Offensive Twitter

😈 [ Justin Elze @HackingLZ ] Pwning C2 frameworks 🔗 https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/ 🐥 [ tweet ]

😈 [ Nikhil Hegde @ka1do9 ] In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions. 🔗 https://nikhilh-20.github.io/blog/peb_phobos_ransomware/ 🐥 [ tweet ]

😈 [ Koen Van Impe ☕ @cudeso ] Interesting approach shared by @Wietze on manipulating argv[0] to mislead security tools and analysts. A clever tactic for obfuscation! 🔗 https://www.wietzebeukema.nl/blog/why-bother-with-argv0 🐥 [ tweet ]

😈 [ Aleem Ladha @LadhaAleem ] I've fully automated the lab used for @_leHACK_ Active Directory 2024 workshop done by @mpgn_x64 and it's available for everyone ! 🔥 Also big kudos to @M4yFly for the playbooks and NetExec dev teams for this awesome tool ! Hope you enjoy, more to come 🔗 https://github.com/Pennyw0rth/NetExec-Lab 🐥 [ tweet ]

😈 [ Usman Sikander @UsmanSikander13 ] Basics to advanced process injection. Covering 25 techniques: 🔗 https://github.com/Offensive-Panda/ProcessInjectionTechniques 🐥 [ tweet ]

😈 [ Kurosh Dabbagh @_Kudaes_ ] Somebody asked if you can run a dll directly without rundll32 as you would do with an exe. You just need to remove the IMAGE_FILE_DLL flag from IMAGE_FILE_HEADER->Characteristics, which can be done with the option -e. Don't see much use for it tho ^^ 🔗 https://github.com/Kudaes/CustomEntryPoint 🐥 [ tweet ]

😈 [ John Hammond @_JohnHammond ] Well, this was a stupid insomnia project, but... 😂 Playground code is here: 🔗 https://github.com/JohnHammond/recaptcha-phish 🐥 [ tweet ][ quote ] завирусилось, прикольно

😈 [ Het Mehta @hetmehtaa ] Reversing a VPN client to hijack sessions 🔗 https://rotarydrone.medium.com/decrypting-and-replaying-vpn-cookies-4a1d8fc7773e 🐥 [ tweet ]

😈 [ Sam ☁️🪵 @Sam0x90 ] Interesting ZIP trick with __Macosx__ folder and LNK executing ftp script to execute embedded pythonw.exe zip > docx LNK > ftp.exe > disguised pythonw.exe > CS shellcode #CTI #DetectionEngineering 🔗 https://www.ctfiot.com/203334.html 🐥 [ tweet ]

😈 [ Jiří Vinopal @vinopaljiri ] Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be: Executed as a normal #exe Loaded as #dll + export function can be invoked Run via "rundll32.exe" Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub 🔗 https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode 🐥 [ tweet ]