Eloy @[email protected]

I was playing with code injection to read processes keyrings on Linux. I've wrote a new tool, keydump, and showing how we can use it to extract cleartext credentials from sssd. Not an easy exploitable scenario, but I hope you like the article!! hackliza.gal/en/posts/keydu…

Shellnova: A template for generating advances Linux shellcodes from c code that resolves libc functions dynamically. Inspired from Windows Stardust of @C5pider. gitlab.com/Zer1t0/shellno…

Recently I've working with Azure from Linux, but found it a limited for hacking, so I'm improving it with my "extensions". My favorite is az-login-with-token, to inject an Access or Refresh Token in the token cache, and using them from Azure Cli. gitlab.com/Zer1t0/aze

Non estabamos mortos, andabamos de parranda! Así que nos vemos en Vigo o 16 de Marzo xentiña

Created a POC of C client with configurable HTTP profiles. It is based on Mythic dynamichttp configuration style. Shouldn't be hard to adapt it for Cobalt profiles. gitlab.com/Zer1t0/vx-http…

I've been playing and implementing HellsGate technique for learning, but found cumbersome to use 2 procedures (HellsGate and HellDescent) for using syscalls, so implemented zsyscall to use syscall in one step. gitlab.com/Zer1t0/zsyscall

Been working in @devo_Inc for a month and get fired on a layoff. Wonder why they hire me if they know this was coming. Quite unprofessional. Had to reject offers to accept this one 😡. And how they will offer a good security product firing security people?

I've playing with AWS security, and found the resources/perms enumeration tools quite limited, so developed github.com/zer1t0/awsenum with service filtering and recursion (e.g, automatically check S3 buckets you have access). It is still incomplete, but hope you find it useful.

Time ago, I've written an alternative for python http.server that allows me to also upload files easily. I've been using it these days, and I think is worth to share github.com/eloypgz/httpsw…

I've playing with ADCS these days to understand the great attacks published by @harmj0y and @tifkin_ , so I created a python version of certify for understand them. Hope you find it useful. github.com/eloypgz/certi

Ao @eloypgz moito lle gusta fozar, trae unha nova entrada no blogue: “Usando libfuzzer en proxectos compilados con autotools”. hackliza.gal/posts/libfuzze…

New post by @eloypgz “Using libfuzzer in autotools compiled projects”: hackliza.gal/en/posts/libfu…

@haxisac @mvelazco Hi, I don't understand your question, could you explain it a little more

@Zer1t0 @mvelazco I have a somewhat stupid question, but hey I ask it anyway, is there a solution to find out which computers are on which to activate the internet connection and which ones do not?

I've just published a guide about how attack Active Directory, putting in there what I think a pentester should know (attacks/protocols/etc) about AD. I hope you find it useful zer1t0.gitlab.io/posts/attackin…

@theluemmel @g3rzi Wow, I've checking and you are right. First, the NTLM hashes* are NT hashes and now this. Why is terminology so complicated sometimes? I'll work to fix that. Thank you 😀 (*And NetNTLM hashes are NTLM hashes)

@Zer1t0 @g3rzi Wow this is awesome. Thank you so much for sharing. I have a minor complaint regarding the Ticket Types: You refer to TGSs (Ticket Granting Service) as a kind of ticket. The TGS in fact is a part of the KDC which issues Service Tickets. What you mean are simply Service Tickets.

@kildonan5 Sure, you can create Silver tickets or performing a RBCD attack to get Administrative privileges. What I mean is that the account itself doesn't have those privileges (which may be counter-intuitive), you need some kind of attack to get them. I take note for comment it. Thanks

@Zer1t0 Great writeup. Minor point, in DC account you write " This computer account is used by the SYSTEM local account to interact with the domain, but not locally, thus, this account has no administrative privileges in the machine." but dont forget silver tickets = admin privs

I've also playing with ARP these days and I've implemented some of the old known techniques like ARP Spoofing (several hosts at a time) and ARP scan in Rust #rustthemall #oldbutgold github.com/Zer1t0/arplayer

I've playing with DHCP these days and I've implemented some of the old known attacks like (rogue) DHCP server and DHCP starvation in Rust #rustthemall github.com/Zer1t0/dhcplay…

@pwntools Done. I hope this will be helpful. github.com/Gallopsled/pwn…

@Zer1t0 Can you create a pull request against the main Pwntools repository so that we can track this and hopefully get it merged at some point?

A year ago I implement a heap examination module for @pwntools that finally was not merged cause my lack of time. If anyone is interested in continuing the project I would like to let you know that there is a lot of code in my branch. github.com/Gallopsled/pwn…

I made a little tool to discover computer name/domain and OS version based on NTLM challenge, which can be useful for recon in internal networks or internet. github.com/Zer1t0/ntlm-in…