? [ Dirk-jan @_dirkjan ]

At Def Con I presented with @_EthicalChaos_ on new Windows Hello attacks. For ex: how to use the WinHello crypto keys from a low priv session to request a PRT on a different device, bypassing TPM protection of PRTs.

Slides:
? https://dirkjanm.io/talks/

PoC:
? https://github.com/dirkjanm/ROADtools/tree/master/winhello_assertion

? [ tweet ]

? [ klez @KlezVirus ]

[RELEASE] Following the talk at DEF CON, I'm releasing all the POC projects associated with DriverJack. More info in the repos. For any additional info, hit me up ;)

? https://github.com/klezVirus/DriverJack
? https://github.com/klezVirus/RpcProxyInvoke
? https://github.com/klezVirus/koppeling-p

? [ tweet ]

? [ Bad Sector Labs @badsectorlabs ]

Dropped a new tool at DEF CON 32! Loot SCCM Distribution points via HTTP with

We've found credentials, certificates, custom apps, keystores, etc. What will you find?

? https://github.com/badsectorlabs/sccm-http-looter

? [ tweet ]

? [ Cube0x0 @cube0x0 ]

Over a year ago, I left my position at WithSecure to start a new journey, create something new, and do my own thing. Today, I'm excited to publicly announce what I've been working on all this time.

Introducing 0xC2, a cross-platform C2 framework targeting Windows, Linux, and MacOS environments:

? https://0xc2.io

The first release was back in late 2023, initially only offered to a small circle of red teamers and soon, the registration will be open for new clients who provide threat simulation services.

All agents are written as PIC in C to provide better opsec and to allow operators to be more flexible when designing payloads. To make the agents modular and fully customizable, operators can create a user-defined virtual table that can be hooked by the agent. This can be used to change the default behavior of an agent or extend capabilities, from adding internal commands to implementing P2P protocols.

More details will be available soon.

? [ tweet ]

? [ SpecterOps @SpecterOps ]

Do you like BloodHound & PowerShell? Do you want to automate all things BloodHound?

Check out @SadProcessor's new blog post diving into a new PowerShell module he created, &  instructions on how to get started ⤵️

? https://posts.specterops.io/bloodhound-operator-dog-whispering-reloaded-156020b7c5e9
? https://github.com/SadProcessor/BloodHoundOperator

? [ tweet ]

? [ Amal Murali @amalmurali47 ]

Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.

? https://amalmurali.me/posts/git-rce/

? [ tweet ][ quote ]

? [ Thomas Rinsma @thomasrinsma ]

Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.

? https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

? [ tweet ]

? [ Nicolas Krassas @Dinosn ]

PoC for using MS Windows printers for persistence / command and control via Internet Printing

? https://github.com/Diverto/IPPrintC2

? [ tweet ]