whynotsecurity ретвитнул
Fresh off the #WayWest2022 Toolshed, dropping my new Office365 userenum technique against Federated tenants, check it out below!
B: whynotsecurity.com/blog/o365feden…
G: github.com/knavesec/o365f…
English
whynotsecurity
15 posts
whynotsecurity ретвитнул
Time for another tool drop. This one I wrote a couple weeks ago for converting ldapdomaindump data to Bloodhound data. Currently only the bare minimum to get data uploaded into Bloodhound works.
B: whynotsecurity.com/blog/ldd2bh/
G: github.com/blurbdust/ldd2…
English
whynotsecurity ретвитнул
Awhile back I wrote a tool to look for Windows registry files in a given haystack of data (.tar, .vhd, .vmdk). If impacket is installed, it will automatically secretsdump the found registry files.
B: whynotsecurity.com/blog/needle/
G: github.com/blurbdust/need…
English
whynotsecurity ретвитнул
XSS to RCE: Covert Target Websites into Payload Landing Pages, good introduction article by @knavesec
bit.ly/3DdZaXB
English
whynotsecurity ретвитнул
XSS to RCE: Hosting your phishing payload on your client's website, a fun technique for boosting your phishing click rate based off a real attack from a known ransomware threat group
Blog: whynotsecurity.com/blog/xss-to-rc…
English
Cool new way to make eyewitness web enum more opsec friendly, designed to bypass scan prevention techniques. Check it out!
Ellis Springe@knavesec
EyeWitnessTheFitness: create a single Fireprox API that can pass thru to multiple web endpoints. No need to generate multiple APIs to do enum, more opsec friendly, and helps bypass scan prevention techniques that filter by IP B: whynotsecurity.com/blog/eyewitnes… G: github.com/knavesec/EyeWi…
English
whynotsecurity ретвитнул
New APIs/syscalls for EDR bypass (@yarden_shafir), UAF browser exploit dev (@33y0re), PowerView replacement [EDD] (@FortyNorthSec), phishing banner defeat (@whynotsecurity), malware packer teardown (@fumik0_), NANDcromancy (@Atredis), and more! blog.badsectorlabs.com/last-week-in-s…
English
Shoutout to @ldionmarcil for making it public. Phishing “external email” warning bypass POC and writeup #redteam
Ellis Springe@knavesec
Since it was made public, time to release! Big "External Email" phishing warnings on Outlook webapp & client can be obfuscated with some simple CSS/HTML injections into your phishing email. Writeup, Remediations & POC: whynotsecurity.com/blog/external-… #RedTeam
English
whynotsecurity ретвитнул
New blog post going into the details about the potato exploits and SeImpersonatePrivilege. micahvandeusen.com/the-power-of-s…
English
Introducing Credmaster! Easy & anonymous password spraying suite to beat throttle detections. Based on prior work by @ustayready with just a touch of extra research and features
Tool: github.com/knavesec/CredM…
Blogpost: whynotsecurity.com/blog/credmaste…
English
The BloodHound Domain Password Audit Tool, the newest feature of Max. Run cracked password analysis to identify vulnerable groups, privileges and patterns using the power and information of BloodHound. Based off previous work by @OrOneEqualsOne whynotsecurity.com/blog/max3/
English
Go check this out, new Bloodhound attack primitive plus some updates to a great tool
Ellis Springe@knavesec
Its national dog day, so naturally its time to release an update on Max! This update includes a new attack primitive with how it works, as well as some new features to a few of the old functions for better data extraction. Post: whynotsecurity.com/blog/max2/
English
Back with a new blog post, step up your Bloodhound game with Max! Makes it far easier to extract information and interact with the database whynotsecurity.com/blog/max/
English
@whynotsecurity Hello thank you. Can you confirm where the registry keys are and that they do not have limiting ACLs on them?
English
We are announcing our new blog with a post about Teamviewer and storing user passwords encrypted and not hashed allow for easy plaintext retrieval from the Windows registry.
whynotsecurity.com/blog/teamviewe…
English