NotoriousRebel

@epi052 Awesome job! Can't wait to check it out, one of my go-to tools for content discovery.

Howdy! Feroxbuster 2.4.0 is out! Includes - bugfixes - new --random-agent feature - regex support for --dont-scan Had help from a few github users: cortantief, dsaxton, and mzpqnxow! I really appreciate the time they took to help with this release. github.com/epi052/feroxbu…

@Six2dez1 @Jhaddix Out of curiosity why puredns over shuffledns for resolving and wildcard filtering?

@Jhaddix Gotator, custom permutations list (public in my gists) and puredns for resolving, two rounds of permutations, just following reconFTW workflow :)

Yeah, permutations can be slow, but what about those 368 unique subdomains found? 😏😋 That was a 117M entries file resolved in 5.30 h #reconftw #hacking #bugbounty

@subTee JScript seems like a pretty good time :)

@waldoirc @_ForrestOrr @ilove2pwn_ @MrUn1k0d3r Great stuff, glad you didn't share a POC on GitHub, leaves a challenge for the readers :). Did you mess around with this technique using titanloader?

I made a post about research I did recently for fun on learning how to encrypt the Cobalt Strike heap. arashparsa.com/hook-heaps-and… Learned a lot of interesting things along the way and I'd like take it further. Special Thanks to: @_ForrestOrr @ilove2pwn_ and @MrUn1k0d3r for the help

@ajpc500 Fantastic job! These BOFs are so handy and have worked wonders on numerous engagements :).

Late to the party, but thrilled to have my BOFs in the Community Kit. I've just updated the injectors (NtCreateThreadEx and NtQueueApcThread variations) and process dumping BOF to SysWhispers2 so they're ready to roll with 21H1+. github.com/ajpc500/BOFs

@CyberWarship Awesome blog! Really aesthetically pleasing graphics, so many different potatoes😅. Worth adding github.com/zcgonvh/EfsPot… to the post?

Potatoes - Windows Privilege Escalation 'There are a lot of different potatoes used to escalate privileges from Windows Service Accounts to NT AUTHORITY/SYSTEM. But, what are the differences? When should I use each one?' #infosec #redteam #pentest jlajara.gitlab.io/others/2020/11…

[Blog] Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion bohops.com/2021/03/16/inv…

@xenosCR @harmj0y Awesome read! It appears DevOps skills are becoming more and more crucial within red teaming.

I just posted a new blog post about setting up a basic Jenkins Pipeline. I was inspired by a talk @harmj0y gave at #SOCON and decided that I want a pipeline of my own. I'm sharing my notes as I work through the build. blog.xenoscr.net/OffSecOps-Basi…

@checkymander @424f424f @byt3bl33d3r Great work! Might just have to add this to Nimplant eventually ;)

github.com/byt3bl33d3r/Of… Nim is pretty cool, wrote a keylogger which is now on the OffensiveNim repo by @byt3bl33d3r. Compiles down to native code, with a syntax similar to python.

@discoverscripts Thank you for all the help along the way and the kind words :)

@jorgeorchilles Enjoy the journey :) If you are using json, you will come to love Nim's json module.

Just learned about Nim and leveraging it to create an implant by @NotoriousRebel1 secbytes.net/Implant-Roulet…

@byt3bl33d3r Awesome research! Can't wait to integrate the clr hosting example into Nimplant. Nim is only getting better and better as time goes on.

Just made the OffensiveNim repository public. This is a couple of weeks worth of notes and research into using Nim for general offensive operations. If you don't want to write your implants in C/C++, Nim is the way to go IMHO. Feedback welcom github.com/byt3bl33d3r/Of…

@byt3bl33d3r Glad you liked it :) Yeah, cross-compilation is trivial and the final executable is quite small compared to if it was written in Go! Who knows maybe Black Hat Nim one day? 👀 Looking forward to the release of your research!

Awesome blog post. Few things it didn’t highlight about Nim that I find to amazing for implant dev: - cross compilation to windows from nix/macOS is extremely easy - Nim is not runtime/vm dependent. it gets translated directly to the target language. No T H I C C executables

Let's talk about what Nim can bring to the table for offensive tool development! Blog: secbytes.net/Implant-Roulet… :)

@TheXcellerator What an awesome series! Really great material to understand and develop rootkits.

@b4rtik @jack_halon Great job, awesome work as usual :)

@bohops @ConsciousHacker @MagisterQuis @leoloobeek @browninfosecguy @xenosCR @Oddvarmoe @oakTree__ Thanks guys appreciate it :) got some fun stuff in the works.

@ConsciousHacker @MagisterQuis @leoloobeek @NotoriousRebel1 @browninfosecguy @xenosCR @Oddvarmoe @oakTree__ oh, absolutely :)

#FF for some some great folks that I chat with on a pretty regular basis about infosec - @MagisterQuis @leoloobeek @NotoriousRebel1 @browninfosecguy @xenosCR @ConsciousHacker @Oddvarmoe @oakTree__

@_ForrestOrr What a fantastic series! Thank you for raising the bar for in memory tradecraft.

The final installment of my research series on Windows malware memory forensics is now online. I discuss in depth how to bypass Rekall/Volatility Malfind, Hollowfind, and pe-sieve defensive scanners forrest-orr.net/post/masking-m…

@zonduu1 Any chance you could test theHarvester as well if you get a chance? Could also pass in a flag to take screenshots of found subdomains as well.

Scanned the same big target with different sub enum tools and stored lists (no apis provided), here is the results: Amass - 4k results findomain - 18k results fdns - 125k results chaos - 400k results #bugbountytip, #bugbounty 1/2

@ipurple @rob987651234 Modifying machine.config for persistence.

25 Persistence Techniques (Windows) are covered already! Anything else that is missing? pentestlab.blog/methodologies/… #pentestlab #persistence #redteaming