Simone Onofri’s Post

"Digging for XSS Gold: Unearthing Browser Quirks with Shazzer" is now live on YouTube! Discover powerful techniques to hunt XSS vulnerabilities with Shazzer. Watch now and start exploring browser quirks like a pro! https://lnkd.in/ees5zqNd

Hook the target's browser using BEEF (Browser Exploitation Framework). Deliver a malicious payload. Scareware is perfect for this job :D Get the meterpreter session. Done with the Initial Access phase. Start lateral movement ... Simple ... #Red_Team #BEEF

The Wreath lab teaches how to pivot through a network by compromising a public facing web machine and tunnelling traffic to access other machines in Wreath's network. The Wreath curriculum provides familiarization with pivoting, navigating the Empire C2 (Command and Control) framework, and Simple Anti-Virus evasion techniques. The lab topics entail Code Analysis (Python and PHP), locating and modifying public exploits, simple webapp enumeration and exploitation, Git Repository Analysis, simple Windows Post-Exploitation techniques, CLI Firewall Administration (CentOS and Windows), Cross-Compilation techniques, Coding wrapper programs, exfiltration techniques, and formatting a penetration test report.

One of the Forela WordPress servers was a target of notorious Threat Actors (TA). The website was running a blog dedicated to the Forela Social Club, where Forela employees can chat and discuss random topics. Unfortunately, it became a target of a threat group. The SOC team believe this was due to the blog running a vulnerable plugin. The IT admin already followed the acquisition playbook and triaged the server for the security team. Ultimately (no pun intended) it is your responsibility to investigate the incident. Step in and confirm the culprits behind the attack and restore this important service within the Forela environment. #hackthebox #DFIR

In this blue team challange i had to discover witch steps an attacker have done in order to exploit a wordpress blog with vulnerable plugin. Reading carefully access.log i was able to understand what plugin was vulnerable and witch CVE attacker exploited to fully compromise the server. In a second step i discover its left behind backdoor, webshell and a classic tool used to privesc the server. #hackthebox #sherlocks #blueteaming

MSSN CTRL 2024 recordings are up! Sixteen great talks including my presentation on browser extensions and their risks. Some of my other favorites were: Luke Jennings - bringing light to some real problems and broad assumptions we make with regards to identity, OAuth, permissions and integrations. Really scary stuff! Lennart Koopmann - if you thought network monitoring was dead think again. Now that everything has a radio signal, your network might even be more exposed than before. Dylan Williams - showing how far AI can go in SecOps. Congrats on your new project! Bruce Potter - exposing all the absurdity in the user experiences that most security tools provide to users. Julian Grizzard - who is building one of the most fascinating malware sandboxes I've ever seen. I have no doubt this is going to be a powerful tool for people. James Pichardo - with his lessons learned on productizing on top of other platforms. Something I'm hoping to do so great to have this talk available for rewatch. David Burkett - great rundown of TLSH hashes and how to create LimaCharlie extensions. Gave me some ideas for new projects. Andrew Katz - I feel like all of my career I've been developing and shipping custom services for folks, glad I'm not alone. Thanks for the rundown on how to best make your own APIs for consumption. https://lnkd.in/gKvRdKZ3

Learn how to conceal payloads in URL credentials and abuse them for DOM XSS and DOM Clobbering. https://lnkd.in/gZ7vYUxh

Chrome is on fire https://lnkd.in/eAhUbprD

🕵️Best Reconnaissance Tools ✅ Amass - Sub Enumeration ✅ Subfinder - Sub Enumeration ✅ MassDNS - DNS Resolution ✅ Subjack - Subdomain Takeover Detection ✅ Masscan - Port Scan ✅ Nmap - Network Scan ✅ SearchSploit - Vuln. Search ✅ Aquatone - Sub Screenshot #bygbounty

Very interesting technique, abusing the embedded trust in HTTP Blob type payloads to exploit CSRF https://lnkd.in/dcYZdpWf