@_xpn_ | |
Blog | https://blog.xpnsec.com |
Mastodon (redirect) | _xpn_@infosec.exchange |
@_xpn_ | |
Blog | https://blog.xpnsec.com |
Mastodon (redirect) | _xpn_@infosec.exchange |
Up until recently, we've enjoyed in-memory loading of Mach-O bundles courtesy of dyld and its NSCreateObjectFileImageFromMemory/NSLinkModule API methods. And while these methods still exist today, there is a key difference.. memory modules are now persisted to disk. So in this post we'll take a look at just what was changed in dyld, and see what we can do to restore this functionality... hopefully keeping our warez in memory for a little longer.
Bypassing #Kerberoasting detections by using TrustedSec’s new #Orpheus tooling.
This changes the request for the juicy SPN you’re after so that the Kerberos options (0x40810010) and
ticket type (RC4 0x17) are no longer used and therefore detected🔥
To counter this, create and alert on “Honey SPNs” and hope that the attackers query one of these instead - these accounts should never be queried.
https://www.trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/
Updated the #ProxyNotRelay blog with the impacket PoC.
Good morning. Hope everyone has a wonderful Thanksgiving week. Need something technical to do while it’s cold outside. Want to learn more on the azure cloud? Want to learn how to hack into it? I got you covered.
https://rootsecdev.medium.com/becoming-an-azure-cloud-ethical-hacker-2022-edition-49de0836e7f1