Giuseppe`Ohpe`Trotta

I'm releasing with @decoder_it: Juicy Potato, another Local Privilege Escalation tool from a Windows Service Accounts to SYSTEM by abusing the golden privileges (ohpe.github.io/juicy-potato/)

During @offensive_con our @marver presented his research on security aspects of embedded SIM cards. We are releasing SMShell, an SMS based implant proof of concept for Red Teaming that can evade out of band. Blogpost: persistent-security.net/post/introduci… GitHub: github.com/persistent-sec…

@aemkei I read LOSt

Combing pixel typography with labyrinthic lines will create some confusing op art. I wonder if anyone can read this:

What’s it like to work at @Doyensec? Read below 👇 We’re hiring again appsec engineers

As I couldn't find anyone else who'd documented it, thought I'd look at SeTrustedCredmanAccessPrivilege. tiraniddo.dev/2021/05/dumpin…

This is some spectacular counterintelligence work and exploitation. Research to discover a vulnerability, and then careful exploitation of that vulnerability so it never gets burned. Tennis 0day

RemotePotato0 Update: We can confirm that cross session activation works in the relay scenario too so you can get rid of session 0 limitation! Now the real fun will ensue 😈 cc @decoder_it

When (NTLM) relaying potatoes lead you to domain admin... A "permanent" 0day Privilege Escalation Vulnerability in Windows RPC Protocol ;-) cc @splinter_code Our writeup here: labs.sentinelone.com/relaying-potat…

@buffermet @evilsocket @antisnatchor Maybe in that case you need something like muraena and then pass the session to necro for the post exploitation

The best MITM framework in the field 🏆

v2.31.0 is out! The number of fixes and new features is just too long to fit in a single screenshot :D github.com/bettercap/bett…

@smaury92 The key is there just to troll, it’s not the right one

Caption this.

a tenacious kernel panic, happening in macOS network stack when bettercap tries to inject packets in the interface in monitor mode (read only works) ... happening on M1 as well ... can somebody at Apple fix this please? github.com/bettercap/bett…

Following my "old" blog post decoder.cloud/2020/05/30/the… , I have published the very quick & dirty "juicy_2" code github.com/decoder-it/jui… , maybe useful when you have impersonation privs on newer versions of Windows 10 & Server 2019 cc @splinter_code @Giutro

@evilsocket What about using a custom PAM module to log all the attempts and eventually improve your dictionary

to the people who spawned 8 different servers in the same Lithuanian subnet to try to bruteforce my SSH password: password based login is disabled, I only login with my private key, save your money. yw

MuraenaTeam strikes again. Together with @Giutro we released the new Muraena and NecroBrowser. Lots of new code+features. Phishing and post-phishing automation at scale for all your needs. Office365 and GitHub examples added. More coming soon 🎣🪝😎 github.com/muraenateam

Hands off my service account! decoder.cloud/2020/11/05/han…

@evilsocket @qwertyoruiopz I also like this idea but preparing a decent training takes time, this approach seems quicker

@qwertyoruiopz You should do trainings and then pick the top talents from there imho ...

love offensive mobile security and are looking for a job? my new company is hiring! shoot us an email at jobs@dfsec.it

@evilsocket Wondering how Cb maj looks like :)

today i spent about an hour doing this diagram as a tool to study, navigate and exercise daily on the fretboard ... maybe it can be useful to somebody else 👍 🎸 (set 4 is like set 3)

It has a few more prerequisites, but I finally managed to get a #Zerologon exploit working that doesn't rely on resetting passwords to exploit. Use the printerbug to make DC1 connect to you, then with lots of magic relay that to DC2 directly to DRSUAPI to DCSync 😁

There seems to be quite some questions and confusion about the impact of exploiting Zerologon (CVE-2020-1472) on the environment. So here's a thread 👇