Uploaded a few of my notes and PoCs from investigating CVE-2021-22986 (F5 iControl REST) this past week. attackerkb.com/assessments/f6…

MANSPIDER - Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content - Regex Supported! ift.tt/3xR7jyX #cybersecurity #bugbountytips #hacking #tools

Helpful cheat sheet when designing your offensive code. (source: raw.githubusercontent.com/OTRF/API-To-Ev…) #redteam

icyguider dropping knowledge. Blackploit [PenTest] Hak5 Red Team Black Tech Pipeline🚀 Davin Jackson cbHu3 Blacks In Cybersecurity Cx$xMaDD Execute at WILL 🇺🇸 TrustedSec Troy Hunt Execute at WILL 🇺🇸 Johannes Ullrich strandjs - [email protected] check out this one

😎

🤦🏾‍♂️🤦🏾‍♂️

[BLOG] Exploiting Log4j against Ubnt Unifi. Great post ex walkthrough by ed that leads to multi-product access. sprocketsecurity.com/blog/another-l…

It seems 2021 continues to be full of unexpected challenges. TOOOL has an announcement and letter from our Board of Directors that we are sharing with all of you as this year comes to a close... toool.us/files/TOOOL_20… youtube.com/watch?v=S26Srn…

This Saturday, 23rd of April, is IPInfo's 9th birthday! 🎂🎉 To celebrate, we are giving away: 🥉 5x basic plans 🥈 3x standard plans 🥇 1x business plan To enter simply follow @ipinfoio and retweet this! 🚀

1/ So you go shopping for a PIV card reader, because the US govt gave you one and you're curious to look at what's on it. You settle for this "DOD military USB common access smart card reader," because it's compatible with Mac OS. Cool! Only $15! What a bargain!

We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: blog.lastpass.com/2022/08/notice…

Goad writeup part 11 is up. This one is about acl/ace exploitation. mayfly277.github.io/posts/GOADv2-p…

😬😬😬

Slide from the CactusCon talk on all the ways to get data populated into BloodHound. Any that I missed? Which is your favorite?

Meterpreter getsystem tip: Here, I have a shell as a service account with the usual "SeImpersonatePrivilege" privilege enabled. The default "getsystem" command fails and I lose the shell, prob bc of antivirus, but "getsystem -t 6" works. You don't need to upload a "potato"

SysWhispers3 has been added to Shhhloader! 😎 It should work with all current shellcode injection techniques. Some bug fixes also make this the most stable version yet. More updates to come, and thanks to klez for SW3. github.com/icyguider/Shhh…

🔥 Big update! Nanodump now supports the PPLMedic exploit! meaning you can dump LSASS on an up-to-date system with PPL enabled 😃 github.com/fortra/nanodump

Rob Fuller I wrote this a few years ago, but I think it's still relevant, maybe it's helpful - specifically the bit you want is "how do you procure a red team?" medium.com/@dmchell/what-…

Monday, June 26 in the evening, a new version of CrackMapExec will be published to everyone on github.com/mpgn/CrackMapE… 🚀 After nearly 12 months without update on the public repository, it is time ! 🍻 Blog post coming also ! 🦇 Thanks to all the sponsors on Porchetta Industries 🪂

PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels.