Because clear text passwords is so trendy, I added this small credential provider that I had in stock to #mimikatz Just 300 lines of ❤❤❤ into this file github.com/gentilkiwi/mim… Works in LogonUI.exe but also in all applications asking for creds cc: 🥝🏳️‍🌈 Benjamin Delpy PythonResponder

I set myself the challenge of auto executing JavaScript without a click with the animate tag. You can now do this on Firefox and Chrome using the use element. portswigger.net/web-security/c…

That's kinda broken 😬😬, Defender For Endpoint (eg ATP) is also affected by the sandboxing tokens method found by Gabriel Landau....

Relaying Kerberos, for real this time 😁 (teaser, needs some more work)

The Russian military website (mil.ru) is returning HTTP error code 418 indicating the Russian Military is now a Teapot. No, this is not a joke.

Got #CobaltStrike BOFs but love #PoshC2? We've got you covered! Introducing 'RunOF', available now. labs.nettitude.com/blog/introduci…

🥳Introducing PoshC2 v8.0! Major improvements, including: * A brand-new native Linux implant; * The capability to execute Beacon Object Files (BOF) directly from PoshC2; * Massive SharpSocks rewrite; * New registry edit module; * And plenty more! labs.nettitude.com/blog/introduci…

Introducing MalSCCM! Today, we are releasing MalSCCM, a .NET tool by Phil K which enhances PowerSCCM functionality and makes it easier to use over command and control channels. labs.nettitude.com/blog/introduci…

The last part of A New Attack Surface on MS Exchange - #ProxyRelay is out! Have also left some final thoughts on the Closing part. Hope you all enjoy this journey :D blog.orange.tw/2022/10/proxyr…

Introducing Aladdin, a new tool by Lefteris Panos for red teamers to generate payloads bypassing misconfigured WDAC and AppLocker. labs.nettitude.com/blog/introduci…

Released a small tool that is able to dump crackable hashes from user DPAPI keys github.com/leftp/DPAPISno…

A short🧵 detailing a Kerberos LPE I discovered while working with James Forshaw on our BlackHat research. msrc.microsoft.com/update-guide/v… (CVE-2023-21817) This was fixed in Feb, but I think some will find the vulnerability & exploitation interesting. 1/

Took me a few days, still don't know exactly how/why it works, but I now have a new-ish on-prem to cloud technique via a Seamless SSO (Kerberos) backdoor key. Some features: - No GA needed to add key - Invisible backdoor (no logs in AAD) 🫣 - 1st factor auth to any synced user

Introducing ETWHash! ETWHash is a new method and tool by Lefteris Panos for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline. labs.nettitude.com/blog/etwhash-h…

Red Team's malware samples often end up in public sources for analysis. Hackcraft's first open-source tool, Fairplay, monitors these to identify payloads & notify operators, ensuring fair play between teams. Learn more: bit.ly/3MwLwGs #redteam #hackcraft

Red Team ops need diverse malware for various scenarios. Nick Aliferopoulos of #Hackcraft created #Blueprint, an open-source tool for source-level templating. It enables the use of sinister modules & metaprogramming in Jinja2 syntax. Learn more: bit.ly/432I0cs #redteam

Calling all Red Teamers 🚨 Today we are introducing Tartarus-TpAllocInject, a new OPSEC-safe loader and technique for bypassing EDR solutions, by trickster0 labs.nettitude.com/blog/creating-…

I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation. github.com/trickster0/Nam…

Today we are releasing TokenCert, a C# tool that will create a network token using a provided certificate via PKINIT, by Lefteris Panos This is useful for Red Teams giving make-token functionality with certificates instead of passwords. github.com/nettitude/Toke…

Wrote a small C# tool that is able to make a network token using a certificate. Comes handy in RTs ;) github.com/nettitude/Toke…