“Dad, I need hacker stickers on my laptop.” says 5yr old daughter.. she went through my stash and selected what she wanted lol
Mike Felch (Stay Ready)
9,279 posts
Mike Felch (Stay Ready)
@ustayready
Offensive @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | Fighter for truth | K1HAQ
USA
Joined July 2013
- Twitter has a "like" bug that lets you artificially inflate by repeatedly clicking the like button. Wrote quick POC, just copy the xpath from the heart of a tweet and paste in chrome console: for (var i = 0; i < 100; i++) { var hax = document.evaluate(COPIED_XPATH, document,
Wow this is popular. - Full disk encryption bypass and root shell on TPM-protected Ubuntu 20.04…by pressing enter multiple times really fast.Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd pulsesecurity.co.nz/advisories/tpm…pulsesecurity.co.nzMashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemdThis vulnerability allows a physically-present attacker to control the full disk encryption unlock process and gain complete access to decrypted content in some cases where a TPM, dracut and Clevis...
- Want to create great phishing links using an open-redirect on google.com? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! gist.github.com/ustayready/3ba… Follow the 🧵for how it works..
- Dropping a new initial access technique via RDP that I dubbed "Rogue RDP". Use malicious .RDP files to bypass email/servers/security gateways and then run code to binary plant/exfil from your own RDP server, blinding EDR. Bonus: Target runs HyperV? RCE!
- A quick method to bypass an EDR. Even aggressive EDR's can be bypassed. Allocate your shellcode, overwrite a WNF subscription callback in a userland process, and trigger the WNF state change.. Old but relevant example github.com/ustayready/wnf… follow for more fun soon to come!
- I got caught hacking the Buzz Lightyear ride at Disney by the in-game cameras. I was tired of my wife beating me every time so I took a picture of the high value target and repeatedly shot the picture on my phone. I had the idea too late to win but it’s game on next time! 🤓
- FireProx has been released! If you're tired of using limited proxy servers or expensive EC2/VPS instances for rotating IP addresses then check out FireProx. It spins up a pass-through API Gateway proxy on AWS which will rotate your IP with every request!
- Black Hat USA 2022 videos are released!
- New process injection technique dropped from BlackHat EU! Freaking cool. Dirty Vanity abuses the Windows forking (process reflection and snapshotting) to evade EDR using. Slides: i.blackhat.com/EU-22/Thursday… POC: github.com/deepinstinct/D… Shout-out to @eliran_nissan!
- Healthy reminder: there are troves of amazing infosec people that you have never heard of because they don’t speak at conferences or have a platform on Twitter... like troves..
- CrowdStrike has some of the most sophisticated technology and smartest engineers I've ever known. I've seen the inside of the sensor and read through lots of eng docs when I worked there, it's just a simple mistake with huge ramifications.
- Freaking cool open source real-time HTTP intrusion detection (logging, monitoring, and alerting) in the console
