Automated CrowdStrike BSOD Workaround in Safe Mode using Group Policy

You can set up a GPO to run a script during Safe Mode. Here’s how you can do this:

https://gist.github.com/whichbuffer/7830c73711589dcf9e7a5217797ca617

Gist

Automated CrowdStrike BSOD Workaround in Safe Mode using Group Policy

Automated CrowdStrike BSOD Workaround in Safe Mode using Group Policy - CRWD-GPO.md

[ Cobalt Strike 4.10: Through the BeaconGate ]

https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate

Cobalt Strike 4.10 is now available. This release introduces BeaconGate, the Postex Kit, and Sleepmask-VS. In addition, we have overhauled the Sleepmask API, refreshed the Jobs UI, added new BOF APIs, added support for hot swapping C2 hosts, and more.

P.S. Should be updated in CRTO labs soon, the best way to play with it would be to buy a subscription.

[ Mythic Developer Workflow ]

Stream by Flangvik
https://www.youtube.com/watch?v=LQ9-C_m2h6g

Mythic C2 was also updated this week, check documentation for more details:
https://docs.mythic-c2.net/updating/mythic-3.2-greater-than-3.3-updates

YouTube

Mythic Development Workflow with @its_a_feature_

Catch me live on Twitch every Sunday at 17:00 UTC: https://www.twitch.tv/flangvik/​​ Get 5% off MacroPack Pro and ShellcodePack using code FLANG24. Visit https://www.balliskit.com/ for your evasion needs! Demo videos can be found at https://vimeo.com/balliskit…

[ NetExec v1.2.0 - ItsAlwaysDNS ]

https://www.netexec.wiki/news/v1.2.0-itsalwaysdns

New features:
— NetExec is available on Kali
— It's Always DNS (--dns-server added)
— New Credential Looting
— More options to use LDAP protocol
— Rework of the Powershell command execution

If you want to read about all changes in detail or download the latest standalone binaries check out the GitHub page:

https://github.com/Pennyw0rth/NetExec/releases/tag/v1.2.0

EXIM ( CVE-2024-39929 )

https://censys.com/cve-2024-39929/

Про возможность загрузки файлов для дальнейшего фишинга наверное уже все слышали. Гитлаб - такая же проблема

Один из скромных участников "бублика", оказывается, имеет свой TG канал аж с 2021 года при этом там всего 15 подписчиков.
Зайдите, почитайте, вдруг вам понравится, а он, увидев "наплыв", начнет писать больше и интереснее.

https://t.me/beaverdreamer

#windows #lpe
[ KExecDD ]
Admin to Kernel code execution using the KSecDD driver
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled.

https://github.com/floesen/KExecDD

#evilnginx #phishing

Fixed a pretty serious flaw in Evilginx, which allowed scanners to detect phishing pages, bypassing the unauthorized requests protection and blacklist rules.

https://github.com/kgretzky/evilginx2/commit/d8f7d44e1450e8673a4a78e77c8041de12a02229

GitHub

fixed: unauthorized requests now properly handled for `proxy_hosts` w… · kgretzky/evilginx2@d8f7d44

…ithout `session` set to `true`, preventing proxy detection by scanners