Type to search
Advanced channel search

TGStat Bot

Bot to get channel statistics without leaving Telegram
img
ad

SearcheeBot

Your guide in the world of telegram channels
img
ad

TGAlertsBot

Monitoring of keywords in channels and chats
img
ad

Telegram Analytics

Subscribe to stay informed about TGStat news.
img
ad

Offensive Twitter

@OffensiveTwitter
Channel's geo and language: India, English

~$ socat TWITTER-LISTEN:443,fork,reuseaddr TELEGRAM:1.3.3.7:31337
Disclaimer: https://t.me/OffensiveTwitter/546

Related channels  |  Similar channels
Channel's geo and language
India, English
Category
Cryptocurrencies
Statistics
Is this your channel? Confirm Channel history
Posts filter

Offensive Twitter

16 Nov, 16:23

Open in Telegram Share Report
Video is unavailable for watching
Show in Telegram
😈 [ NetSPI @NetSPI ]

Introducing PowerHuntShares 2.0 Release!

NetSPI VP of Research @_nullbind introduces new insights, charts, graphs, & LLM capabilities that can be used to map the relationships & risks being exposed through the network shares:

🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/powerhuntshares-2-0-release/

🐥 [ tweet ]
980 0 33 3
Offensive Twitter

16 Nov, 16:22

Open in Telegram Share Report
1.1k 0 71 8
Offensive Twitter

15 Nov, 08:56

Open in Telegram Share Report
😈 [ Zerotistic @gegrgtezrze ]

Excited to share my latest blog post: "Breaking Control Flow Flattening: A Deep Technical Analysis"

I showcase usage of formal proofs and graph theory to automate CFF deobfuscation, among other things !
Might make it a talk...? 👀

🔗 https://zerotistic.blog/posts/cff-remover/

🐥 [ tweet ]
1.5k 0 17 2
Offensive Twitter

14 Nov, 16:40

Open in Telegram Share Report
😈 [ Octoberfest7 @Octoberfest73 ]

This is a neat blog post on some of the new features in the 4.10 release of Cobalt Strike from @RWXstoned

🔗 https://rwxstoned.github.io/2024-11-13-Cobalt-Strike-customization/

🐥 [ tweet ]
1.8k 0 10 3
Offensive Twitter

14 Nov, 10:43

Open in Telegram Share Report
😈 [ drm @lowercase_drm ]

TIL you can ask the DC to resolve a foreign security principal by querying the msds-principalname (hidden) attribute. The DC will use the trust secret to perform authentication against the foreign domain and then call LsarLookupSids3 (so it even works with selective auth).

🐥 [ tweet ]
2.1k 0 23 4 2
Offensive Twitter

13 Nov, 23:09

Open in Telegram Share Report
😈 [ mpgn @mpgn_x64 ]

If you want to first blood a windows box in @hackthebox_eu every minute counts ! 🩸
I've added a special flag --generate-hosts-file so you just have to copy past into your /etc/hosts file and be ready to pwn as soon as possible 🔥

🐥 [ tweet ]
2.2k 0 21 1 14
Offensive Twitter

13 Nov, 23:09

Open in Telegram Share Report
😈 [ Steven @0xthirteen ]

I’ve always thought Seatbelt was a great situational awareness tool, I created a python implementation of it. Due to the nature of how I expect it to run, it only implements the remote modules, but I hope someone finds it useful.

🔗 https://github.com/0xthirteen/Carseat

🐥 [ tweet ]
1.9k 0 16 2
Offensive Twitter

12 Nov, 18:31

Open in Telegram Share Report
Forward from: 1N73LL1G3NC3
Шишинг с Rogue RDP. Используем встроенные средства Windows для проникновения в сеть

За последний год EDR и XDR значительно повысили уровень защиты от фишинга. Особые трудности доставляет эвристический анализ. Классическая рассылка документов теперь почти не работает. В качестве альтернативы я выбрал Rogue RDP как средство доставки и технику Living off the Land Binaries — для первичного доступа в сети заказчика.

P.S.
Наконец-то, спустя пол года, моя статья вышла в свет. Кстати, не так давно этой техникой стали активно пользоваться APT😄
1.8k 0 52 1 17
Offensive Twitter

12 Nov, 09:04

Open in Telegram Share Report
😈 [ 7eRoM @7eRoM ]

While verifying the PE digital signature in Windows kernel, I encountered several new terms and concepts, such as PKCS7, ASN.1, calculating the thumbprint, and verifying signatures.

🔗 https://github.com/7eRoM/tutorials/tree/main/Verifying%20Embedded%20PE%20Signature

🐥 [ tweet ]
2.3k 0 30 4
Offensive Twitter

11 Nov, 17:34

Open in Telegram Share Report
Video is unavailable for watching
Show in Telegram
😈 [ Rtl Dallas @RtlDallas ]

KrakenMask is back with more opsec

🔗 https://github.com/NtDallas/KrakenMask

🐥 [ tweet ]
2.6k 0 34 4
Offensive Twitter

11 Nov, 08:08

Open in Telegram Share Report
😈 [ Usman Sikander @UsmanSikander13 ]

7 Methods to dump lsass memory. This is a powerful tool provide users an option to extract data from lsass memory.

🔗 https://github.com/Offensive-Panda/ShadowDumper

🐥 [ tweet ]
2.6k 0 48 9
Offensive Twitter

9 Nov, 02:18

Open in Telegram Share Report
😈 [ 5pider @C5pider ]

Reimplemented the Early Cascade Injection technique documented by the @OutflankNL team

The code is boring but the blog post was very interesting to read, especially when it came to how the process is initialized and how LdrInitializeThunk works. Cheers

🔗 https://github.com/Cracked5pider/earlycascade-injection

🐥 [ tweet ]
3.4k 0 34 8
Offensive Twitter

8 Nov, 23:39

Open in Telegram Share Report
😈 [ Octoberfest7 @Octoberfest73 ]

There are some interesting detections for U2U/UnPAC the hash in certipy/rubues/mimiktaz/impacket based on TGS ticket options. Did some tinkering and by removing a few flags you can shake detection while still recovering the NT hash from a TGT.

