Adam Chester 

@xpn@infosec.exchange
1.8K Followers
72 Following
57 Posts
Twitter@_xpn_
Bloghttps://blog.xpnsec.com
Mastodon (redirect)_xpn_@infosec.exchange
Adam Chester Feb 21, 2023
Happy Pancake Day!!
Adam Chester Jan 14, 2023
Quick blog post kicking off a mini series looking at how we can reimplement memory loading on macOS after Dyld started to persist memory to disk. https://blog.xpnsec.com/restoring-dyld-memory-loading/
Restoring Dyld Memory Loading

Up until recently, we've enjoyed in-memory loading of Mach-O bundles courtesy of dyld and its NSCreateObjectFileImageFromMemory/NSLinkModule API methods. And while these methods still exist today, there is a key difference.. memory modules are now persisted to disk. So in this post we'll take a look at just what was changed in dyld, and see what we can do to restore this functionality... hopefully keeping our warez in memory for a little longer.

XPN InfoSec Blog
Adam Chester Dec 17, 2022
Mark  Nov 17, 2022

Bypassing #Kerberoasting detections by using TrustedSec’s new #Orpheus tooling.

This changes the request for the juicy SPN you’re after so that the Kerberos options (0x40810010) and
ticket type (RC4 0x17) are no longer used and therefore detected🔥 

To counter this, create and alert on “Honey SPNs” and hope that the attackers query one of these instead - these accounts should never be queried.

https://www.trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/

Demo
https://youtu.be/SwbSq1dTz7Y

#DFIR #BLUETEAMTIPS #activedirectory

The Art of Bypassing Kerberoast Detections with Orpheus - TrustedSec

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

TrustedSec
Adam Chester Dec 5, 2022
Johnathan NormanDec 5, 2022
Somewhere right now, a security analyst is pasting code from a Fortune 500 company into ChatGPT to see what bug it finds. I had a nightmare that my team was doing this ...
Adam Chester Dec 4, 2022
Dominic WhiteDec 4, 2022
This post where they build a VM inside ChatGPT is 🤯 https://www.engraved.blog/building-a-virtual-machine-inside/
Building A Virtual Machine inside ChatGPT

Unless you have been living under a rock, you have heard of this new ChatGPT assistant made by OpenAI. Did you know, that you can run a whole virtual machine inside of ChatGPT?

Engraved
Adam Chester Nov 26, 2022
MoanosMay 8, 2022
Optimist: The glass is ½ full.
Pessimist: The glass is ½ empty.
Excel: The glass is January 2nd.
Adam Chester Nov 22, 2022
Rich WarrenNov 19, 2022

Updated the #ProxyNotRelay blog with the impacket PoC.

Code: https://github.com/rxwx/impacket

Blog: https://rw.md/2022/11/09/ProxyNotRelay.html

GitHub - rxwx/impacket: Impacket is a collection of Python classes for working with network protocols.

Impacket is a collection of Python classes for working with network protocols. - GitHub - rxwx/impacket: Impacket is a collection of Python classes for working with network protocols.

GitHub
Adam Chester Nov 21, 2022
rootsecdev Nov 21, 2022

Good morning. Hope everyone has a wonderful Thanksgiving week. Need something technical to do while it’s cold outside. Want to learn more on the azure cloud? Want to learn how to hack into it? I got you covered.

https://rootsecdev.medium.com/becoming-an-azure-cloud-ethical-hacker-2022-edition-49de0836e7f1

Becoming an Azure Cloud ethical hacker (2022 edition)

It’s my second week back to my home office from being out at Blackhat in Las Vegas all week and I was approached by a handful of people on how does one break into cloud penetration testing? The short…

Medium
Adam Chester Nov 21, 2022
Very Hairy JerryNov 20, 2022
I just ordered Alice and Bob, which will be the test hosts. Once built, they will become alice.infosec.exchange and bob.infosec.exchange, and will only federate with each other for the purposes of security testing a similar instance configuration to that use by infosec.exchange.
Adam Chester Nov 19, 2022
RIP @fakeXPN@xpn-mastodon.ngrok.io.. you served me well 🫡