SirFIS
@sir_FIS
Followers
151
Following
2K
Media
57
Statuses
793
trying to be a little less bad at red teaming than I was yesterday he/him
London, England
Joined August 2017
#5 Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass โ GraphNinja by @nyxgeek
trustedsec.com
This vulnerability in Microsoft Graph allowed attackers to perform password-spray attacks undetected, potentially compromising any organization in Azure.
1
9
39
A side effect of ๐'s privacy mindset: in-memory payloads remain largely invisible/inaccessible to macOS security/3rd-party tools Apple nuked their reflective code loading APIs - but was that enough? ๐ซฃ From #OBTS v7: "Restoring Reflective Code Loading" https://t.co/VtREKszXN4
objective-see.org
Apple silently 'broke' in-memory code loading on macOS ...let's restore it!
4
62
213
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS #HackfestHollywood 2024 ๐ฎ๐ Find the details on the @AmberWolfSec blog, along with the individual advisories, including a not-yet-fully fixed PaloAlto GlobalProtect client RCE๐
10
57
150
Is there a word for the sweet satisfaction of a poc working immediately followed by the dread of having to fully implement said poc ?
1
0
4
chrome://net-export/
Almost embarrassed to post this, but I've always used Fiddler or Burp for capturing things like this.. I didn't have admin rights and was trying to capture network traffic from a pop-up, so Dev Tools wasn't working Apparently this is built into Chrome/Edge! edge://net-export/
7
33
326
Wrote a small C# tool that is able to make a network token using a certificate. Comes handy in RTs ;)
github.com
TokenCert. Contribute to nettitude/TokenCert development by creating an account on GitHub.
Today we are releasing TokenCert, a C# tool that will create a network token using a provided certificate via PKINIT, by @lefterispan This is useful for Red Teams giving make-token functionality with certificates instead of passwords. https://t.co/TvCLIq87t5
3
28
97
This is super handy for generating nginx configs on the fly, another reason not to use apache ๐ https://t.co/GPPKfHlnuR
github.com
Quick and reliable way to convert NGINX configurations into JSON and back. - nginxinc/crossplane
0
1
2
Here's a sneak peak of a new feature we have coming up in the next #Nighthawk release https://t.co/JrNk0kph5b
@peterwintrsmith
#goodbyeyara
5
11
87
๐ We're hiring a DevOps/Cloud Engineer at Outflank! Join us to build and manage complex Azure environments that deliver our OST toolkit. Skills: Kubernetes (AKS), GitOps, IaC, Tekton, Python๐ป It's NOT an offensive role! Based in NL or a time zone-friendly region? Let's chat!
2
8
13
.@buffaloverflow & @johnnyspandex are discussing how to exploit corporate VPN clients for remote root & SYSTEM shells. Join to see live demos on Windows & macOS vulnerabilities & how attackers gain control w/ just one click. Register Free: https://t.co/keBn9S7HNK
#SANSHackFest
1
23
70
Don't we all get to the point where all you want to do is capture and relay NTLM and Kerberos authentications in a BOF? It's just faster to write a capture & relaying framework in C for ntlm, kerberos, dcom, smb, http, mssql with native Windows support than fixing impacket.
5
45
277
1
0
1
Hands down the best offensive security conference. Free exchange of tactics , findings and awesome ideas. Always come away full of inspiration but this one was on a whole new level
And thats a wrap of #RedTreat 2024 2 days of hardcore red teaming research and meeting other rt researchers and operators. Mind still ๐คฏ processing some of the discussions! Thanks to all the attendees and speakers for being present at our little conf! /c @MDSecLabs @OutflankNL
1
0
7
The "XBL Live Game Save" DCOM app, running on Windows 10/11 and Server (up to 2019), can be remotely launched and activated by Distrib. DCOM & Perf Log groups. This triggers auth. as computer account, which can be relayed in a DCOM -> HTTP Kerberos / NTLM relay attack ;)
5
66
161
My @IOActive hack::soho talk on wSAST is finally online! If static code analysis interests you then you may enjoy hearing a little about the journey, trials and tribulations of building a SAST engine from scratch!
2
22
66
@CRESTadvocate @PearsonVUE I'm at my wits end trying to renew CCSAM. Done SAM1, trying to book SAM2 with the error below. Support have been more than useless (see thread)
2
1
1
I like working on RTs with filip because it lets me use the word 0day far more often than my technical ability should allow ๐คฃ
Patch tuesday fixed two bugs, i reported this and last year. With this, i am just 10 bugs away from the goal of 50 cves :D https://t.co/k5tWv3Tetj
https://t.co/978WCbF7Jq
0
1
22
Excerpt from @elastic's global threat report - I've said it before and I'll say it again, controls such as network segmentation will protect you significantly more than being about to detect the hottest new technique.
1
22
86