Bryan McNulty
@bryanmcnulty.bsky.social
Hackerman @ https://falconops.com
GoExec v0.2.0 is live!
This includes two new DCOM-based execution methods: ShellWindows and ShellBrowserWindow.
Much more on the way (especially involving DCOM lateral movement) so stay tuned!
github.com/FalconOpsLLC...
This includes two new DCOM-based execution methods: ShellWindows and ShellBrowserWindow.
Much more on the way (especially involving DCOM lateral movement) so stay tuned!
github.com/FalconOpsLLC...
Release v0.2.0 · FalconOpsLLC/goexec
Major Changes
f284a0a dcom: new method: shellbrowserwindow
1c931fb dcom: new method: shellwindows
Changes
420fbd9 Default string bindings for TSCH,SCMR
10eee0e Fix SMB dialect negotiation (#13)
...
github.com
September 9, 2025 at 7:37 AM
GoExec v0.2.0 is live!
This includes two new DCOM-based execution methods: ShellWindows and ShellBrowserWindow.
Much more on the way (especially involving DCOM lateral movement) so stay tuned!
github.com/FalconOpsLLC...
This includes two new DCOM-based execution methods: ShellWindows and ShellBrowserWindow.
Much more on the way (especially involving DCOM lateral movement) so stay tuned!
github.com/FalconOpsLLC...
Reposted by Bryan McNulty
This looks off to you? Yeah...
In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.
But it can get even worse 1/4🧵
In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.
But it can get even worse 1/4🧵
March 3, 2025 at 6:01 PM
This looks off to you? Yeah...
In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.
But it can get even worse 1/4🧵
In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.
But it can get even worse 1/4🧵
Reposted by Bryan McNulty
In our latest article, our ninja laxa revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at www.synacktiv.com/publications....
LSA Secrets: revisiting secretsdump
www.synacktiv.com
February 20, 2025 at 10:55 AM
In our latest article, our ninja laxa revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at www.synacktiv.com/publications....
Reposted by Bryan McNulty
In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪
👉 blog.scrt.ch/2025/02/18/r...
👉 blog.scrt.ch/2025/02/18/r...
February 19, 2025 at 9:13 AM
In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪
👉 blog.scrt.ch/2025/02/18/r...
👉 blog.scrt.ch/2025/02/18/r...