Offensive Twitter

😈 [ Balthasar @BalthasarMartin ] Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have. Blog: 🔗 https://srlabs.de/blog-post/certiception-the-adcs-honeypot-we-always-wanted Source code: 🔗 https://github.com/srlabs/Certiception Slide deck, including our guide to deception strategy: 🔗 https://github.com/srlabs/Certiception/blob/main/documentation/ 🐥 [ tweet ]

😈 [ HADESS @Hadess_security ] 64 Methods For Execute Mimikatz 🔗 https://redteamrecipe.com/64-methods-for-execute-mimikatzrtc0003 🐥 [ tweet ]

😈 [ S3cur3Th1sSh1t @ShitSecure ] Didn't check the code yet, but looks like SilverPotato and CertifiedDCOM have a working public weaponized tool by now: 🔗 https://github.com/CICADA8-Research/RemoteKrbRelay That's huge news from my perspective🔥 🐥 [ tweet ] дежавю, где-то я это уже видел... whatever

😈 [ Lsec @lsecqt ] I created a blog-post about MSSQL relay attack. Hope you enjoy and find this useful: 🔗 https://lsecqt.github.io/Red-Teaming-Army/active-directory/compromising-mssql-databases-by-relaying/ 🐥 [ tweet ]

😈 [ Daniel @0x64616e ] Added support for LAPSv2 to BloodHound[.]py: 🔗 https://github.com/dirkjanm/BloodHound.py/pull/159 🐥 [ tweet ]

😈 [ Daniel @0x64616e ] Did you know curl on Windows can authenticate via SSPI? Proxy auth works as well. 🐥 [ tweet ]

😈 [ X-C3LL @TheXC3LL ] You can find my slides for "Offensive VBA" talk here 🔗 https://github.com/X-C3LL/congresos-slides/blob/master/Offensive%20VBA.pdf 🐥 [ tweet ]

😈 [ NULL @NUL0x4C ] FetchPayloadFromDummyFile: A tool to obfuscate your payload while reducing entropy by converting the payload to arrays of offsets. 🔗 https://github.com/NUL0x4C/FetchPayloadFromDummyFile 🐥 [ tweet ]