assume_breach
@assume_breach
Followers
3,694
Following
138
Media
121
Statuses
562
Why yall have so many calculators in your screenshots? | QAnon Red Team | Labeled Misinformation Propagandist
Dahlonega, GA
Joined August 2020
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#TGS2024
• 192887 Tweets
Miami
• 102699 Tweets
Knicks
• 86300 Tweets
Towns
• 74987 Tweets
Minnesota
• 71529 Tweets
Randle
• 66334 Tweets
León
• 66257 Tweets
mingyu
• 53514 Tweets
भगत सिंह
• 50906 Tweets
Donte
• 41552 Tweets
Wolves
• 39800 Tweets
Paola
• 31972 Tweets
The ACC
• 30055 Tweets
DiVincenzo
• 29603 Tweets
#DAY6INBKK2024
• 28937 Tweets
日本破壊クソメガネ
• 22114 Tweets
Virginia Tech
• 20101 Tweets
Cam Ward
• 19536 Tweets
#キントレ
• 17221 Tweets
Canes
• 15528 Tweets
महान क्रांतिकारी
• 14382 Tweets
Rutgers
• 13347 Tweets
ババコンガ
• 11639 Tweets
#bhagatsinghjayanti
• 10825 Tweets
#AFLGF
• 10023 Tweets
I wrote this to try to bring some reality to people trying to break into cyber. People will disagree with some (all) of it but hopefully somebody benefits from what I saw when I worked as a pentester.
54
194
795
I just published Home Grown Red Team: SMB Pivots With Havoc C2
An updated article for lateral movement with Havoc.
5
126
402
Quick post on keeping admin level persistence without dropping EXEs to disk.
I just published Home Grown Red Team: Bypassing Applocker, UAC and Getting Administrative Persistence
6
127
335
Malware dev for dummies like me.
I just published Home Grown Red Team: Let’s Make Some Malware In C: Part 1
11
96
331
I just published Home Grown Red Team: LNK Phishing Revisited In 2023
3
110
319
Quick POC of bypassing default Applocker rules with LNK files.
I just published Home Grown Red Team: Using LNK Files To Bypass Applocker
3
114
257
I just published Home-Grown Red Team: Taking On A Hardened Windows System
8
66
241
Part 3 of malware dev for dummies like me! Let's make some DLLs.
I just published Home Grown Red Team: Let’s Make Some Malware In C: Part 3
0
68
231
Custom UACME binary>Lateral Movement with CrackMapExec and SharpWMI > Session Pass to Covenant > DCsync
I just published Home Grown Red Team: From Workstation To Domain Controller With Havoc C2 and Microsoft EDR
8
61
234
I asked OpenAI to replace the function names in
@cocomelonckz
Fodhelper UAC bypass with fantasy words and it bypassed ESET.
6
32
206
Here's an easy example of the OneNote malware craze.
I just published Home Grown Read Team: Let’s Make Some OneNote Phishing Attachments
1
52
204
Using
@D1rkMtr
's ExecRemoteAssembly you can bypass UAC on Windows 11 using DLL hijacking without alerting Defender for Endpoint. Upload ERA to the target, host your bypass and execute from your C2. Pretty cool!
4
54
203
Powershell scriptblock scheduled tasks for SMB pivots still don't trigger any alerts in Defender For Endpoint (trial)
1
28
204
Harriet's DLL module + Havoc shellcode silently bypasses Avast with process injection.
4
43
199
I just published Home Grown Red Team: LNK Phishing In 2023 Revisited…Again
6
73
186
Got execution against Elastic with DLLs, still working on EXEs. Notice I didn't say "bypass." I know how fragile some people can be.
7
18
172
This looks pretty cool.
2
47
152
Part 2 of malware for dummies like me. Scripting out obfuscation of an implant.
I just published Home Grown Red Team: Let’s Make Some Malware In C: Part 2
0
40
147
With this season of Hell's Kitchen being over, I thought I would do a follow up to my post based on some of the feedback I got. I won't do another one. Next Level Chef starts this week.
7
30
145
I just published Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
3
51
142
Here's a short write-up on using PS credentials for scheduled task privilege escalation.
Home-Grown Red Team: Local Admin Phishing For Privilege and Persistence
0
33
139
A few people have reached out asking about how you can host encrypted shellcode files for staging. Here ya go.
I just published Home Grown Red Team: Hosting Encrypted Stager Shellcode
3
43
131
Out of box Havoc C2 payload + customized UACme binary + SharpEfsPotato = NT/Authority on fully patched Windows 11 machine running Microsoft's Defender for Endpoint EDR. Awesome job
@C5pider
2
29
127
Getting a beacon from the DC using a raw Havoc shellcode file from a network shared folder. Tool is in my repo.
2
24
127
Here's some super 1337 code for all the red teamers to use on their next engagement. You're welcome.
