Adam Chester 

@[email protected]
1.9K Followers
82 Following
58 Posts
Hacker for Hire at @SpecterOps
X@_xpn_
Bloghttps://blog.xpnsec.com
Mastodon (redirect)[email protected]
BSkyhttps://bsky.app/profile/xpnsec.com
Adam Chester Jan 17
back2theRootJan 5

Thanks to everyone who attended my talk at #39C3 - it was great fun 🙂
Here’s a slightly modified video of the demo at the end of the talk.

#whitedate is still down. #whitedeal and #whitechild show a front page but aren’t functional - let’s see how long it stays that way.

Many thanks to DDoSecrets and the antifa for their work and support.

Not all details will follow right now -we gotta keep a bit of the magic alive.
A more detailed report will appear in due time.

Adam Chester Feb 21, 2023
Happy Pancake Day!!
Adam Chester Jan 14, 2023
Quick blog post kicking off a mini series looking at how we can reimplement memory loading on macOS after Dyld started to persist memory to disk. https://blog.xpnsec.com/restoring-dyld-memory-loading/
Restoring Dyld Memory Loading

Up until recently, we've enjoyed in-memory loading of Mach-O bundles courtesy of dyld and its NSCreateObjectFileImageFromMemory/NSLinkModule API methods. And while these methods still exist today, there is a key difference.. memory modules are now persisted to disk. So in this post we'll take a look at just what was changed in dyld, and see what we can do to restore this functionality... hopefully keeping our warez in memory for a little longer.

XPN InfoSec Blog
Adam Chester Dec 17, 2022
Mark  Nov 17, 2022

Bypassing #Kerberoasting detections by using TrustedSec’s new #Orpheus tooling.

This changes the request for the juicy SPN you’re after so that the Kerberos options (0x40810010) and
ticket type (RC4 0x17) are no longer used and therefore detected🔥 

To counter this, create and alert on “Honey SPNs” and hope that the attackers query one of these instead - these accounts should never be queried.

https://www.trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/

Demo
https://youtu.be/SwbSq1dTz7Y

#DFIR #BLUETEAMTIPS #activedirectory

The Art of Bypassing Kerberoast Detections with Orpheus - TrustedSec

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

TrustedSec
Show threadAdam Chester Dec 13, 2022
@halfawake @babyfangs @geffner
Adam Chester Dec 5, 2022
Johnathan NormanDec 5, 2022
Somewhere right now, a security analyst is pasting code from a Fortune 500 company into ChatGPT to see what bug it finds. I had a nightmare that my team was doing this ...
Show threadAdam Chester Dec 4, 2022
@sigstart @singe that’s the bit.. if you look at Twitter, it’s so good that it’s convincing people that they’ve somehow escaped a VM or are curling AWS metadata… the honeypots this thing can construct are gonna be epic 😂😂
Adam Chester Dec 4, 2022
Dominic WhiteDec 4, 2022
This post where they build a VM inside ChatGPT is 🤯 https://www.engraved.blog/building-a-virtual-machine-inside/
Building A Virtual Machine inside ChatGPT

Unless you have been living under a rock, you have heard of this new ChatGPT assistant made by OpenAI. Did you know, that you can run a whole virtual machine inside of ChatGPT?

Engraved
Adam Chester Nov 26, 2022
MoanosMay 8, 2022
Optimist: The glass is ½ full.
Pessimist: The glass is ½ empty.
Excel: The glass is January 2nd.
Show threadAdam Chester Nov 22, 2022
@eviloatmeal insecurity?