17 Photos and videos
Sylvain Heiniger retweeted
17 Dec 2024
Ups and downs of #redteam engagements. When the standard payloads don’t cut it, innovation wins. Learn how we misused a screenshot tool to load shellcode… at the fifth attempt!…
blog.compass-security.com/20…
17
58
4,537
Sylvain Heiniger retweeted
11 Dec 2024
I am excited to share with you my latest research - "DCOM Upload & Execute"
An advanced lateral movement technique to upload and execute custom payloads on remote targets
Forget about PSEXEC and dive in!
deepinstinct.com/blog/forget…
github.com/deepinstinct/DCOM…
12
245
594
40,912
Sylvain Heiniger retweeted
20 Nov 2024
Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏
Check out our latest blogpost by @hugow_vincent to discover how to perform this attack:
synacktiv.com/publications/r…
1
144
325
32,027
Sylvain Heiniger retweeted
1 Oct 2024
COM is old but gold—for attackers! 🚨 In our latest blog, Sylvain Heiniger (@sploutchy) exposes a privilege escalation vulnerability in the Google Chrome updater. Want to know how cross-session EoP still happens today? Check it out! #COM
blog.compass-security.com/20…
93
194
16,313
Sylvain Heiniger retweeted
17 Sep 2024
DCOM cross-session coercion Kerberos = 💣 We took a closer look at the attacks discovered by @decoder_it and @D1iv3 earlier this year and made a PoC in Python! Curious? Full blog post here: blog.compass-security.com/20…
#potato #impacket
4
49
120
8,966
Sylvain Heiniger retweeted
30 Jan 2024
You like device code phishing? You will like Felix Aeppli’s latest research even more. He shows how to backdoor Entra ID phished accounts by adding a new sign-in method. Details and PoC here: blog.compass-security.com/20…
9
14
1,981
Sylvain Heiniger retweeted
24 Oct 2023
Collision – Compass Security was able to execute their stack overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points. #Pwn2Own
1
10
43
11,749
Sylvain Heiniger retweeted
5 Jun 2023
Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain left-to-right mark (U 200E)
Links in <a> tags will show the fake domain, but open the real domain.
No need to buy .zip! :) Convincing #phishing #redteam
13
229
803
117,213
Sylvain Heiniger retweeted
10 Jan 2023
We did it again with #LocalPotato!
A not-so-common NTLM reflection attack allowing for arbitrary read/write. Basically EoP from user to SYSTEM.
Tracked as #CVE-2023-21746 - Windows NTLM EoP
Soon more details --> localpotato.com
cc @splinter_code
14
266
711
90,146
Sylvain Heiniger retweeted
14 Dec 2022
🆕More personal news here ..
I want to share that the Impacket project is moving to @fortraofficial's @CoreSecurity!
It will now be part of their open source portfolio, and funded with a team of very talented security professionals.
github.com/fortra/impacket
#impacket
1
38
171
Sylvain Heiniger retweeted
8 Dec 2022
Recordings of #blackalps22 are available here: blackalps.ch/ba-22/talks.php
13
17
Sylvain Heiniger retweeted
30 Nov 2022
Next week I will present a #talk at #BlackHat Europe 2022 on how to automate the search of RPC functions allowing to coerce authentications on #Windows.
Alongside this talk, I'm publishing a brand new version of #Coercer!
➡️Check it out here: github.com/p0dalirius/Coerce…
3
64
163
Sylvain Heiniger retweeted
1 Dec 2022
Found an vhdx/vmdk/vhd file in a network share? Volumiser from @_EthicalChaos_ gets you covered to exfiltrate e.G. SAM/SYSTEM to compromise the system via Administrator Pass-The-Hash:
github.com/CCob/Volumiser
Really easy and intuitive to use 👏
5
102
279
Sylvain Heiniger retweeted
28 Nov 2022
Si tu as aidé une dame à vélo aujourd'hui devant un tram à Genève, peut-être tu as perdu cet airpod qui est tombé par terre. #airpod #28.11.2022 #geneve #geneva x.com/JJPomareta/status/1597…
1
Sylvain Heiniger retweeted
16 Nov 2022
At @BlackAlpsConf, our analyst Sylvain Heiniger @sploutchy presented a new attack path to AD CS. Read his blog post for details and tools updates. #adcs #esc11 #ntlmrelay #rpc #msrpc
blog.compass-security.com/20…
5
76
145
Sylvain Heiniger retweeted
24 Oct 2022
At the end of my talk @BlackHatEvents #Europe 2022, I'll release a completely refactored version of #Coercer. It will include lots of new features useful for pentesters and researchers. 🎉🥳
Star this repository github.com/p0dalirius/Coerce… and/or follow me so you don't miss it!👌
18 Oct 2022
#BHEU "Searching for RPC Functions to Coerce Authentications in Microsoft Protocols" briefing will explore a way to automate this process by parsing Microsoft's OpenSpecs online documentation as well as Interface Definition Language code: bit.ly/3CWOJua
1
8
39
Sylvain Heiniger retweeted
19 Oct 2022
The last part of A New Attack Surface on MS Exchange - #ProxyRelay is out! Have also left some final thoughts on the Closing part. Hope you all enjoy this journey :D
blog.orange.tw/2022/10/proxy…
1
270
596
29 Sep 2022
I did the @corelanconsult Advanced Exploitation class at @brucon the last three days. Thanks @corelanc0d3r for the awesome teaching, my brain now needs a few days to recover!
1
5
Sylvain Heiniger retweeted
28 Jul 2022
Weak passwords are a nightmare for corporate security. In his blog post, Felix Aeppli @_fxai shows how easy hashes can be cracked and what you can do to improve (without blaming the users). #passwords #cracking
blog.compass-security.com/20…
10
9