5
7
120
Using this compile command "x86_64-w64-mingw32-g++ -shared -o proc.dll template.cpp -lcomctl32 -Wl,--subsystem,windows -fpermissive -Wno-narrowing" I added -O2 and went from 4 to 2 detections on . Simple tip for AV evasion.
3
33
120
My payload framework, Harriet, now has a FUD DLL module. Enjoy!
2
34
116
Don't you hate it when a cool new tool drops and it's written in C? If only I could convert it to shellcode with Donut and use a C# runner to run it with inline-execute assembly! Would be cool to pull the raw shellcode from a URL too...
4
20
116
Got Havoc running on a Samsung Tab S6 rooted with Nethunter. Pretty cool.
2
7
85
Anybody ever phished a local admin with $credential = Get-Credential and passed it to a scheduled task for privilege escalation before? I can't tell if this is dumb or not.
2
8
90
Switching RtlMoveMemory to RtlCopyMemory = Defender bypass...
3
18
89
Here is a short bash script to install all dependencies needed for GOAD on a brand new Ubuntu install. It will automatically start the GOAD provisioning process after the dependencies are installed.
1
16
82
This is a great article on direct syscalls. Really helpful.
1
30
79
Took the plunge and got the long term access to
@MalDevAcademy
I have learned a lot. I even created a new tool for automating staged implants. I'm not releasing it as the code will get burned immediately. Great course! Highly recommended.
2
11
77
After some testing I was able to fully compromise my home lab with Microsoft Defender for Endpoint on a rooted Samsung Tab s6 running Nethunter. I ran the team server in the cloud to compile Havoc shellcode Nethunter was able to handle the rest.
4
12
74
A raw msf shellcode file got flagged by Defender so I added aes encryption to the payload file located on the Shared folder and got a meterpreter shell back. DFE doesn't seem to care either.
5
14
74
Got DLLs working over TCP between conference calls at my real job. And yeah, Defender is on you dickheads.
0
2
70
C2s on C2s on C2s. Havoc payload > Powershelll lateral movement > Session pass to Covenant > DCSync krbtgt for domain persistence. Microsoft Defender for Endpoint? Takin' a snooze
2
19
59
The pivot was created using a new Harriet module (pushing to the repo soon!) based on
@VirtualAllocEx
Direct Syscalls project
0
15
62
Quick tutorial on adding icons to your Linux compiled malware. Mainly published so I don't forget how to do it.
I just published Home Grown Red Team: Adding Icons To Windows Based Executables Compiled In Linux
1
13
58
Made a tool based on my staged shellcode from SMB blog post. Automates the process of creating standalone AES encrypted shellcode files and a dropper to pull it over SMB.
1
20
58
SMB and TCP staged DLLs are now in the StageFright repo. You can customize the entry point function name, which could be useful for sideloading.
0
18
58
I guess my post struck a nerve. My discord has turned into a Linux admin recruitment center.
7
0
54
With some feedback from infosec Twitter I used this command for compiling "x86_64-w64-mingw32-g++ -o inj3c.exe template.cpp -fpermissive -Wno-narrowing -O2" and got 1/26 on . I added all the optimization options -O2 -O3 -Os and reached 0/26. Pretty cool!
0
9
55
All Harriet modules have been updated to get past Defender. Perfect for CTFs or lab evasion. Compile on Kali or upgrade your Mingw version past 11. Enjoy!
3
10
49
Big overhaul to the AutoC2 script. Integrated MassGrave's Windows Activation scripts for activated windows boxes.
0
16
45
One instance of my loader wasn't caught by ESET Endpoint but was caught by Defender. I forgot I had an instance of VirtualAllocEx in the loader. I made a pointer and now it's not detected by either. Just a simple example of AV blindspots. Paid isn't ALWAYS better.
1
2
40
Here is a repo that I'm adding to all the time. Some helpful scripts and code snippets that I use on a regular basis. Just added a token duplicator in C#.
0
4
38
OMG girlfriend.I wake up this morning and put on my black hoodie ready to hack EvilCorp and over night they have sigged my C# stager AGAIN. First they detect my base64 encoded strings, now they have found out about Curl. No way Microsoft knows about Thread.Sleep(10000000) right??
0
4
38
@techspence
I like to run responder and then call the DA and tell them I can't get a share to work (the share doesn't exist lol). End exercise.
2
1
38
As we all celebrate the resurrection of the C# stager that once called Process.Start(rundll32.exe,DllMain) without obfuscation and executed a dll from a plaintext URL, and now is the same code but base64'd, let's also remember that last year ESET allowed its sister written in C.
0
4
36
I'm learning alot tonight. Apparently Defender has to be configured to catch userland WinAPis and RWX memory allocations and it's not EDRs job to block process injection on initial access vectors. Why have I been using syscalls when I can just VirtualAlloc my way to DA?
