codewhisperer84

I caught my first CVE :D msrc.microsoft.com/update-guide/e… Blog post inbound at TrustedSec.com tomorrow!

Titanis v0.9.205 released => github.com/trustedsec/Tit… Major enhancements include an LDAP client, Kerberos PKINIT across the tool set, registry tool (Reg), and Sddl tool for describing/converting SDDL.

This week’s video is a quick peek at Titanis by @codewhisperer84 at @TrustedSec , a comprehensive Impacket alternative. It’s cross-platform, extensively documented, and written directly from the protocol specification 🌶️ Link down below

@freefirex2 Did you report this as a bug?

If after 1 month a company's bug bounty is still just trying to reproduce an issue when they were given: 1. A video 2. A tool to trigger said vulnerability 3. The function names and code path allowing the vulnerability. Maybe that bug bounty program isn't working as intended.

New Titanis release => github.com/trustedsec/Tit… Mostly Kerberos enhancements: - S4U2self and S4U2proxy - Change/Set password - Generate crypto key on command line ASN.1 saw some major changes to pave the way for some upcoming enhancements

Get the first look at @codewhisperer84's new tool Titanis next week! Join us on Discord for a live demo on October 23, 11am ET. Find out how to join on our website: trustedsec.com/about-us/event…

@gzobraJn @freefirex2 Thanks! If you want to learn more about the protocols, I've provided references to the specifications and relevant sections in the source. Also check out the unit tests for example messages.

@codewhisperer84 @freefirex2 Your project is awessome, it rocks ! I start to learn more about various protocols now. And adding instruction for Linux is a bonus for me !

New Titanis release => github.com/trustedsec/Tit… Added Smb2 touch and timestomp (@freefirex2 ), Kerberos cross-realm support, and all commands support SOCKS 5. I also added build instructions for Linux/Windows.

@DominoTree You'll see this approach used throughout, specifically in the NDR decoders for RPC as well as the PduStruct source generator which is used for WMI among other things.

@codewhisperer84 I like how it reminds me of a parser-combinator approach for decoding

Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…

@_RastaMouse Not yet but it's on the roadmap. Stay tuned.

@codewhisperer84 Awesome project, is there a published nuget? 🙃

@Evil_Mog Yes it runs on Linux. The release on Github includes downloads with compiled Linux binaries. I haven't tested with mono.

@codewhisperer84 does it run from linux such as kali as well with mono?

@saerxcit It's a hobby project for lexical analysis that isn't part of the Titanis release. It parser IDL and generates the C# stubs. It also handles the ASN.1 code generation.

@codewhisperer84 "Animus IDL Compiler" is also an internal tool? Can't find any reference to it online

Who doesn't love a new tool? In this episode of #SecurityNoise, we talk with @codewhisperer84 about his new open-source tool DIT Explorer. Watch it now to learn what it can do and what exciting updates are coming soon! youtu.be/ifttRCPiLHU

I published a new version of DIT Explorer. This is the version I used during the live stream with the enhanced Credential Extractor and search capabilities. github.com/trustedsec/Dit…

@Carlos_LopezMkt @TrustedSec @HackingDave Among other things, I'll be touching on enhanced searching and credential extraction, as well as some ideas for scanning for potentially vulnerable accounts, which also has defensive applications.

@TrustedSec @HackingDave @codewhisperer84 Excited for the livestream. It's great to see platforms like Discord creating spaces for real-time engagement. What innovative features do you think will be highlighted this time? 🎉 #LiveLearning

Get ready for our exclusive livestream on #Discord this Thursday! You'll get to ask @codewhisperer84 about his new tool DIT Explorer and provide feedback that will influence future tool features. Join our Discord now and mark your calendars! hubs.la/Q03b9mcs0

Join us for an exclusive live Discord session on Thursday, March 13 at 10:30AM ET where @codewhisperer84 will showcase his new tool, DIT Explorer and talk about his recent blog. See our website for more info about how to join the event! hubs.la/Q039tt290

Check out my latest blog post on how the NTDS.dit file is used by Active Directory, and my accompanying tool, DIT Explorer, for browing the data contained within NTDS.dit. Blog post: trustedsec.com/blog/exploring… DIT Explorer on Github: github.com/trustedsec/Dit…