Interested in IT security, CTFs, penetration testing, adversarial simulation and digital forensics. Once created h1.nobbd.de and wrote poems for @ENOFLAG

Joined July 2013
57 Photos and videos
Pinned Post
Ever wondered what other people submit to @Hacker0x01 ? Check out a list of publicly disclosed bugs here h1.nobbd.de #bugbounty
2
13
41
Denis Werner reposted
We are working it, sharing what we know as of now - gist.github.com/joe-desimone…
@npmjs @GHSecurityLab there is an active supply chain attack on axios@1.14.1 which pulls in a malicious package published today - plain-crypto-js@4.2.1 - someone took over a maintainer account for Axios
7
56
233
113,245
Denis Werner reposted
This isn't a new attack and was covered in SpecterOps research back in 2017 "An ACE Up the Sleeve" and something that we have had in SANS SEC565 for years.
2
4
26
3,139
Denis Werner reposted
My thoughts are yes, red teaming has got significantly harder over the last few years. The knock on effect is: 1) engagements need more time, 2) teams who don't invest heavily in R&D (either in-house or outsourced) will be left behind, 3) there's less things shared publicly as a consequence, 4) lots of teams have tried to compensate by assuming breach, which as a result has led to less innovation in the IA space However, I disagree that IA is anywhere near dead even targeting the top 1%. The vast majority of our engagements have a large IA component and we're still successful in >75% of cases. Yes the points mentioned are a pita - AWL is a great control, but there's equally a plethora of file formats that support scripting; get creative - Yes MOTW restricts some things - but there's a variety of ways around it if you're creative (and I'm not talking about ISOs 🙄)
7
40
220
36,851
Denis Werner reposted
The blog with how to use the rainbow tables for Net-NTLMv1 is finally live! cloud.google.com/blog/topics… My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created. content.burningrivercybercon…
6
87
223
38,015
Denis Werner reposted
Today I have a more serious topic than usual, please consider reposting for reach: My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/3]
3
112
71
37,433
Denis Werner reposted
Thank you so much to @x33fcon and its organizers for an awesome experience! @tifkin_ and I had a blast talking about the new Nemesis 2.0 rewrite (code live at github.com/SpecterOps/Nemesi… !) and hope to be back next year #x33fcon
3
66
218
20,843
Interesting conversation about the inter-realm referral process in active directory trusts
Correction, the NTLM hashes do match. I forgot trusts still use RC$ by default and I was looking at the AES keys.
566
Denis Werner reposted
This blog is the first in a two-part series detailing these findings and providing insights into Secret Blizzard's TTPs. Get mitigation, detection, & hunting guidance along with indicators of compromise to stay informed and to protect your organization: msft.it/6017oE6pl
22
70
7,648
Denis Werner reposted
This hack is brilliant, APT28 hopping into a target environment over wifi by compromising neighbouring companies and finding a dual-homed host within range. volexity.com/blog/2024/11/22… And yet... they got caught doing this!
21
101
622
88,813
Denis Werner reposted
Hey folks! The 2024 SANS Holiday Hack Challenge Act I has begun! Login here: sans.org/holidayhack. Once you get through orientation, you'll get your badge. Then do the first couple challenges (or skip them) & click on your badge for Act I, thusly:
39
101
10,921
Denis Werner reposted
Great read! 😈
Wow. This Pacific Rim report from @SophosXOps is mind-blowing, detailed, and terrifying. Tracking a threat actor, implanting the device they're doing vulnerability research on, and collecting telemetry/IOCs is an insane 4D chess move. Hats off. news.sophos.com/en-us/2024/1…
1
4
1,692
Denis Werner reposted
Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. msft.it/6011W3CGX
7
228
561
238,432
I like me a "Blue screen of peace" on a Friday morning..
1
455
Denis Werner reposted
Today was a big day for the United States government and United Kingdom government. The Federal Bureau of Investigation and U.K. National Crime Agency’s (NCA) Cyber Division unveiled a massive, multi-year long investigation which has led to a catastrophic blow to Lockbit ransomware group and affiliates. The Lockbit ransomware group Tor domain name displays a list of posts announcing activity performed by law enforcement agencies. It is written in Lockbit format, illustrating they have full control over Lockbit ransomware groups infrastructure. Law enforcement has done the following 1. Law enforcement agencies will be unveiling sensitive information on Lockbit cryptocurrency and money operations February 23th, 2024 2. Law enforcement, with SecureWorks, will be revealing information on Lockbit tradecraft February 22nd, 2024 3. Law enforcement will be unveiling Lockbit affiliate infrastructure February 21st, 2024 4. Law enforcement, with TrendMicro, will be releasing a detailed analysis on Lockbit future-iterations February 22nd, 2024 5. Law enforcement will be unveiling information on Lockbit's StealBit data exfiltration tool February 21st, 2024 6. Law enforcement will be unveiling sanctions on Lockbit ransomware group at 15:30UTC today 7. Law enforcement, in conjunction with Japanese partners, has released a Lockbit decryptor tool 8. An individual in Poland has been arrested 9. An individual in Ukraine has been arrested 10. Law enforcement plans on unveiling the identity of the Lockbit ransomware group administration February 23rd, 2024 11. The United States government unveiled the indictement of two individuals associated with Lockbit ransomware group: Artur Sungatov and Ivan Kondratyev 12. The United Kingdom NCA has unveiled sensitive information on the Lockbit backend: the administration panel, the blog backend, and the blog source functionality. This includes the images of the source code.
36
394
2,060
210,139
Inspiring research into race conditions in web applications by @albinowax. Lot's of technical details, explanations and ideas for future research
We've just published 'Smashing the state machine: the true potential of web race conditions' by @albinowax! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class: portswigger.net/research/sma…
4
1,262
Denis Werner reposted
Trojanized installers for #3CX PBX software are the beginning of the SmoothOperator campaign, a multi-stage attack chain delivering infostealer malware at scale. s1.ai/SmoothOperator
1
16
31
8,095
Denis Werner reposted
🔒 #CybersecurityAlert 🚨: @CISAGov just released a new Cybersecurity Advisory from a recent Red Team assessment. We identified risks, weaknesses & gaps in a large critical infrastructure org. Learn actions to reduce risk from malicious actors. cisa.gov/news-events/cyberse…
4
45
70
18,893
Denis Werner reposted
In this guide from @GuhnooPlusLinux, you'll learn how the new #BOFLoader extension allows BOFs to be used from a #Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors. hubs.la/Q01z2t0t0
73
138
32,153
If you want to do "ethical hacking" you should make sure that what you are doing is actually considered "ethical". Exfiltrating large amounts of sensitive files from victim systems while employing anti-vm techniques sure does make it look otherwise.
JUST IN: In a statement, the creator of counterfeit 'torchtriton' has apologized and stressed that their intent wasn't malicious. They claim collecting sensitive data, including keys and secrets—which they call a "wrong decision," was to better identify victims.
4
707
Denis Werner reposted
My last blog in 2022 💎 Adversaries Infrastructure-Ransomware Groups, APTs, and Red Teams 🎯 What you can learn from scanning adversaries' infra? michaelkoczwara.medium.com/a… Happy Hunting and see you next year! 🤘
15
168
572
126,396