all but the most obscure failures without administrative intervention. This paper summarizes the best practices accumulated over many years in scaling some of the largest services at MSN and Windows Live.
architecture  design  webdev 
8 days ago
GitHub - secabstraction/PowerCat: A PowerShell TCP/IP swiss army knife.
Favorite tweet:

PowerCat : A PowerShell TCP/IP swiss army knife : https://t.co/xIrOZmZxER

— Binni Shah (@binitamshah) February 9, 2019
cli  netcat  powershell  windows  pentest 
8 days ago
Twitter
Dallas was pretty publicly the runner up. Probably this will all get smoothed out in negotiations, but if not, yay…
8 days ago
The Law, by Frederic Bastiat
When a reviewer wishes to give special recognition to a book, he predicts that it will still be read “a hundred years from now.” The Law, first published as a pamphlet in June, 1850, is already more than a hundred years old. And because its truths are eternal, it will still be read when another century has passed.
philosophy  law  libertarian  politics 
9 days ago
Twitter
It's an input to the other command I posted, to scan a subnet as big as you…
9 days ago
Twitter
Nice! Yours is better than mine: cat /usr/share/nmap/nmap-services | sort -…
9 days ago
Twitter
RT : I’m very excited to share a new project that I’ve been working on for a long time: Covenant, a collaborative .NET c…
9 days ago
Twitter
RT : Red Team != pentest++

Not all penetration testers will be happy doing red teaming. If you like solving puzzles, yo…
9 days ago
Twitter
On the plus side, if we ever really raise taxes as high as would be necessary to absorb that inflat…
9 days ago
Twitter
Of course you have to do a little cut/grep/sort magic on /usr/share/nmap/nma…
9 days ago
Twitter
1 line if you don't mind a lot of pipes :) -> for i in $(cat top1024ports.tx…
9 days ago
Twitter
RT : Dear Mr Bezos,
I'm just gonna leave this here...
9 days ago
Twitter
As Medicare patients seeking new doctors quickly discover, a lot of things are not available to the U.S…
10 days ago
DNF system upgrade - Fedora Project Wiki
dnf-plugin-system-upgrade is a plugin for the dnf package manager which handles system upgrades. It is the recommended command line upgrade method for Fedora 21 and later (Except Atomic Host And Silverblue, which uses rpm-ostree; for that see Atomic_Host_upgrade).
fedora  linux 
10 days ago
Introducing Armory: External Pentesting Like a Boss
We are introducing Armory, a tool that adds a database backend to dozens of popular external and discovery tools. This allows you to run the tools directly from Armory, automatically ingest the results back into the database and use the new data to supply targets for other tools.  
pentest  tools 
12 days ago
Presentations – Active Directory Security
This page includes the slides and videos (if available)
activedirectory  powershell  security 
12 days ago
Extended Protection for Authentication Overview | Microsoft Docs
The solution is to use a TLS-secured outer channel and a client-authenticated inner channel, and to pass a Channel Binding Token (CBT) to the server. The CBT is a property of the TLS-secured outer channel, and is used to bind the outer channel to a conversation over the client-authenticated inner channel.

In the previous scenario, the CBT of the client-attacker TLS channel is merged with the authorization information that is sent to the server. A CBT-aware server compares the CBT co...
security  microsoft  windows  authentication 
12 days ago
Abusing Exchange: One API call away from Domain Admin - dirkjanm.io
In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. This can be combined with an NTLM relay attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Ex...
exchange  windows  security  pentest  activedirectory 
12 days ago
GitHub - Kevin-Robertson/Powermad: PowerShell MachineAccountQuota and DNS exploit tools
The default Active Directory ms-DS-MachineAccountQuota attribute setting allows all domain users to add up to 10 machine accounts to a domain. Powermad includes a set of functions for exploiting ms-DS-MachineAccountQuota without attaching an actual system to AD.
dns  exploit  pentest  powershell  activedirectory 
12 days ago
SPNs – Active Directory Security
This page is a comprehensive reference (as comprehensive as possible) for Active Directory Service Principal Names (SPNs). As I discover more SPNs, they will be added.
spn  activedirectory 
12 days ago
XORSearch & XORStrings | Didier Stevens
Favorite tweet:

I use @DidierStevens's XORSearch for that. https://t.co/hiw4MogEXE

— sys_kill (@sys_kill) February 4, 2019
xor  encryption  strings  windows 
12 days ago
Dr. Memory: Strace for Windows
Favorite tweet:

drstrace is strace for Windows with DynamoRio. Relatively unknown and really useful. https://t.co/cdpdagYbas

