0xBB

I'm super please to announce the release of NSGenCS - an extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows. Pick a technique and delivery method or create your own - new ones can be added in under a minute github.com/t3hbb/NSGenCS

It's been a few months since I released a few short "Mythic Developer" videos. Before making more, I'd like to first get your feedback on the current ones. Please take a few min and fill this out so I can make sure you get the best content :) specterops.typeform.com/MythicDeveloper

Meanwhile I have not seen a *single* useful use case of ANY AI working inside of ANY mainstream Microsoft products.

BREAKING: @AOC just completely went off on Trump after ICE murdered Alex Pretti. "Donald Trump [is] accusing a Veteran Affairs ICU nurse (Alex Pretti) as being a terrorist against the United States. A man who was treating services members to our country, who was dedicating his life to serving Americans. Who in his final act on this earth was helping a woman pushed to the ground. And they are calling him a Domestic Terrorist, in order to defend their gross abuse of power, their absolute breaching of the law and in order to precipitate greater conflict."

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/germ…

Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. ibm.com/think/x-force/…

@thatgirldadlife And you are a fucking idiot

Fancy breaking out of ConstrainedLanguageMode, disabling userland ETW and bypassing AMSI? All at once and all with one tool? Signed by Microsoft? Well have I got some good news for you : shells.systems/one-tool-to-ru…

Plain text credentials from Palo Alto GlobalProtect v6.3.2-525 Will update github.com/t3hbb/PanGP_Ex… later but the new pattern (~line 300) is {0x48, 0x8D, 0x15, 0x63, 0x62, 0x4E, 0x00} BlueSky Account : bbhacks@bsky.social

Hey @AXS_UK, pretty sure that's not my IP address, being a private one (RFC1918 and all that). #HappyNewYear

@DebugPrivilege @r3nzsec I'm not bashing on @r3nzsec here, he's an absolute legend and in no way responsible for this clusterf#ck.

So Palo Alto apparently silently updated (nothing in the release notes I could see) and decided rather than fix the issue, they would just stop the PoC working. So here is the tool getting plaintext creds on the latest version. Stop blocking the tool and start fixing the issue

Make sure to take your chances this holiday season to grab a free gift from the "cybercrime santa" 😂

🐋 Orca has arrived! The latest Proxmark3 source code is here, packed with fixes, features, and expanded capabilities. From enhanced iClass tools to new Python/Lua support, this is our most versatile update yet. 🔗 github.com/rfidresearchgr… #Proxmark3 #RFIDHacking #Orca

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: synacktiv.com/publications/r…

@ifredriks Since you asked so nicely... 10.2.10-h7 If you can't get to GitHub to download the tool and test it internally at Palo Alto, please let me know and I'll send you a copy Otherwise I'm actually working through this with Palo PSIRT so you can follow it there as well as here.

@bb_hacks Validate the PANOS as well.

Fancy retrieving plaintext user credentials, deactivation passcodes and uninstall passwords for Palo Alto Global Protect VPN? Thank goodness Palo Alto make that easy for you ... Full write up here : shells.systems/extracting-pla… Tooling available here : github.com/t3hbb/PanGP_Ex…

@ifredriks I think this is a different way - both CVE-2024-8687 and CVE-2024-5908 say they are fixed in >=6.2.1 and >=6.2.3 respectively Here the tool is running against 6.2.4-652

@bb_hacks security.paloaltonetworks.com/CVE-2024-8687

Did you know that 7z can browse .VHD and .VMDK files? You can open them right up, and even directly browse ntfs filesystems. On a pentest and find a bunch of disk images? Copy the SAM/SECURITY/SYSTEM hives directly from the images, no mounting, copying, or fussing around.