moloch

@[email protected]
490 Followers
175 Following
90 Posts
Former Red Team @BishopFox
Githubhttps://github.com/moloch--
molochFeb 23

New Sliver release!

> Improvements to shell you can now manage multiple shells and swap between them!
> Windows PE metadata spoofing
> Improvements to MacOS shellcode loader
> Bug fixes

https://github.com/BishopFox/sliver/releases/tag/v1.7.2

Release v1.7.2 · BishopFox/sliver

Change Log Improvements to shell you can now manage multiple shells and swap between them Use ctrl+] to background an interactive shell Use shells ls to list shells Use shells attach to re-attac...

GitHub
molochDec 31
https://github.com/BishopFox/sliver/releases/tag/v1.6.0
Release v1.6.0 · BishopFox/sliver

What's Changed Verbose error when msfvenom fails in generate starger by @rkervella in #1239 Bump gorm.io/gorm from 1.25.0 to 1.25.1 by @dependabot[bot] in #1234 Check for nil session when using se...

GitHub
molochOct 27, 2024
HD MooreOct 27, 2024

Matthew Bryant's (@mandatory) @defcon 32 talk is amazing: Secret Life of Rogue Device: Lost IT Assets on the Public Marketplace: https://www.youtube.com/watch?v=QgeEHdAmJDg

Way more entertaining than anything currently on Netflix.

(thank you @jduck for the link!)

DEF CON 32 - Secret Life of Rogue Device: Lost IT Assets on the Public Marketplace - Matthew Bryant

YouTube
molochSep 19, 2024
We're hiring!
https://bishopfox.com/jobs?gh_jid=6259893
Job Listing

Current job listings at Bishop Fox, the leading cyber security company. Come work with us!

Bishop Fox
molochSep 3, 2024
ale98Sep 3, 2024

As a learning exercise I've decided to create an implant for sliver in C++.

After that, I decided to create a modified version of sliver server in order to support P2P beacons.

Finally, I decided to craft automation scripts that should help deploying both the modified version of sliver and the external builder in charge of building the C++ implant.

Everything for me was mostly a learning exercise, therefore you may find bugs and poorly written code.

Here the repositories:
- https://github.com/MrAle98/Sliver-CPPImplant2 (repository containing code of C++ implant)
- https://github.com/MrAle98/sliver-deployment (repository containing automation scripts for deployment)
- https://github.com/MrAle98/Sliver (fork refactor/teamserver-interaction. Containing code of modified sliver server)
- https://github.com/MrAle98/Sliver (fork cppimplant. Containing code of the external builder that builds the C++ implant)

Start with https://github.com/MrAle98/sliver-deployment for deploying and playing with the C2.

Of course credits goes to @moloch, @rkervell, @BishopFox and all the contributors to sliver!

GitHub - MrAle98/Sliver-CPPImplant2: Sliver agent rewritten in C++ (partially)

Sliver agent rewritten in C++ (partially). Contribute to MrAle98/Sliver-CPPImplant2 development by creating an account on GitHub.

GitHub
molochAug 12, 2024
mandatory (@IAmMandatory)Aug 10, 2024
Cool article about the talk I did at DEFCON today :) https://www.wired.com/story/apple-prototypes-corporate-data/
Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look

On the hunt for corporate devices being sold secondhand, a researcher found a trove of Apple corporate data, a Mac Mini from the Foxconn assembly line, an iPhone 14 prototype, and more.

WIRED
molochApr 30, 2024
Had a great time on Red Team Radio:
https://www.youtube.com/watch?v=1fxRq30rGOg
Sliver C2 Founder Talks High End Consulting #9

YouTube
molochApr 18, 2024
Filippo ValsordaApr 17, 2024

A PSA since there's some confusion on this...

There is no vulnerability in Gorilla Sessions.

The vulnerability is in Palo Alto's internal SessDiskStore, which looks similar to FilesystemStore. Early analysis came to the mistaken conclusion that the vulnerable path was in FilesystemStore, but it's not. FilesystemStore authenticates the Session.ID with securecookie, SessDiskStore does not.

molochMar 22, 2024
https://bishopfox.com/blog/the-isoon-disclosure-exploring-the-integrated-operations-platform
The iSOON Disclosure: Exploring the Integrated Operations Platform

Bishop Fox examines the iSoon data disclosure from an offensive security perspective and an analysis of the platform's capabilities, design, features.

Bishop Fox
molochDec 28, 2023
Filippo ValsordaDec 28, 2023

PSA for iOS and macOS users: there are two recent opt-in security features you can turn on easily for a significant upgrade in security.

Advanced Data Protection — end-to-end encryption for iCloud data (incl. backups!)

Contact Key Verification — key transparency and verification codes for iMessage