1
1
35
Part III of the shitty C# stager. It has once again risen from the bowels of Defender. 1337 tip, switch out WebClient for Curl. Keep it under your hat!
1
8
35
I think the most shocking thing we are seeing as the details emerge is that none of these toothbrushes had their OSCP.
0
0
33
I know I'm probably pretty late to the party, but if you haven't used GOAD as a lab env, it's super easy to deploy and a lot of fun!
1
8
34
If you're following the saga of the shitty C# stager that called Process.Start("rundll32.exe,Go) in plaintext, you now know that Microsoft flagged it. They are very smart, but apparently they haven't heard of base64. The stager lives on!
2
5
31
Well, it happened. After I published my medium article about LNK files, Microsoft has flagged the shittiest stager in infosec. Time of death on a C# binary that can call Process.Start(rundll32.exe,DllMain) without obfuscation and get past DFE - 10/7/2023 approx 8:30 am
3
4
31
Happy Holidays! Harriet got a little facelift today. All modules have been updated for evasion. Tested against Windows 11. Self-signed certs and an embedded Windows icon! More changes to come.
0
5
28
@bryanbrake
I spend more time looking at drip irrigation configuations for my garden than bloodhound attack paths now. It's an easier life.
0
2
25
All right. Yall know the deal. Good bye infosec Twitter! See you on Thursday for the Hells Kitchen finale!
2
0
26
I think I read about this somewhere, can't remember tho
3
0
26
Simple change my dropper and it gets through. Probably the most utilized user-land style dropper. VirtualAlloc > RTLCopyMemory > VirtualProtect > CreateThread > WaitForSingleObject
0
7
24
Since some EDRs be sippin on Hater-Aid I'm switching to self signed certs instead of cert cloning with SigThief in my tools (invalid cert alerts). Too bad because SigThief was so easy to implement.
2
1
23
SigThief seems to be enough to get past downloading unsigned DLLs against Avast free edition. In this screenshot proc.dll wasn't signed while procnul.dll was. This also seems to be the case with EXEs.
0
6
23
Smartscreen seems to be getting better at finding malware. I brought my implant's entropy down by a few points and I'm able to get it through. The fix was really stupid tho. Who knew iostream.h was so bulky?
1
1
20
Turn a $40 Nexus 5 into a practical mobile hacking suite!
I just published Home Grown Red Team: Installing NetHunter On A Nexus 5 (Like It’s 2013).
0
10
21
Infosec Twitter beefs are hilarious.
"We'll see if you say that to my face at B-Sides Toledo!"
"Whatever asshole, only skids go to that con. Come see me as Blackhat Pittsburgh and some real shit will go down!"
"My company won't pay for that"
"That's what I thought, turd."
3
1
20
Looks who's back. Got some real malware dev tips for you. If you're shitty C# stager was sigged , declare your variables in a different order in your source code. Try again Defender For Endpoint (trial edition).
0
0
19
Staged http payloads being added to StageFright today if I can avoid conference calls...
0
0
18
This morning I've been trying some of my other loader projects with the updated MingW on Kali instead of my outdated version on Linux Mint. Some got through, others didn't (outdated and signatured). Time to resurrect some Harriet modules, particularly process injection!
0
0
17
Just a quick post on building an offensive clipboard from spare gadgets laying around my lab.
0
0
16
Pulling raw unobfuscated Havoc shellcode with Defender and Avast turned on.
0
5
16
@EricaZelic
@MalDevAcademy
lifetime pass is cheaper and offers almost everything on the syllabus. Even regular defender catches most CreateRemoteThread process injection at this point.
2
1
14
Okay...who's the tattletale???? I wake up this morning and yet again my C# stager has been flagged by Microsoft. Base64 was my secret weapon.
2
1
15
@Flangvik
Havoc is the shizz. Translate the Havoc shellcode to PS format and you run it unobstructed against MDE. No need obfuscate in my experience.
0
0
14
I have made my payload tool "Harriet" public on my GitHub. You can get it here. As of right now, it's FUD. Planning a medium post on how I created it.
1
4
13
@curi0usJack
"ACTUALLY, what you wrote is wrong and you would know this if you bought my $1500 pentesting zero to hero course on Udemy"
0
0
14
At 3k followers I will stop all infosec tweets and this will transition into a Hells Kitchen fan account. Who is going to fuck up the resoto this week? Stay tuned.
0
0
11
MDE doesn't like my dll...Let's add signing to get rid of this alert.
0
1
12
New Havoc commit over the weekend is fire.
0
1
13
@Djax_Alpha
I make more money as a Linux admin. No stress, no reports and I have time to research/test whatever I want.
0
0
12
I love the
@RedTeamTactics
account so much. They're always tweeting like the lonely innkeeper who can't get a date to the town Christmas festival in a Hallmark movie.
1
0
11
Not a great week. First my stager gets flagged and now a can of gap sealer rolls off the loft in my office and takes out a monitor. What's next?
1
1
9