sender

19 posts

sender

@senderend

Pentester, Red Teamer @Specterops | OSCP https://t.co/NxqedjZKrn https://t.co/2Srd2LBpUo https://t.co/ocu6vX5cF5

San Francisco, CA Se unió Nisan 2024

96 Siguiendo110 Seguidores

Tweet fijado

sender@senderend·5d

Much-delayed release of my tool, the result of some really fun research, especially the Windows kernel stuff!

SpecterOps@SpecterOps

Relayed NTLM creds are powerful, if you can use them. @senderend shows why browsers fail through ntlmrelayx SOCKS and introduces ghostsurf to make NTLM-authenticated web apps accessible. Read more ⤵️ ghst.ly/4tnJOtx

English

2.1K

sender@senderend·30 Oca

Developed a much-needed C2 channel for Mythic with @KingOfTheNOPs during a 24hr hackathon! *.blob.core.windows.net is often one of the only egress methods from more mature client environments.

SpecterOps@SpecterOps

New from @KingOfTheNOPs + @senderend: azureBlob, a Mythic C2 profile that uses Azure Blob Storage as transport.Supported Agents: 🐍 Medusa 🪽 Pegasus (new test agent) ❤️ Your fav agent (with simple integration guide) ghst.ly/3NM0LOR 🧵: 1/2

English

2.9K

sender retuiteado

SpecterOps@SpecterOps·16 Oca

WSL2 is a powerful attacker hideout because it runs as a separate Hyper-V VM, and defenders rarely monitor it. Daniel Mayer explains how attackers pivot into WSL2 and what it took to build tooling that works across WSL2 versions. Read more ⤵️ ghst.ly/45fPUma

English

172

728

103.1K

sender retuiteado

Garrett@unsigned_sh0rt·3 Ara

See you all next week...excited to present with @breakfix at #BHEU! 💣

SpecterOps@SpecterOps

SCOM monitors critical systems, but insecure defaults make it a powerful attack vector. At #BHEU, @unsigned_sh0rt & @breakfix show how to abuse SCOM for credential theft, lateral movement, and domain escalation, plus how to defend it. ghst.ly/4aoggph

English

133

18.5K

sender retuiteado

SpecterOps@SpecterOps·23 Eki

Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️ ghst.ly/4qtl2rm

English

336

739

136.2K

sender retuiteado

Bad Sector Labs@badsectorlabs·21 May

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name If this query hits, you're in.

Yuval Gordon@YuG0rd

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

English

265

22.6K

sender@senderend·28 Nis

Had an amazing time at @BSidesSF this weekend! Super fun and well done CTF, solved quite a few and came agonizingly close on some of the harder ones, including one that remained unsolved by anyone! I was thrilled to run into Erik from @badsectorlabs and talk Ludus.

English

sender@senderend·16 Tem

As a follow up to my research on a GLPI command injection vulnerability, I've updated the @pdnuclei template for this CVE to detect the more advanced RCE vectors I researched. The PR is merged and live in the latest version of Nuclei, check it out below! github.com/projectdiscove…

English

sender@senderend·4 Haz

Awesome talks, great food, inspiring people, and excellent community building from @SpecterOps last Wednesday! I look forward to the next one.

SpecterOps@SpecterOps

📆 Mark your calendar! We are hosting a BloodHound user group meet-up in the Seattle area on Weds., May 29. Join @_wald0, @JustinKohler10, @harmj0y & @tifkin_ at @AscendBellevue to get the latest on managing Attack Paths, AD CS & Nemesis. Register 👉 ghst.ly/3UUP5KE

English

sender retuiteado

SpecterOps@SpecterOps·21 May

In his new post, @jaredcatkinson examines how changing the implementation of tradecraft can have as much of an impact on detection programs as changing the behavior. Read more ⤵️ ghst.ly/4bIbFvA

English

6.3K

sender@senderend·21 May

As a follow up to my PrivEsc Server scripts, here's another writeup with some of my most useful shell aliases and functions. These saved me lots of time and repetitive keystrokes on the #OSCP exam, and made my terminal workflow much more fun! link.medium.com/HNhU5zmXLJb

English

142

sender@senderend·16 May

Check out my OSCP Privilege Escalation Server Scripts to save some time on the exam #oscp #offensivesecurity link.medium.com/IJYXoE0uDJb

English

163

sender@senderend·2 May

Here's my in-depth guide to the #OSCP course and exam. Check it out for all the tips and tricks I wish I had when I was studying. link.medium.com/M2f4v2v1fJb

English

121

sender@senderend·30 Nis

I recently published an exploit script PoC as a result of some really fun research. Check out my in-depth writeup and try it for yourself on my GitHub! #applicationsecurity #appsec #cybersecurity #hacking #offensivesecurity link.medium.com/DFEaUnj3dJb

English

sender@senderend·27 Nis

what a turnout at @bsidesseattle! I thought we got here early... pic.twitter.com/idoixOyhXL

Redmond, WA 🇺🇸 English

sender@senderend·27 Nis

I'm thrilled to announce that last week, I passed the OSCP exam and got my certification! Thanks @offsectraining for the learning experience! #OSCP #offensivesecurity #cybersecurity

English

sender@senderend·23 Nis

really looking forward to @bsidesseattle on Saturday!

English

sender@senderend·21 Nis

turns out, with enough finesse and research, the LSA will give you what you want if you ask nicely. all without touching LSASS memory! excellent wiki here as well. github.com/EvanMcBroom/ls…

English

sender retuiteado

werdhaihai@werdhaihai·28 Haz

Today I'm releasing AtlasReaper, a .NET tool designed for red teamers to interact with Confluence and Jira via C2 agents. Discover secrets and launch targeted attacks. Check out the blogpost for more details: @werdhaihai/7a90ba33bf62" target="_blank" rel="nofollow noopener">medium.com/@werdhaihai/7a… Github Repo: github.com/werdhaihai/Atl…

English

215

21.6K

Descubrir

@KingOfTheNOPs @breakfix @bytewreck @BSidesSF @badsectorlabs @pdnuclei @SpecterOps @jaredcatkinson