The Land of Pleasant Living
Joined August 2017
These were better days...
This 😉
How often is a sans font used? Would rundII32 (capital letter i ) blend in better than rundll33? 🙃
5
This canary just got their wings clipped. If anyone has positions open for threat hunting / intelligence, slide into my DM's!
6
56
3
61
bohops retweeted
Found this LPE by hunting for leaked handles as described by @last0x00 here: aptw.tf/2022/02/10/leaked-ha…
CVE-2022-43997 Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL... cve.mitre.org/cgi-bin/cvenam…
2
18
1
45
rundll33.exe had a good run, but it is now time to move to rundll34.exe
rundll33.exe < -- smooth sailing ⛵️
2
23
bohops retweeted
The #SharpC2 releases now have a Windows build of the .NET MAUI client (still no macOS for now). Should make it easier for some folks to try it out. github.com/rasta-mouse/Sharp… The docs have also been updated some. sharpc2.readthedocs.io/en/la…
2
29
103
bohops retweeted
Have you ever wondered how RODCs work and whether compromising one would necessarily allow for privilege escalation? The answers are in my new post: At the Edge of Tier Zero: The Curious Case of the RODC posts.specterops.io/at-the-e…
2
179
6
743
bohops retweeted
🎉Attacking and Defending Azure/M365 course is released! 86 videos, 13 hours of content covering: > Forensics / Detection > Attack techniques / methodology > Mitigations > Log Analysis Enjoy <3 training.xintra.org/attackin…
2
43
2
156
DNS...it's always DNS
Reason for the #M365 outage?
4
Whatever you do, please don't retweet this for signal
3
4
6
And social experiment concluded in under 1 min 🤣
1
2
Time to reset the password for all of those ZIP files...
Yesterday someone claimed to have successfully breached vx-underground. They sent us footage of the attack. We have no idea what is going on in this footage. Video link: streamable.com/6nnhd3
11
I’m pleased to release Inline-Execute-PE, a CobaltStrike toolkit enabling users to load and repeatedly run unmanaged Windows exe’s in Beacon memory without dropping to disk or creating a new process each time. github.com/Octoberfest7/Inli… #redteam #cybersecurity #malware
5
185
6
407
I just released a tool I wrote awhile back called Gold Digger. It's nothing fancy but can be pretty helpful when needing to scan through a lot of files looking for credentials and other sensitive information. I use it on cloud pentests. github.com/ustayready/golddi…
2
60
229
I'm just so tired of losing family. Rest in peace 🙏
3
18
I wrote a blog post -> Boyer-Moore Search Optimization ft. ChatGPT Of course the post is about search optimization but it's actually also (maybe primarily) about using AI models like Copilot and #ChatGPT to make your workflow better! knifecoat.com/Posts/Boyer-Mo…
3
29
5
80
GIF
Show this thread
bohops retweeted
After continuing to see new tools emerging, which rely on extracting the NTDLL syscall IDs from "mov eax, X" instruction, I wanted to remind everyone that syscall IDs can easily be calculated by sorting the addresses of Nt*/Zw* functions in NTDLL from lowest to highest. 🍻
7
62
1
278