pela0 · @p0ykz
47 followers · 654 posts · Server masto.komintern.work

#metasploit

Last updated 1 year ago

Just Another Blue Teamer · @LeeArchinal
128 followers · 193 posts · Server ioc.exchange

Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as . They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like , , and , they also rely on abusing , or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using , , or to download tools, and accessing process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and !

#powershell #certutil #bitsadmin #Lsass #happyhunting #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #readoftheday #flaxtyphoon #ChinaChopper #metasploit #mimikatz #lolbins

Last updated 1 year ago

Radu · @rci
60 followers · 73 posts · Server bitbang.social

Has anyone installed Metasploitable within Proxmox?
Can I just run an Ubuntu/Debian Linux container and install Metasploitable within it?

#proxmox #metasploit

Last updated 1 year ago

catatonicprime · @catatonicprime
24 followers · 188 posts · Server defcon.social

yay, my papercut finally landed in the framework! Lots of great ideas/feedback.

#exploit #metasploit

Last updated 1 year ago

AskUbuntu · @askubuntu
115 followers · 1951 posts · Server ubuntu.social

How to obtain username or password of another device?

askubuntu.com/q/1469891/612

#hacking #metasploit

Last updated 1 year ago

Machinegun is an advanced version of 's railgun, capable of reliably running arbitrary API functions on a remote computer and getting the results to the attacker's machine. github.com/Idov31/Machinegun

#metasploit #windows

Last updated 2 years ago

Chema Alonso :verified: · @chemaalonso
826 followers · 202 posts · Server ioc.exchange
pela0 · @p0y
80 followers · 2423 posts · Server masto.komintern.work
pela0 · @p0y
80 followers · 2289 posts · Server masto.komintern.work
Metasploit · @metasploit
3914 followers · 37 posts · Server infosec.exchange

The data/wordlists/password.lst password list in has also been updated to include the master password that suggests as an example when a user goes to create a new master password: r50$K28vaIFiYxaY

#metasploit #lastpass

Last updated 2 years ago

Metasploit · @metasploit
3914 followers · 36 posts · Server infosec.exchange

New in : SugarCRM , login scanner and credential gatherer for Wowza Streaming Engine Manager, and three new methods for .

Plus, admin/kerberos/forge_ticket now supports a new extra_sids option β€” which is useful for including cross-domain SIDs for forging external trust tickets as part of cross-trust domain escalation. The admin/kerberos/inspect_ticket has also been updated to support viewing these extra SID values.

More Kerberos and secrets dumping improvements in this week's wrap-up!

rapid7.com/blog/post/2023/03/1

#metasploit #rce #PetitPotam #kerberos

Last updated 2 years ago

Ron Bowes · @iagox86
1068 followers · 293 posts · Server infosec.exchange

As I'm gathering screenshots my presentation, I look over at my other monitor and realize just how cool and are

#northsec #metasploit #meterpreter

Last updated 2 years ago

· @infoidevice
14 followers · 94 posts · Server fosstodon.org
Mark Carter · @markcarter
318 followers · 1446 posts · Server hachyderm.io

Great initiative πŸ‘πŸ» Brings Threat Intel Data to the of South Lab πŸ›‘οΈ Rapid7 will provide the laboratory with access to its massive data initiatives, including , , and Sonar, says Corey Thomas, Rapid7's CEO. The laboratory will support interdisciplinary research efforts by faculty experts and students and help drive a deeper understanding of the challenges defenders are currently facing. darkreading.com/edge-articles/

#rapid7 #university #florida #cybersecurity #metasploit #velociraptor #infosec

Last updated 2 years ago

Metasploit · @metasploit
3868 followers · 37 posts · Server infosec.exchange

This week's wrap-up c/o @zeroSteiner:

* Running count of modules now available on Metasploit's docs site: docs.metasploit.com/docs/modul
* 2023 Google Summer of Code participation
* Basic discover script now supports commas in the RHOSTS value (also better error handling!)
* New modules: Froxlor log path RCE and an unauthenticated Javascript injection in pyLoad's Click 'N' Load service

rapid7.com/blog/post/2023/02/2

#metasploit

Last updated 2 years ago

Grant Willcox · @tekwizz123
76 followers · 144 posts · Server ruby.social

Don't think @RoseSecurity is on here but this guide he put together on is well worth a read, some good tips in here that I haven't seen explained elsewhere: medium.com/dev-genius/masterin

#metasploit

Last updated 2 years ago

Metasploit · @metasploit
3861 followers · 36 posts · Server infosec.exchange

New in last week's release:

* Exploits for Cisco RV Series and GitLab
* Bug fix for Arch warnings when starting msfconsole
* Updates to DLL template code that allow msfvenom to use (default Metasploit) DLL templates with payloads larger than 4096 bytes (e.g., unstaged payloads).

rapid7.com/blog/post/2023/02/1

#metasploit #cve_2022_20707 #cve_2022_2992

Last updated 2 years ago

serious business :donor: · @ceresbzns
190 followers · 467 posts · Server infosec.exchange

It seems like there are somewhat perverse incentives around corporations like Rapid7 and Fortra building tools that end up being popularly adopted by threat actors.

Has there been any public discussion of that? Is it just old discourse and I need to catch up?

#infosec #cybersecurity #cobaltstrike #metasploit #threatintel

Last updated 2 years ago

Grant Willcox · @tekwizz123
73 followers · 129 posts · Server ruby.social

Calling all Belfast folks: Metasploit is now hiring a Lead Software Engineer. These positions don't often open and its a great chance to get to work with a great team of engineers who are very passionate about finding creative solutions. If you like working with open source software, , , automation, and have worked with Framework in the past, you'll be right at home :) careers.rapid7.com/jobs/lead-s.

Note this job is in office in and is not remote.

#ruby #rubyonrails #metasploit #belfast

Last updated 2 years ago

Yo fans: It's on, right now.

twitch.tv/zerosteiner

#metasploit

Last updated 2 years ago