Ralf Hacker Channel

Telegram t.me web k

Статистика

Вся статистика

28207

Подписчики

Посты (30 дней)

37.10%

ERR%

0.00

Средний охват (сутки)

Язык

Russian

Описание:

Пул тегов:
https://t.me/RalfHackerChannel/297

Админ: @hackerralf8

Телеграм канал Ralf Hacker Channel @RalfHackerChannel добавлен на наш сайт 13.01.2023
Информация о канале обновлена 19.11.2025.

Посты

Все посты

Fortinet 0day

An auth bypass + path traversal in Fortinet FortiWeb to create new administrative users on exposed devices without requiring authentication.

Blog: https://www.rapid7.com/blog/post/etr-critical-vulnerability-in-fortinet-fortiweb-exploited-in-the-wild/

Dork:
ZoomEye Dork: app="FortiWeb"
HUNTER: product.name="FortiWeb"

Недавно у моего любимого инструмента bloodyAD появился новый модуль msldap.

https://github.com/CravateRouge/bloodyAD/wiki/User-Guide#msldap-commands

Кто юзает, обновляйтесь. А если не слышали о bloodyAD, советую попробовать)

#ad #pentest #redteam

Определенно стоит почитать

https://www.synacktiv.com/en/publications/site-unseen-enumerating-and-attacking-active-directory-sites

Sites did not receive much attention by the Active Directory offensive research community, comparatively to other ACL-based attack vectors. This article aims to demonstrate that not only do attack vectors targeting Active Directory sites exist, but that they can lead to impactful privilege escalation scenarios and to domain(s) compromise.

#ad #pentest #redteam #bloodhound

Conquest

A feature-rich and malleable command & control/post-exploitation framework developed in Nim.

Blog: https://jakobfriedl.github.io/blog/nim-c2-traffic/

Как круто развивается BloodHound... Теперь и сетевые ресурсы можно отображать

Blog: https://specterops.io/blog/2025/10/30/sharehound-an-opengraph-collector-for-network-shares/

Soft: https://github.com/p0dalirius/sharehound

#pentest #ad #bloodhound

Персист на уровне системы через DLL Hijacking в экранном дикторе Windows. Срабатывает при входе и выходе из системы.

https://trustedsec.com/blog/hack-cessibility-when-dll-hijacks-meet-windows-helpers

#pentest #redteam #persist

📄 Catching Credential Guard Off Guard

Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.

🔗 DumpGuard

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

P.S. Previously, crack.sh operated a free service for performing rainbow table lookups to recover NT hashes from NTLMv1 responses, but was recently shut down due to maintenance issues. In its absence, a new free service was published at ntlmv1.com.

18+

Только для взрослых

Реакция

👍

👎

😀

😯

☹️

😡

Теги: