Discover and read the best of Twitter Threads about #Masky

Most recents (2)

🧵 (1/3) Some notes on fileless #Masky execution here.

Firstly, I shall grab the compiled Masky agent, convert it to a PowerShell script and prepare the cradle ⤵️

github.com/penetrarnya-tm…
🧵 (2/3) Now, when operating from Linux, I shall use @MrUn1k0d3r’s SCShell to invoke the cradle from SYSTEM context ⤵️

github.com/Mr-Un1k0d3r/SC…
🧵 (3/3) On the other hand, when operating from Windows, I shall use @magnusstubman’s TokenDuplicator (also converted to PS) to invoke the cradle and get my certificates ⤵️

github.com/magnusstubman/…
Read 3 tweets
🧶 (1/) Reproducing Masky Thread

So it’s a relaxing Friday evening to play with the new awesome #Masky tool by @_ZakSec. I’ll show you here how to reproduce its behavior with #CrackMapExec, #Impacket, #Sliver, #Certify and #Certipy.

Let’s go! ⤵️

#pentest #adcs
🧶 (2/) First things first, I shall enumerate AD CS environment with #CrackMapExec and qwinsta the Victim machine via newly introduced tstool[.]py from #Impacket (thx @nopernik!). For the purpose of this demo I’ll use a DA account to interact with the Victim but any LA will do 👨🏻‍💻
🧶 (3/) I shall now prepare my team server and generate an encrypted Sliver beacon to use it with DInjector 💉
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!