Josh
@passthehashbrwn
Followers
9K
Following
828
Media
174
Statuses
1K
Adversarial Simulation at IBM, tweets are mine etc.
Chicago, IL
Joined May 2020
Seeing a lot of replies about "selling out", chat is it corpo to want a salary instead of CFAA charges.
what killed the hacker culture.
4
0
136
"Hacking your brain" gets thrown around a lot these days but I'm 100 hours into learning a language through comprehensible input and it actually feels like a hack. You just watch a bunch of baby level videos and your brain starts to piece a language together. Crazy.
2
0
29
While you guys were arguing about SharePoint and FireBase I biked 400 miles on a tandem
1
0
19
RT @SEKTOR7net: Bypassing AMSI with your own custom COM interfaces inside CLR process - an excellent piece by Joshua Magri (@passthehashbrw….
0
70
0
RT @G0ldenGunSec: Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can….
ibm.com
Explore how Azure Arc can be identified in environments, misconfigurations in deployment can allow for privilege escalation, an overprovisioned Service Principal can be used for code execution and...
0
83
0
Being a doctor is easy, just do heart transplants on any ol guy and get praise.
@LetsDefendIO Red Team is easy, find any flaw anywhere, exploit it and get praise. Blue Team is hard, try to fix every flaw in an enterprise and monitor those you can’t fix for exploit. (And that’s ignoring the thankless politics of it).
4
1
46
This C2 interface has had more real world operational impact than every webapp C2 combined
To all C2 dev's, why do you all insist on QT clients or just in general clients. Why not a webapp?.
8
24
297
I love when people who are trying to sell you courses post stuff like this.
Serious question for the collective genius minds of infosec: who’s actually responsible for cleanup after a red team op? Me, mid-exfil, deleting payloads like a janitor with a C2? Or is that someone else’s job? Just tryna do it right before I get yelled at again.
5
9
119
Security is when you tell your users to kick rocks if they want to run a program other than Edge. Also our productivity is way down does anyone have any tips?.
1
1
31
RT @chompie1337: Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native….
ibm.com
Previously discovering a method for bypassing even the strictest WDAC policies by backdooring trusted Electron applications, the IBM X-Force Red team continued their research and can now bypass the...
0
238
0
Oh cool a hit infosec tweet, is it:. A) an existing technique rewritten in a useless language.B) a "new" EDR killer.C) a "new" byte patch.D) engagement farming account reposting old blogs.
13
18
304
> look inside.> byte patch
Stumbled over this new AMSI bypass. It works by manipulating the COM RPC communication used by AMSI to talk to AV engines. By hooking NdrClientCall3 which handles the RPC calls we can intercept AMSI scan requests before they reach the AV engine. I wrote a simplified version that.
4
4
91
The default behavior in Power Apps used to be that when an application was shared, any connections were also shared. This was changed in 2024, but you may still have overly shared connections in your tenant. It is also still possible, but harder, to overly share connections.
0
3
9
New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers.
ibm.com
The X-Force Red team was able to breach a hardened external perimeter and gain code execution to an on-premises SQL server, resulting in full Active Directory compromise. Learn how they did it, and...
8
78
182
RT @h4wkst3r: I am thrilled to be presenting new research on attacking ML training infrastructure at @WEareTROOPERS this summer. Stay tune….
0
11
0
RT @AndrewOliveau: RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM….
ibm.com
The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool -...
0
178
0
> good tradecraft.> cobalt strike.🤔🤔🤔.
Red Team Ops by @SpecterOps teaches Cobalt Strike while you’re being hunted by a bot that will callout and respond to bad OPSEC to reenforce good tradecraft. Wonderful course but I am bias because I work here.
2
2
69
RT @0xBoku: As promised. this is Loki Command & Control! 🧙♂️🔮🪄.Thanks to @d_tranman for his work done on the project and everyone else o….
github.com
🧙♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications - boku7/Loki
0
238
0