Vylegzhanin Daniil

1.1K posts

Vylegzhanin Daniil

Vylegzhanin Daniil

@jfmeee

RT

Katılım Haziran 2016
195 Takip Edilen403 Takipçiler
Dominic Chell 👻
Dominic Chell 👻@domchell·
I've been pretty quiet recently, mainly because we've been cooking up a few things at @MDSecLabs - some of which will be revealed over the next month or so. One of the most exciting things is a HUGE new @nighthawk_c2 release. It's packed with "stacks" of new OpSec - incl. 3 new CET compat masking. But most exciting of all, we have a super sexy new cross platform UI 🔥
Dominic Chell 👻 tweet media
English
4
27
210
14.2K
Vylegzhanin Daniil retweetledi
Vylegzhanin Daniil
Vylegzhanin Daniil@jfmeee·
@domchell "less things shared publicly" so it's finally healing and we no longer brag about .one motw bypasses in the face of the vendor?
English
1
0
4
1.4K
Dominic Chell 👻
Dominic Chell 👻@domchell·
My thoughts are yes, red teaming has got significantly harder over the last few years. The knock on effect is: 1) engagements need more time, 2) teams who don't invest heavily in R&D (either in-house or outsourced) will be left behind, 3) there's less things shared publicly as a consequence, 4) lots of teams have tried to compensate by assuming breach, which as a result has led to less innovation in the IA space However, I disagree that IA is anywhere near dead even targeting the top 1%. The vast majority of our engagements have a large IA component and we're still successful in >75% of cases. Yes the points mentioned are a pita - AWL is a great control, but there's equally a plethora of file formats that support scripting; get creative - Yes MOTW restricts some things - but there's a variety of ways around it if you're creative (and I'm not talking about ISOs 🙄)
English
7
40
220
36.9K
Vylegzhanin Daniil retweetledi
bohops
bohops@bohops·
Exploring the WDAC Microsoft Recommended Block Rules: kill.exe kill.exe is an interesting SDK #lolbin. Instead of loading unsigned code through deserialization or through some script host trampoline magic, kill.exe appears to bypass WDAC b/c it is vulnerable to buffer overflow
bohops tweet mediabohops tweet mediabohops tweet media
English
2
49
128
0
Tim
Tim@__invictus_·
@IceSolst This account has to be engagement farming or just a straight up troll. Who's gatekeeping? Infosec has literally never been easier to get into than it is today. And whilst it can be fun, if you want to excel in any area you better be ready to read a shit ton of boring docs
English
5
2
29
2.5K
solst/ICE of Astarte
solst/ICE of Astarte@IceSolst·
Exploitation isn’t entry level, but it absolutely could be This is exactly the right mindset our industry needs now. (And extends to other aspects) There are tons of young people interested in starting out in the field, and we’ve been plagued for too long gatekeepers intimidating newcomers into thinking it’s an unforgiving field only for masochists. It’s not true: infosec can be funny and fun and easy to learn when you have good teachers, and I appreciate all the great content creators out there making the field more accessible. Plus there are so many new platforms like @hackthebox_eu that help beginners progress. It’s funny that when the sentiment is “let’s make the field more accessible to beginners” some are like “no; back in my day, I crawled through glass”
chompie@chompie1337

It’s not, but it absolutely could be.

English
5
5
91
19.1K
Vylegzhanin Daniil
Vylegzhanin Daniil@jfmeee·
Nothing feels better than finishing a year with a high integrity callback on the high value server running under privileged account.
English
2
1
20
1.5K
Vylegzhanin Daniil
Vylegzhanin Daniil@jfmeee·
@HaifeiLi Yeah, corpus minimisation and coverage stability for these kind of targets took most of the time for me as well. I found that harnesses make a huge difference for stability, especially when COM is involved.
English
1
0
1
468
Haifei Li
Haifei Li@HaifeiLi·
Well, the "fuzzing Office w/ winafl" project is more complicated than I initially thought, mostly because Office dlls are huge & inputs are big, and unstable when collecting code coverages, but I managed to get it working (seems:P) after some twists in the winafl source code..
English
3
4
54
17.5K
Vylegzhanin Daniil
Vylegzhanin Daniil@jfmeee·
Spent last two weeks working with Binary Ninja and finally can put ida to the bin. Awesome product, solid plugin support (lighthouse available!), 10/10
English
2
0
6
382
Vylegzhanin Daniil
Vylegzhanin Daniil@jfmeee·
Rip webdav motw bypass, was part of some nice exec chains, burnt as cve-2024-38213 by zdi. Unlucky that won't be able to use it for my next gig but had some good time.
English
0
0
5
479
Vylegzhanin Daniil retweetledi
Orange Tsai  🍊
Orange Tsai 🍊@orange_8361·
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code from 1996
English
38
649
1.9K
234.7K
Vylegzhanin Daniil retweetledi
SpecterOps
SpecterOps@SpecterOps·
ICYMI: Apeman, a tool designed to simplify the understanding of permissions & potential Attack Paths within an AWS environment for both attackers & defenders, is now live! @hotnops is at #BHUSA digging into the tool now - join him at Arsenal Station 3 to learn more.
SpecterOps tweet media
English
0
7
15
2.1K
Vylegzhanin Daniil retweetledi
Outflank
Outflank@OutflankNL·
OST's Stage1 C2 is now Outflank C2, an optimised, OPSEC focused custom C2 framework with: •Native implants for Windows, macOS and Linux •Dynamic code exec •Proxying support •Peer-to-peer C2 between all three implants Get more info at bit.ly/4cgw8rl
Outflank tweet media
English
0
31
116
24K