I break computers and skateboards | Red Team | Operator @SpecterOps

Joined March 2012
Built some automation to help with dumping cookies using Chromium's remote debugger. This technique works against Chromium browsers (Google Chrome, Microsoft Edge, etc.) on any OS! I dig into how the technique works and present my implementation posts.specterops.io/hands-in…
6
78
186
Show this thread
Justin Bui retweeted
backdooring MSBuild runs without new processes and ReadProcessMemory? ... sure thing ;-) same thing works for Visual Studio (same location, same DLL) and a lot of other .NET assemblies ... a12d404.net/ranting/2021/01/…
0
87
192
Justin Bui retweeted
Published another old(er) blog post: A Windows Authorization Guide csandker.io/2018/06/14/AWind… This one covers the Windows Authorization process In and Out, from Basic Access checks to Primary & Impersonation Tokens... Including this tricky PtH question (see screenshot below):
1
7
11
Dumping lsass completely in memory without touching disk. Need an exfil BOF added to BOF.NET now to get that 55MB dump straight into #CobaltStrike.
7
92
322
Justin Bui retweeted
If you love it ☐ Set it free ☐ Put a ring on it ☐ Submit a pull request
1
2
7
Justin Bui retweeted
Starting a series about Offensive Windows IPC Internals at csandker.io/. Starting off with Named Pipes: csandker.io/2021/01/10/Offen… Also added an RSS feed and finally took the time to add my growing History of Windows timeline ❤️ (csandker.io/win-history/)
9
115
237
Show this thread