LainKusanagi

In this article I’ll show how to find and modify the assembly of binaries and shellcode as a way to evade byte based detection. I’ll first show how to do this manually then how to script it and finally show a tool we can also use. @luisgerardomoret_69654/modifying-the-assembly-of-binaries-and-shellcode-for-evasion-687874c5eb00" target="_blank" rel="nofollow noopener">medium.com/@luisgerardomo… #penetrationtesting

@idkhiddenwtf This guy ruined my country bro I'm Venezuelan what are you doing posting him with books 😭

In this article I show how to modify and compile a Shellcode loader made in Golang and then use it to load a Sliver C2 beacon. #redteaming #penetrationtesting @luisgerardomoret_69654/using-a-golang-shellcode-loader-with-sliver-c2-for-evasion-43a95f5ebc35?postPublishedType=repub" target="_blank" rel="nofollow noopener">medium.com/@luisgerardomo…

In this article I show how to modify GodPotato to evade antivirus and escalate privileges. @luisgerardomoret_69654/modifying-godpotato-to-evade-antivirus-f066aa779cf9" target="_blank" rel="nofollow noopener">medium.com/@luisgerardomo… #penetrationtesting #redteaming

My machine "Sysco" is available at Hack Smarter Labs! hacksmarter.org/events/4fff8db… #penetrationtesting

@S1r1u5_ Both of you are right, I wholeheartedly believe CTF can really upskill you and humble you but also think you need to keep learning IT and setting your own labs on the side, he is right that at least AV evasion CTF are rare. I think we should encourage people to do both things.

more importantly tho - CTF humbles you. it drags your ignorant i-know-it-all ass out of the mud, gives you the reality check, and forces you to level up every single day. i won't be going to bug bounty or security research until i grind CTFs for year or two(depends how fast you are) when you’re with your teammates competing people all over the world, you really see where you stand in capabilities and start to optimizes for where you are good at.

probably just engagement farming. CTF hate is usually skill insecurity and copium. plus all those skills mentioned are table stakes for any decent CTFers, they’re buys pwning browsers and tearing apart complex apps.

Easy machine, a bit of code analysis will quickly reveal what to exploit. Root was fun since you have to play with it then you can leak what you need easily. labs.hackthebox.com/achievement/ma… #hackthebox

Easy machine, pretty straightforward user flag. Root is also easy but I wonder if there are other privilege escalation paths since I feel like I picked the lowest hanging fruit. labs.hackthebox.com/achievement/ma… #hackthebox #penetrationtesting

I liked user, really digging into the application, really hard to figure the last step but once you do and look back, it makes a lot of sense. For root its more simpler than it looks and with the right search you can find what you need. labs.hackthebox.com/achievement/ma… #hackthebox

Pretty hard machine, having to abuse DNS in a way haven't done before, enumerating and abusing a completely new service for me, to discovering you can do a lot more than you can think of with a certain ACL. labs.hackthebox.com/achievement/ma… #hackthebox #penetrationtesting

Nice assumed breach linux box. User is easy, recent exploit then you have to dig a bit into sessions. Root I found it a bit tricky, really had to play and research about that binary. labs.hackthebox.com/achievement/ma… #hackthebox #penetrationtesting

@mccleod1290 If you just want to do bb you may not need oscp. I feel im not too experienced yet and this was my first bug. Stuff Ive found helpful was reading bb reports, watching yt channels like bb reports explained, zseano, nahamsec interviews, staying persistent and focusing on impact.

Well that went better than expected. #bugbounty

First triaged bug on a bug bounty program, wish me luck! #bugbounty

Cool machine, DACL abuse, grave and secrets digging, then enumerating from WSL. labs.hackthebox.com/achievement/ma… #penetrationtesting #hackthebox

Really tough machine, learned a lot from it, for user you will have to look into more novel AD attacks and get creative with ACLs. For root some enumeration and understanding clues should get you the next step and then perform kerberos abuse. labs.hackthebox.com/achievement/ma… #hackthebox

Nice machine where for user you research about abusing models, then some enumeration and abuse of functionality for root. hackthebox.com/achievement/ma… #hackthebox #penetrationtesting

Sharing my custom Amsi bypass that I kept private for a while, it patches AmsiOpenSession and is currently not detected by Defender. github.com/raskolnikov90/… #penetrationtesting

Really cool machine, lots of ACL abuse, enumerating beyond what BloodHound may show will reveal the grave we need to dig. hackthebox.com/achievement/ma… #hackthebox #penetrationtesting