Adam Chester 

@xpn@infosec.exchange
1.8K Followers
72 Following
57 Posts
Twitter@_xpn_
Bloghttps://blog.xpnsec.com
Mastodon (redirect)_xpn_@infosec.exchange
Happy Pancake Day!!
Quick blog post kicking off a mini series looking at how we can reimplement memory loading on macOS after Dyld started to persist memory to disk. https://blog.xpnsec.com/restoring-dyld-memory-loading/
Restoring Dyld Memory Loading

Up until recently, we've enjoyed in-memory loading of Mach-O bundles courtesy of dyld and its NSCreateObjectFileImageFromMemory/NSLinkModule API methods. And while these methods still exist today, there is a key difference.. memory modules are now persisted to disk. So in this post we'll take a look at just what was changed in dyld, and see what we can do to restore this functionality... hopefully keeping our warez in memory for a little longer.

XPN InfoSec Blog

Bypassing #Kerberoasting detections by using TrustedSec’s new #Orpheus tooling.

This changes the request for the juicy SPN you’re after so that the Kerberos options (0x40810010) and
ticket type (RC4 0x17) are no longer used and therefore detected🔥 

To counter this, create and alert on “Honey SPNs” and hope that the attackers query one of these instead - these accounts should never be queried.

https://www.trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/

Demo
https://youtu.be/SwbSq1dTz7Y

#DFIR #BLUETEAMTIPS #activedirectory

The Art of Bypassing Kerberoast Detections with Orpheus - TrustedSec

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

TrustedSec
Somewhere right now, a security analyst is pasting code from a Fortune 500 company into ChatGPT to see what bug it finds. I had a nightmare that my team was doing this ...
This post where they build a VM inside ChatGPT is 🤯 https://www.engraved.blog/building-a-virtual-machine-inside/
Building A Virtual Machine inside ChatGPT

Unless you have been living under a rock, you have heard of this new ChatGPT assistant made by OpenAI. Did you know, that you can run a whole virtual machine inside of ChatGPT?

Engraved
Optimist: The glass is ½ full.
Pessimist: The glass is ½ empty.
Excel: The glass is January 2nd.
GitHub - rxwx/impacket: Impacket is a collection of Python classes for working with network protocols.

Impacket is a collection of Python classes for working with network protocols. - GitHub - rxwx/impacket: Impacket is a collection of Python classes for working with network protocols.

GitHub

Good morning. Hope everyone has a wonderful Thanksgiving week. Need something technical to do while it’s cold outside. Want to learn more on the azure cloud? Want to learn how to hack into it? I got you covered.

https://rootsecdev.medium.com/becoming-an-azure-cloud-ethical-hacker-2022-edition-49de0836e7f1

Becoming an Azure Cloud ethical hacker (2022 edition)

It’s my second week back to my home office from being out at Blackhat in Las Vegas all week and I was approached by a handful of people on how does one break into cloud penetration testing? The short…

Medium
I just ordered Alice and Bob, which will be the test hosts. Once built, they will become alice.infosec.exchange and bob.infosec.exchange, and will only federate with each other for the purposes of security testing a similar instance configuration to that use by infosec.exchange.
RIP @fakeXPN@xpn-mastodon.ngrok.io.. you served me well 🫡