已置顶
In case you missed it:
Add a colon to your password, ":", because all the stealer logs have colons, so it'll end up splitting your password incorrectly.
Vincent Yiu
36.7K posts
Vincent Yiu
@vysecurity
Director, Red Team / Offensive Security. Help organizations safeguard their businesses from the bad guys.
Hong Kong
Joined December 2014
- Took all those "Red Team Tips" and stuck it onto one page: vincentyiu.co.uk/red-team-tips/ I'll update this page occasionally #redteam #adversarysimulation #cyber Also, I want to add that there's some duplicate numbering :( Ah well...
- Sent a PR to EDRs hook repository to visualize and quickly reference which APIs are hooked. github.com/Mr-Un1k0d3r/ED…
- The fuck, what kind of vulnerability is CVE-2023–24044? You can modify the host header so that it redirects to the attacker's domain instead. What is this bullshit? How did it even get a CVE?
- What do people do with 64 GB RAM on a laptop?
- Exploit CVE-2017-8759 without Macros or any interaction. Simply click on the infected file and boom code execution. github.com/vysec/CVE-2017…
- Common persistence mechanisms for Linux /etc/rc.local /etc/init.d/ /etc/profile /etc/crontab /etc/cron.d/ /etc/cron.hourly/ /etc/cron.daily/ /etc/cron.weekly/ /etc/cron.monthly/ /etc/cron.yearly/ Startup Applications Systemd Services .bashrc .bash_profile .bash_logout
- What on Earth do people do with 96GB RAM? Open like 32 instances of BloodHound neo4j databases?
- Red Tip #434: SSH Agent Forwarding can be exploited to advance your presence on a network without SSH keys or passwords. @int0x08 has an example command snippet available at gist.github.com/int0x80/9e7b09…. Great for when you have a shell but no credentials. #redteam #cyber #sshagent
- When you need a calculator do you just type Python3?
- Turns out many Red Teamers and Penetration Testers were exploiting this as a zero day for the past decade 😂
- Red Team 2.0 appears to become: 1) Give a machine on the internal network because phish fail. 2) Disable EDR because can't seem to bypass the EDR. 3) Can't figure out how to pivot network segment. 4) ... Dude, why not just ask to be put on the core banking system?
