David @dmcxblue

Amateur Photographer, Red Team Enthusiast

 Someone’s network
dmcxblue.net
Joined September 2012
  • Tweets 4,398
  • Following 371
  • Followers 1,726
332 Photos and videos
Pinned Tweet
David @dmcxblue
23 Jan 2021
😋 dmcxblue.gitbook.io/red-team…

Introduction

Red Team Notes 2.0

dmcxblue.gitbook.io
6
18
1
102
Show this thread
David retweeted
n00py @n00py1
Jun 3
Another new twist on the .zip TLD. Fascinating.
pfiatde @pfiatde
Jun 2
Did you know explorer.exe can directly use WebDAV. Building an attack chain involving a .zip TLD, Windows Explorer, WebDAV and a jar file. badoption.eu/blog/2023/06/01…
1
20
75
David retweeted
pfiatde @pfiatde
Jun 2
Did you know explorer.exe can directly use WebDAV. Building an attack chain involving a .zip TLD, Windows Explorer, WebDAV and a jar file. badoption.eu/blog/2023/06/01…
5
123
8
333
GIF
Finally I think I am "OK" where I finally reached with this Framework, about 10 methods for attachments and 6 container. I will continue this tool, really loving it how it's coming up. Break Time. 😌 #redteam #BREAKTIME
1
14
GIF
video.twimg.com/tweet_video/…
David retweeted
icyguider @icyguider
Jun 1
I made a tool that will generate an obfuscated DLL to bypass AMSI & ETW without getting blocked by AV. Patch and patchless (hwbp) options available. Could be useful for pentests. Was also good to practice my C. 😬 Enjoy! github.com/icyguider/LightsO…

GitHub - icyguider/LightsOut: Generate an obfuscated DLL that will disable AMSI & ETW

Generate an obfuscated DLL that will disable AMSI & ETW - GitHub - icyguider/LightsOut: Generate an obfuscated DLL that will disable AMSI & ETW

github.com
6
115
371
After watching some Offensive Talks, looks like application is really popular started looking into running applications, some are easy but custom ones I am still working on it. 😅 #redteam
6
GIF
After the recommendation - @mubix , I added the URL File extensions for credentials I tried adding more files but there was no option for obfs or encryption, at least not in my skillz. Also added more containers this time for MOTW and the use of Outlook Attachments. #redteam
2
13
David retweeted
Kurosh Dabbagh @_Kudaes_
May 30
New process injection technique through entry points hijacking. - Threadless or threaded, at will. - No hooking. - No RWX memory permissions. - No new threads with start address pointing to the injected shellcode. github.com/Kudaes/EPI

GitHub - Kudaes/EPI: Process injection technique through entry points hijacking.

Process injection technique through entry points hijacking. - GitHub - Kudaes/EPI: Process injection technique through entry points hijacking.

github.com
8
173
3
453
NO CONTEXT HUMANS 👤
142
618
81
7,187
7,048,438
Windows Metadata: If you code in C# & need to call Windows API directly I can strongly recommend the Windows Metadata project. Just import the metadata into ILSpy & you will get language specific WinAPI declarations for C#. github.com/microsoft/windows…
10
1
32
Let's be honest sometimes we don't want a shell, right? Or maybe we can't because of our malicious code 😟. Let's capture creds then abusing the Icon location of the LNK file, user just needs to visit the folder location of the LNK and BOOM!! hashes. #redteam
3
3
29
GIF
video.twimg.com/tweet_video/…
2
I like the enthusiasm from people who are working on Labs and learned a ton from them, but me, it was painful!! 4 months!!! 4!!!!!. No more Labs. #redteam
1
3
17
David retweeted
Kyle Avery @kyleavery_
May 25
Last week I ported TinyNuke HVNC to a Cobalt Strike BOF: github.com/WKL-Sec/HiddenDes…

GitHub - WKL-Sec/HiddenDesktop: HVNC for Cobalt Strike

HVNC for Cobalt Strike. Contribute to WKL-Sec/HiddenDesktop development by creating an account on GitHub.

github.com
10
149
7
415
David retweeted
Stephen Sims @Steph3nSims
May 17
Quick update on the Hackfest Hollywood summit! CFP is open! Submit here by July 17th! sans.org/mlp/pen-test-hackfe… Keynotes: Day 1: @chompie1337 Day 2: @inversecos Confirmed talks by @FuzzySec & @33y0re! In person is only $325 & free virtual! This will sell out! Reg soon!
3
20
2
50
Show this thread
More containers added to test if they remove MOTW, some built in Windows one's don't work any longer. 😢 Well a few more attachments to work on for today. #redteam
1
11
Attachments peek my interest specially when there are plenty!. The pif file got my curiosity, I had to programmatically build the pif so I can choose the execution/injections I wanted, in this POC I added AES, will add the container options and XOR as well!!. ⚔️🔴📎 #redteam
3
4
17
GIF
Of Course now I have to make sure it runs with a C2
4
GIF
video.twimg.com/tweet_video/…
1
Show this thread
I am giving away 2 seats of our #CRTP course with one month lab access (alteredsecurity.com/adlab) Retweet this tweet and reply with why would you like the course. We will choose 2 random winners on 1st June 2023. #infosec #AlteredSecurity tweeter.jakobs.systems/i/web/status/166…
272
351
30
405
Show this thread
Load more