Reposted by Yeeb
Got sniped into the challenge and ended up doing some cool XSS research :D
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
December 14, 2024 at 1:17 PM
Got sniped into the challenge and ended up doing some cool XSS research :D
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
Reposted by Yeeb
This is a mad vulnerability in Magento. You put XML in JSON and use it to trigger PHP deserialization. A lot of work must have gone into putting all this together.
www.vicarius.io/vsociety/pos...
www.vicarius.io/vsociety/pos...
November 29, 2024 at 10:07 AM
This is a mad vulnerability in Magento. You put XML in JSON and use it to trigger PHP deserialization. A lot of work must have gone into putting all this together.
www.vicarius.io/vsociety/pos...
www.vicarius.io/vsociety/pos...
Reposted by Yeeb
Excited to share a tool I've been working on - ShadowHound.
ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them.
blog.fndsec.net/2024/11/25/s...
ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them.
blog.fndsec.net/2024/11/25/s...
November 25, 2024 at 12:25 PM
Excited to share a tool I've been working on - ShadowHound.
ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them.
blog.fndsec.net/2024/11/25/s...
ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them.
blog.fndsec.net/2024/11/25/s...
Reposted by Yeeb
Torn on sharing this, but I think it's important everyone be aware
The Office 365 Management Activity API is awesome, but it's also an incredible persistence location to monitor a victim that is almost invisible once set up
Let me explain how it works and what to look for ;)
The Office 365 Management Activity API is awesome, but it's also an incredible persistence location to monitor a victim that is almost invisible once set up
Let me explain how it works and what to look for ;)
November 24, 2024 at 8:09 AM
Torn on sharing this, but I think it's important everyone be aware
The Office 365 Management Activity API is awesome, but it's also an incredible persistence location to monitor a victim that is almost invisible once set up
Let me explain how it works and what to look for ;)
The Office 365 Management Activity API is awesome, but it's also an incredible persistence location to monitor a victim that is almost invisible once set up
Let me explain how it works and what to look for ;)
Reposted by Yeeb
Oh yeah guess I should post here as well. New Mythic agent released: github.com/MythicAgents...
GitHub - MythicAgents/Hannibal: A Mythic Agent written in PIC C.
A Mythic Agent written in PIC C. Contribute to MythicAgents/Hannibal development by creating an account on GitHub.
github.com
November 20, 2024 at 9:10 PM
Oh yeah guess I should post here as well. New Mythic agent released: github.com/MythicAgents...
Reposted by Yeeb
In this blog post i breaks down how attackers can exploit and abuse service principals and what you can do to defend against it.
Check it out here:
laythchebbi.com/index.php/20...
#AzureSecurity #PrivilegeEscalation #OffensiveSecurity #CloudSecurity #Cybersecurity
Check it out here:
laythchebbi.com/index.php/20...
#AzureSecurity #PrivilegeEscalation #OffensiveSecurity #CloudSecurity #Cybersecurity
Privilege escalation using Azure Service principal
Introduction In Microsoft Azure, the management of access and permissions is critical for maintaining a secure environment. Azure Service Principals serve as non-human identities that allow applicatio...
shorturl.at
November 21, 2024 at 10:35 AM
In this blog post i breaks down how attackers can exploit and abuse service principals and what you can do to defend against it.
Check it out here:
laythchebbi.com/index.php/20...
#AzureSecurity #PrivilegeEscalation #OffensiveSecurity #CloudSecurity #Cybersecurity
Check it out here:
laythchebbi.com/index.php/20...
#AzureSecurity #PrivilegeEscalation #OffensiveSecurity #CloudSecurity #Cybersecurity
Reposted by Yeeb
Following my prev tweet, my Kerberos MITM relay/forwarder is almost finished! It targets for example insecure DNS updates in AD, allowing DNS name forgery. It intercepts, relays, and forwards traffic, with the client unaware. Currently supporting smb->smb and smb->http (adcs)
November 20, 2024 at 11:21 AM
Following my prev tweet, my Kerberos MITM relay/forwarder is almost finished! It targets for example insecure DNS updates in AD, allowing DNS name forgery. It intercepts, relays, and forwards traffic, with the client unaware. Currently supporting smb->smb and smb->http (adcs)
Reposted by Yeeb
WHOA! 🤯
We can now configure FQDN based filtering in Defender Firewall without Intune/Defender for Endpoint?
Looks like we can do create these rules via PowerShell or GPO (likely need to update your ADMX templates)
learn.microsoft.com/en-us/window...
We can now configure FQDN based filtering in Defender Firewall without Intune/Defender for Endpoint?
Looks like we can do create these rules via PowerShell or GPO (likely need to update your ADMX templates)
learn.microsoft.com/en-us/window...
November 20, 2024 at 7:19 AM
WHOA! 🤯
We can now configure FQDN based filtering in Defender Firewall without Intune/Defender for Endpoint?
Looks like we can do create these rules via PowerShell or GPO (likely need to update your ADMX templates)
learn.microsoft.com/en-us/window...
We can now configure FQDN based filtering in Defender Firewall without Intune/Defender for Endpoint?
Looks like we can do create these rules via PowerShell or GPO (likely need to update your ADMX templates)
learn.microsoft.com/en-us/window...
Reposted by Yeeb
November 19, 2024 at 9:07 AM
Reposted by Yeeb
In addition to your list, Vulnlab provides another set of labs at (imo) a reasonable price: www.vulnlab.com
Vulnlab
www.vulnlab.com
November 19, 2024 at 8:35 PM
In addition to your list, Vulnlab provides another set of labs at (imo) a reasonable price: www.vulnlab.com