🔗 https://medium.com/falconforce/falconfriday-detecting-unpacing-and-shadowed-credentials-0xff1e-2246934247ce

🐥 [ tweet ]
3.3k 0 48 9
Offensive Twitter

8 Nov, 19:35

Open in Telegram Share Report
😈 [ ap @decoder_it ]

A short and light post on one of my favorite topics: spotting and exploiting GPO misconfigurations, nothing too technical, just the basics! 😅

🔗 https://decoder.cloud/2024/11/08/group-policy-security-nightmares-pt-1/

🐥 [ tweet ]
3.2k 0 48 6
Offensive Twitter

7 Nov, 19:35

Open in Telegram Share Report
😈 [ eversinc33 🤍🔪⋆。˚ ⋆ @eversinc33 ]

Wanted to learn a bit about the .NET Common Intermediate Language (CIL) and programmatically modifying assemblies, so I wrote a quick automated deobfuscator for @dr4k0nia's XorStringsNet string obfuscator and a mini blog post:

🔗 https://eversinc33.com/posts/unxorstringsnet.html

🐥 [ tweet ]
3.5k 0 22 5
Offensive Twitter

6 Nov, 11:45

Open in Telegram Share Report
😈 [ Clement Rouault @hakril ]

In our search for new forensic artifacts at @ExaTrack, we sometimes deep dive into Windows Internals.
This one is about COM and interacting with remote objects using a custom python LRPC Client.

STUBborn: Activate and call DCOM objects without proxy:

🔗 https://blog.exatrack.com/STUBborn/

🐥 [ tweet ]
3.5k 0 31 4
Offensive Twitter

5 Nov, 01:44

Open in Telegram Share Report
😈 [ Cerbersec @cerbersec ]

nc -lvnp 4444
python -c 'import pty; pty.spawn("/bin/bash")'

🐥 [ tweet ]

спать, режим
3.9k 0 32 27
Offensive Twitter

4 Nov, 19:07

Open in Telegram Share Report
😈 [ Renzon @r3nzsec ]

I recently co-authored a @Unit42_Intel blog about a unique IR case in which a threat actor’s custom EDR bypass (using #BYOVD) exposed their toolkit, methods, and even identity. Check out how we unmasked them through an opsec slip-up! #dfir

🔗 https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/

🐥 [ tweet ]
3.4k 0 38 6
Offensive Twitter

4 Nov, 12:38

Open in Telegram Share Report
😈 [ Thomas Roccia 🤘 @fr0gger_ ]

New LOL project, LOLAD a collection of Active Directory techniques!👇

🔗 https://lolad-project.github.io/

🐥 [ tweet ]
4.2k 0 131 14
Offensive Twitter

2 Nov, 22:25

Open in Telegram Share Report
Лайфхак, как найти офсеты до интересующего символа в пачке PE разных ревизий Windows

1. Идем на winbindex.m417z.com, ищем нужный бинарь.
2. Сохраняем страничку локально (нормальной апихи не завезли, а результаты формируются на клиент сайде).
3. Граббим версии и ссылочки на загрузку (pup в помощь):
curl -s 'http://127.0.0.1/ntdll.dll%20-%20Winbindex.htm' | pup 'td:nth-of-type(5) text{}'
curl -s 'http://127.0.0.1/ntdll.dll%20-%20Winbindex.htm' | pup 'td:nth-of-type(8) a[href] attr{href}'
4. Формируем команды вида (ниже), копипастим в консоль, ждем пока все загрузится:
curl -sSL https://msdl.microsoft.com/download/symbols/ntdll.dll//ntdll.dll -o ntdll_.dll
5. Питоним скрипт для Binary Ninja по базовому экзамплу, получаем список офсетов:
import sys
import hashlib
from pathlib import Path
from multiprocessing import Pool, cpu_count, set_start_method

import binaryninja as bn

pe_dir = Path(sys.argv[1])
symbol_name = sys.argv[2]

def spawn(dll_path):
bn.set_worker_thread_count(2)
with bn.load(dll_path, update_analysis=True) as bv:
symbol_obj = bv.get_symbol_by_raw_name(symbol_name)
if symbol_obj:
with open(dll_path, 'rb') as f:
md5sum = hashlib.md5(f.read()).hexdigest()
print(f'[*] {dll_path.name}:{md5sum} -> {hex(symbol_obj.address)}')

if __name__ == '__main__':
set_start_method('spawn')
processes = cpu_count()-1 if cpu_count() > 1 else 1
pool = Pool(processes=processes)

results = []
for dll_path in pe_dir.glob('*.dll'):
results.append(pool.apply_async(spawn, (dll_path,)))

output = [result.get() for result in results]
Результат может быть полезен, например, для оценки примерных границ при поиске паттерна, когда заморачиваться с крафтом более аккуратного паттерна под все ОС лень, а так можно считерить и вывезти на грязном паттерне и более узких границах поиска:
PVOID getPattern(BYTE* pattern, DWORD patternSize, BYTE* startAddress) {
BYTE* addr = startAddress;
while (addr != (BYTE*)startAddress + 0xffff - patternSize)
{
if (addr[0] == pattern[0])
{
DWORD j = 1;
while (j < patternSize && (pattern[j] == '?' || addr[j] == pattern[j])) j++;
if (j == patternSize) return addr;
}
addr = addr + 1;
}

return NULL;
}
3.5k 0 54 19
20 last posts shown.