247CTF
@247CTF
Followers
5K
Following
590
Media
102
Statuses
2K
🏆 The 247CTF continuous security competition 📺 YouTube for CTF fundamentals https://t.co/0RP7w5pej2 🏁 https://t.co/FATXT1bqrW for CTF challenges
Australia
Joined April 2019
RT @Synacktiv: During a recent Active Directory intrusion test, @croco_byte was led to devise a new versatile attack vector targeting Group….
www.synacktiv.com
0
109
0
RT @_nwodtuhs: Here is a first draft on an NTLM relay mindmap 🙂 from authentication coercion to post-relay exploitation. I'll gladly update….
0
313
0
RT @_RastaMouse: [BLOG].Ok, I've written about my experience of battling with both managed and unmanaged memory allocations to try and impr….
rastamouse.me
Melkor is a C# POC written by FuzzySec to simulate a TTP employed by InvisiMole. The concept is that post-ex assemblies are loaded into a payload/implant and kept encrypted using DPAPI whilst at...
0
68
0
RT @netbiosX: EDRSandblast-GodFault: a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine….
github.com
EDRSandblast-GodFault. Contribute to gabriellandau/EDRSandblast-GodFault development by creating an account on GitHub.
0
57
0
RT @0xor0ne: A few years old but a very well written white paper on Linux containers.Credits @NCCGroupplc. #Linux….
0
61
0
RT @assume_breach: I just published Home Grown Red Team: SMB Pivots With Havoc C2 . An updated article for lateral….
link.medium.com
Welcome back! Today we’re going to talk about some lateral movement techniques with Havoc C2 using SMB pivots. SMB pivots are great for…
0
124
0
RT @Rhynorater: SUCH a good read. I love the section where they explicitly explain the process used to write custom shellcode for OpenBSD.….
www.assetnote.io
0
41
0
RT @harmj0y: @tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at https://….
posts.specterops.io
In the first post in this series, On (Structured) Data, we talked about the gap area of offensive structured data and ended with the…
0
107
0
RT @Rhynorater: . @samwcyo's write ups not only contain a 👌 amount of technical details, but also tell a story and describe the mentality r….
samcurry.net
Between March 2023 and May 2023, we identified multiple security vulnerabilities within points.com, the backend provider for a significant portion of airline and hotel rewards programs. These...
0
30
0
RT @bishopfox: When making the vulnerable #AWS environment CloudFoxable, @sethsec drew inspo from #security tools like #CloudGoat, https://….
0
9
0
RT @SEKTOR7net: Abusing DLLs with RWX sections to fulfill memory allocation primitive and achieve code injection in a local and remote proc….
www.securityjoes.com
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post,...
0
52
0
RT @SpecterOps: Continuing their journey through offensive data, @harmj0y, @tifkin_, and @0xdab0 break down some common challenges in post-….
posts.specterops.io
In our previous post, we talked about the problem of structured data in the post-exploitation community. We touched on the existing…
0
19
0
RT @dottor_morte: Me and @Her0_IT did a fair bit of research against one of the leading EDRs in the sector. This first post will hopefully….
riccardoancarani.github.io
For some fun and a fair bit of profit
0
71
0
RT @dunderhay: Published a write-up on successfully phishing a target using AD FS with MFA. Covers some of the challenges and how I finally….
research.aurainfosec.io
A detailed walkthrough of the process and hurdles faced in leveraging Evilginx3 to conduct a successful phishing campaign on a AD FS protected domain.
0
115
0
RT @pentest_swissky: Backdooring ClickOnce .NET for Initial Access: A Practical Example by @an0n_r0
infosecwriteups.com
This blogpost is about demonstrating the awesome ClickOnce .NET backdooring technique by Nick Powers (@zyn3rgy) and Steven F (@0xthirteen)…
0
49
0
RT @kyleavery_: New DLL hijacking opportunities, triggered using DCOM for lateral movement:
github.com
Lateral Movement Using DCOM and DLL Hijacking. Contribute to WKL-Sec/dcomhijack development by creating an account on GitHub.
0
116
0
RT @D1rkMtr: Blog on Advanced module stomping and Heap/Stack Encryption is now out, it bypass PE-Sieve and Moneta while sleeping. Blog : ht….
github.com
Implementation of Advanced Module Stomping and Heap/Stack Encryption - CognisysGroup/SweetDreams
0
119
0