Michael Weber
@BouncyHat
Followers
1K
Following
455
Media
20
Statuses
260
Security Consultant. Not affiliated with Red Hat. I just like the hat. @[email protected]
Joined June 2018
Thanks to everyone who came out to see my talk! All of my code and the slides for my ChromeAlone presentation are available now at If you're interested in developing malicious browser extensions give the code a look! #defcon #chromealone #malware.
github.com
A tool to transform Chromium browsers into a C2 Implant - praetorian-inc/ChromeAlone
5
56
181
This man is an opportunity hire. I've watched him get people to install malicious extensions on some wild hail Mary pretexts. When I've been on an assessment that looked like it was gonna go assume breach, @AnthonySecurity pulled out a foothold from nowhere. He is relentless.
So who is currently hiring for offensive security / red team adjacent roles?.
1
0
0
RT @UNC1739: We built OAuthSeeker, a tool for consent-based phishing with malicious OAuth apps (Office365/Azure). Demoed at Black Hat Arsen….
praetorian.com
Overview The Praetorian Labs team recently conducted research into potential initial access vectors for red team engagements, focusing on attack techniques leveraging malicious applications distrib...
0
2
0
Got my hands on a stream rip of my DEFCON talk. If you want to see a live demo of #chromealone - check out the talk - It covers how to turn Chrome into a Cobalt Strike style C2 along with tips for obfuscation. #malware #redteam #webassembly #chromium.
0
11
33
I still can't believe some of the installs I've seen @AnthonySecurity land with these tools on an assessment. There's definitely an art to hooking targets, but when you do. oh boy.
Don’t sleep on this bad boy. What could you do as attacker if you could compromise a targets browser? Rhetorical. There is not much you couldn’t do. This was a silver bullet tool for a loooong time. I won’t tell you what the most effective ruse was from my experience, but it.
0
0
1
The code will include deployment scripts for server infrastructure as well as code for silently sideloading the above capabilities into Chrome in a post-exploitation context. Not exactly Sliver, but it's more than enough to run amok in an organization and cause some problems.
0
0
4
I'll be releasing code that demonstrates how to turn your average Chrome instance into a full C2 implant with features like:. 1⃣ Full SOCKS TCP proxying.2⃣ Shelling out from the browser.3⃣ Live credential capture.4⃣ WebAuthn phishing for physical security keys like Yubikeys.
1
2
9
Stoked to be presenting at DEFCON in a few weeks! I'll be open sourcing the most effective tooling I've written for getting my teammates access over the past 5 years - we're still getting GGs on Fortune 100 companies with these kinds of attacks.
4
6
42
RT @adnanthekhan: Make sure y’all are prepared for this. #phishing #Hacking . Going to be 🍿 once TAs start using it. .
github.com
Contribute to praetorian-inc/GitPhish development by creating an account on GitHub.
0
5
0
RT @UNC1739: While exploring new persistence techniques on Windows, I found that Microsoft’s Text Services Framework (TSF) is a hidden gem….
praetorian.com
Discover how Windows Text Services Framework (TSF) plugins can be exploited for advanced persistence techniques. Learn about this stealthy attack vector that allows code injection into GUI processes,...
0
9
0
RT @AnthonySecurity: Harald is an in-memory tiny high-level CPU, able to process a set of instructions to generate….
0
9
0
RT @AdeptsOf0xCC: Our owl Mario just published a small VM to generate application-layer protocols. Define your protocol from scratch with o….
0
8
0
RT @rad9800: I've been reversing various browser extension Identity protection products. @PushSecurity's detection for Evilnginx is rathe….
gist.github.com
Push Security Phishing Tools Detection. GitHub Gist: instantly share code, notes, and snippets.
0
20
0
RT @amlweems: Before joining Google, I submitted some Cloud bugs to the Google Vulnerability Rewards Program (VRP). Today, we announced a d….
cloud.google.com
0
12
0
RT @vxunderground: vx-underground member Rad being interviewed at x33fcon . (Rad? More like Chad 😎).
0
5
0
Yo dawg, I heard you like backdoors so I backdoored your backdoor scanner with a backdoor so I could backdoor anyone using puppet. I think this is like the third mega supply chain attack Adnan has found in like. under 12 months. Definitely hyped for the upcoming talks!.
0
0
5
RT @criscifuentes: This July marks the 30th year anniversary of the publication of my PhD thesis on Reverse Compilation Techniques. In 199….
0
72
0
RT @adnanthekhan: Automated Self-Hosted GitHub Runner takeover has been coming along very nicely. Installs another self-hosted runner an an….
0
3
0
RT @UNC1739: We just released a blog post on some GitHub Actions related vulnerabilities we identified in RSPack that would have allowed us….
praetorian.com
Recently, we identified several critical Pwn Request vulnerabilities within GitHub Actions used by the Rspack repository. These vulnerabilities could allow an external attacker to submit a malicious...
0
3
0