drm
@lowercasedrm.bsky.social
π€ 16
π₯ 25
π 16
@almondoffsec but
#pywerview
at night
4 channels @ 800 MS/s for < 80β¬ ? π₯° TPM sniffing is cheaper than ever
www.cnx-software.com/2025/11/12/6...
2 months ago
0
0
0
reposted by
drm
Almond Offsec
2 months ago
Callstacks are largely used by the Elastic EDR to detect malicious activity. SAERXCIT details a technique to evade a callstack-based detection and allow shellcode to load a network module without getting detected. Post:
offsec.almond.consulting/evading-elas...
PoC:
github.com/AlmondOffSec...
0
4
2
reposted by
drm
π₯ leonjza
4 months ago
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
2
9
10
badsuccessordumper.py
is not dead!*
gist.github.com/ThePirateWho...
*terms and conditions apply
5 months ago
0
0
0
π«‘
@synacktiv.com
5 months ago
0
0
0
The code is here. As always, "Not tested in prod, use at your own risk". All credit goes to YuG0rd, snovvcrash and fulc2um.
gist.github.com/ThePirateWho...
add a skeleton here at some point
6 months ago
0
0
0
dMSA are now supported by impacket (thanks fulc2um!), so its time for `badsuccessordumper.py` !
github.com/fortra/impac...
6 months ago
0
1
1
reposted by
drm
Almond Offsec
7 months ago
Following ShitSecure's TROOPERS talk and release of BitlockMove, we're releasing our internal DCOMRunAs PoC made by SAERXCIT last year. It uses a similar technique with a few differences, such as DLL hijacking to avoid registry modification.
github.com/AlmondOffSec...
0
2
1
TIL there is a pure Powershell port of PassTheCert, by TheViperOne. Kudos π«‘
github.com/The-Viper-On...
7 months ago
0
2
0
reposted by
drm
Almond Offsec
7 months ago
Did you know deleting a file in Wire doesnβt remove it from servers? Team member myst404 took a closer look at Wire's asset handling and identified 5 cases where behaviors may diverge from user expectations.
offsec.almond.consulting/deleting-fil...
0
2
1
1k stars π Thank you everyone
7 months ago
0
1
0
reposted by
drm
RedTeam Pentesting
8 months ago
Newer Windows clients often enforce signing βοΈ when using SMB fileshares. To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.βpy based on a prior work by
@lowercasedrm.bsky.social
.
github.com/fortra/impac...
loading . . .
smbserver.py: add signing support by using computer account with NetLogon by rtpt-romankarwacik Β· Pull Request #1975 Β· fortra/impacket
This pull requests adds the option to support signing for arbitrary clients in a domain. Most of the NetLogon code is based on this gist by @ThePirateWhoSmellsOfSunflowers. To use this functionalit...
https://github.com/fortra/impacket/pull/1975
0
2
1
ldap3 is not dead! π₯³ π
github.com/cannatag/lda...
9 months ago
0
0
0
Recently sniff a SPI bus for the first time (with and without PIN) on a Lenovo T470. It's quite fun, event with a DSLogic! s/o
@en4rab.bsky.social
for SPITkey.
9 months ago
1
2
1
reposted by
drm
SensePost
10 months ago
GLPI (popular in France & Brazil) versions 9.5.0-10.0.16 allow hijacking sessions of authenticated users remotely. The details & process of discovering the vulnerability is detailed by @GuilhemRioux here:
sensepost.com/blog/2025/le...
Tooling:
github.com/Orange-Cyber...
Demo:
youtu.be/OTaCV4-6qHE
0
3
4
#pywerview
0.7.3 is out!
github.com/the-useless-...
π»
10 months ago
0
1
0
Another free
#impacket
IoC: just search for packets with Auth Context ID = 79231 within your DCERPC traffic.π΅οΈββοΈ
11 months ago
0
0
0
i was bored at night, so i played with the netsync attack. Meet
netdumper.py
, a pure TCP RPC based script to netsync machine (and gMSA!) accounts. Nothing new, mostly based on previous works by @exploitph @4ndr3w6S, @evi1cg et al.
gist.github.com/ThePirateWho...
π»
11 months ago
0
0
0
Netlogon used as SSP (AES version) to perform lsaLookupSid3.
gist.github.com/ThePirateWho...
All you need is
#impacket
PR 1848
12 months ago
1
1
0
you reached the end!!
feeds!
log in