— Ben Koller (@__bkoller) February 3, 2019
strace  windows 
12 days ago
Twitter
You landed on a box with whitelisting and found out that Plex media server is installed....
Well, I suggest you lo…
13 days ago
Twitter
How to choose the perfect camera
14 days ago
Monitoring Kubernetes + Docker, part 2: Prometheus
There’s a Kubernetes operator that’s been created for Prometheus, which automates a majority of the deployment process. If you’re going to use Prometheus for monitoring Kubernetes, use the operator.
kubernetes  monitoring  analysis  prometheus 
14 days ago
home
dn42 is a big dynamic VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. Network addresses are assigned in the 172.20.0.0/14 range and private AS numbers are used (see registry) as well as IPv6 addresses from the ULA-Range (fd00::/8) - see FAQ.
bgp  networking  p2p  vpn 
14 days ago
Welcome → UseTheKeyboard
A collection of keyboard shortcuts for Mac apps, Windows programs, and websites.
keyboard  productivity  reference  shortcuts 
14 days ago
Twitter
Tried, they want CISSP and CISM gutted...
14 days ago
diff - How do I compare binary files in Linux? - Super User
i don't do analysis, but i've used this trick once or twice:
15 days ago
Twitter
Yaaaas 12 hours with no neighbors!!!
15 days ago
Twitter
Tell me about a tool you use in reverse engineering that others might not know about.

I'll start.

hexdiff - a rea…
15 days ago
Twitter
Please include version numbers when answering
16 days ago
“Antifa Leader” Joseph Alcoff Is 3rd Man Arrested in Marine Attack in Philly
Investigators say that the activists, who have been linked to the antifa movement in blog posts, news accounts, and in courtroom testimony, had been counter-protesting at the We the People rally.

At a preliminary hearing for Massey and Keenan in December, the two Marines testified that the activists attacked them, allegedly calling them “nazis” and “white supremacists,” using ethnic slurs against them (both Marines are Hispanic), punching and kicking them repeatedly, and macing them.
politics 
16 days ago
Interactive SICP
Interactive SICP n. Interactive Structure and Interpretation of Computer Programs. Online version of SICP with a built-in scheme interpreter to allow readers to edit and run the code embedded in SICP. (Work in progress)
programming  book  sicp  tutorial  development 
16 days ago
Twitter
RT : We fixed this problem in Burp 2.0.15. It was indeed caused by a rendered web page requesting microphone access. We…
16 days ago
(429) https://twitter.com/i/web/status/1091279668500676608
And I'm back... For those that didn't see it I wrote a blog post on Windows 10 Adminless mode while I was out in th…
16 days ago
Twitter
I have one. I keep it in a dark little cell, and poke it with a stick when I'm feeling mean.
16 days ago
Twitter
A revelation from my time in security: everyone, me included, is afraid that if we don't include these dumb finding…
17 days ago
Twitter
RT : Apple revoking certs...
17 days ago
XXE that can Bypass WAF Protection – Wallarm
Unfortunately, bypasses exist for the WAFs of both categories.

Below we show several methods the bad guys can use to fool a WAF and get XXE through.
xxe  waf  webapp  pentest 
17 days ago
Twitter
Pay attention to renamed known utilities (i.e. w/cscript, wmic etc), this indeed defeats easily cmdline & procname…
17 days ago
Twitter
Hey so Family Guy premiered 20 years ago today on Fox. After several cancellations, multiple time slots and a lawsu…
17 days ago
The Scholar's Stage: On Words and Weapons
Let's be clear about what is happening here. When Wagner accuses Bari Weiss and company of writing their apology tweets and correction letters in order to signal thoughtfulness and moderation, she is excusing herself from any need to actually engage with Weiss et. al. The same is true for most of the "virtue signalling" critiques lobbed at the left: to label an argument a virtue signal is to discredit it without actually having to respond to it. Why would you respond to it? The signaler is not arguing, but maneuvering. Their words are not written in good faith.
politics 
17 days ago
Twitter
RT : It's weird but probably necessary/inevitable that Apple is now Facebook's de facto privacy regulator.
17 days ago
Twitter
One of the first things that got me interested in security was working at a little MSP and understanding what SBS (…
17 days ago
Twitter
I'm far from the best person alive, but I wouldn't even work for Facebook or Google. Imagine thinking you can work…
17 days ago
Twitter
Google and some addition tells me that the U.S spends about 9.5% of GDP on social security an…
18 days ago
Twitter
No joke, would you go to work for Foxconn in the US in any role above "assembly line" having seen what's happening…
18 days ago
Twitter
So I'm not sure why (more deductions and credits, or fewer other taxes?) but that works out t…
18 days ago
Twitter
It's not arrogance so much as broken internal routing. There's a software bug reporting process and a…
18 days ago
Twitter
I have two friends that teach infosec at a local community college, & .

It’s a solid side h…
18 days ago
« earlier      
per page:    204080120160

Copy this bookmark:





to read