osy

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

antonioCoco

/*
	TaskManagerSecret

	Author: @splinter_code

	This is a very ugly POC for a very unreliable UAC bypass through some UI hacks.
	The core of this hack is stealing and using a token containing the UIAccess flag set.
	A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html
	From there it uses a task manager "feature" to run a new High IL cmd.exe.
	This has been developed only for fun and shouldn't be used due to its high unreliability.

mgraeber-rc

# Author: Matt Graeber
# Company: Red Canary

# To start a trace, run the following from an elevated command prompt: logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl -ets
# To stop the trace, run the following: logman stop AMSITrace -ets

# Example usage: Get-AMSIEvent -Path .\AMSITrace.etl

function Get-AMSIEvent {
    param (

hasherezade

PE Injection/Impersonation:

• Process Hollowing (a.k.a. RunPE)
• Process Doppelgänging
• Transacted Hollowing
• Process Ghosting
• Module Overloading & DLL Hollowing
• Chimera PE (variant of a manual PE loader)
• Process Overwriting

sixdub

meta:
  id: beaconconfig
  title: Cobalt Strike Beacon Config
  endian: be
  
doc: |
  Cobalt Strike Beacon is a popular offensive security tool. Beacon itself
  is a DLL that gets injected into memory and can be staged from C2 servers.
  The Beacon DLL (in unencoded form) contains a configuration section that gets
  patched by the C2 server. This section is a fixed predictable structure

IanColdwater

Mute these words in your settings here: https://twitter.com/settings/muted_keywords

ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet

kmcquade

• chime:CreateApiKey
• codepipeline:PollForJobs
• cognito-identity:GetOpenIdToken
• cognito-identity:GetOpenIdTokenForDeveloperIdentity
• cognito-identity:GetCredentialsForIdentity
• connect:GetFederationToken
• connect:GetFederationTokens
• ecr:GetAuthorizationToken
• [gamelift:RequestUploadCredentials](ht

Philts

<#
    Lateral movement and shellcode injection via Excel 4.0 macros
    Author: Philip Tsukerman (@PhilipTsukerman)
    License: BSD 3-Clause
    Based on Invoke-Excel4DCOM by Stan Hegt (@StanHacked) / Outflank - https://github.com/outflanknl/Excel4-DCOM
#>
 
function Invoke-ExShellcode
{
<#

Philts

#********************************************************************** 
# Invoke-Excel4DCOM64.ps1 
# Inject shellcode into excel.exe via ExecuteExcel4Macro through DCOM, Now with x64 support
# Author: Stan Hegt (@StanHacked) / Outflank, x64 support by  Philip Tsukerman (@PhilipTsukerman) / Cybereason
# Date: 2019/04/21
# Version: 1.1
#********************************************************************** 
 
function Invoke-Excel4DCOM
{

manigandham

React

• Ant Design - https://ant.design/
• Atlaskit by Atlassian - https://atlaskit.atlassian.com/
• Base Web by Uber - https://baseweb.design/
• Blueprint by Palantir - https://blueprintjs.com/
• Carbon by IBM - https://www.carbondesignsystem.com/
• Elastic UI by Elastic - https://elastic.github.io/eui/
• Evergreen by Segment - https://evergreen.segment.com/