ASL IT SECURITY @ASL_IT
We develop red team products and provide tools for LEA agencies and governments to combat cyber crime. aslitsecurity.com India Joined October 2014-
Tweets58
-
Followers148
-
Following445
-
Likes40
@doc_guard @SubTee @malwrhunterteam @luigi_martire94 @executemalware On which office version did you tested it? The VBS is not getting triggered in office 365 fully updated.
#CVE-2022-30333 #zimbra #unrar POC github.com/aslitsecurity/…
Different orgcharts.exe versions crash on different buffer size. But all are vulnerable.
OrgCharts.exe #msoffice Anyone have knowledge of .opx file structure or any reference link?? Possible 0day? More than 160 "AAAAAA....."
@HaifeiLi @wdormann @GossiTheDog @EXPMON_ Seems like SE trick, so that the target enables macro.
I have made 3 builders for docx, cab, and HTML for CVE-2021-40444. Goal is to test how easily we can bypass static AV detections for the DOCX file, by just tampering with some characters. github.com/aslitsecurity/… The results were very predictable. #infosec #hacking #redteam
@Max_Mal_ But you still need cab file to drop the payload to %temp%? Or you are not using cab at all?
@ksha @vxunderground @vxunderground thanks I got the HTML samples from you. non Obfuscated ones.
To achieve exploitation via preview pane, just convert the generated docx to RTF. PS: Read RTF specs, check old RTF exploit variants. RTF exploits are more fun to FUD, and the tricks are countless. #cve-2021-40444
I'm too late at CVE-2021-40444 party. But i just wanted to take a look at MSIE exploitation. Awesome to see a full exploit (RCE w/ sandbox escape) only using 6 lines of javascript code. Cool no doubt.
For VT lovers this is the POC for CVE-2021-40444 generated by these builders. #virustotal
Sorry in the repo _rels dir was not uploaded somehow. Anyone of you who got corrupted docx file, please pull again and try.
@novitoll @ulexec cabarc.exe -i 1234 -p -m NONE n asdbc11.cab "../championship.inf", Then you need to change the DLL size. Maybe I will release a cab generator tool on github.
A couple of modifications and poof. Only 7 AV detected. #cve-2021-40444
@io_r_us @Edgespot_io No this is not cve-2019-5786. But it seems a PDF document used by readnotify (a service used to know if the receiver of an email read the email, or opened an attachment.)
@InfoCap4 No idea. Couldn't figure it out. And without password how it is decrypting to execute the exploit???
Help decrypting MS Equation editor sample #cve-2018-0802. This sample is detected by just 3 AV on virustotal and is encrypted using AES/RSA. virustotal.com/file/d65b4b653… PS: You need to rename it to .xlsx for it to work.
marin @eingengraou
239 Followers 1K Following Full Stack Web dev | Python | Bug bounty hunter | Cyber Security Analyst @igbigi_official | Acknowledged by @nokia, @apple | Open for collabs
Sanju @Sanju99445423
0 Followers 146 Following
www.CloudMalwareAnaly... @AnalysisGroups
236 Followers 5K Following CloudMalwareAnalysisGroups@CloudMalwareAnalysisGroups.vulnerabilities
Emmanuel Nkanta @agwouyo
34 Followers 176 Following
John Taylor @JohniTay19
5 Followers 575 Following
"Show me how to run N... @liberaIIy
26 Followers 477 Following i3 + Polybar + Gaps + NeoVim user ◈ They/Them ◈ LSD Microer ◈ REM phaser ◈ Body dysmorphia ◈ Silicon Valley Blockchain AI Startup entrepreneur ◈ Gerbil Dad
allsec @allsec0X
146 Followers 683 Following
Chris Hanlon @ChrisHanlonCA
17K Followers 18K Following Security Engineer Google Security Hall of Fame Presenter & Workshop host at #BSidesLV and #DEFCON
Amanda Lindsey @IRLVelmaDinkley
18 Followers 258 Following She/Her/Hers Searching for clues and unmasking the threats. Incident Response/Threat Intelligence MSCSIA/MSITM
IIIIII @lllIIlIlIlllIl
1 Followers 227 Following
root@Mo @jessepinkmann0
135 Followers 1K Following Cyber Security enthusiast / Bug Hunter @yeswehack
Equity Nate @EquityNate
49 Followers 208 Following Swing & long-term stock trader | Technical & fundamental analysis | Daily market news & trade ideas | Not financial advice | Charts & insights daily
Alexandra Kulagina - ... @AlexandraKulag3
441 Followers 3K Following 📍🇫🇮 - Talks about 👉 IoT Cybersecurity / Firmware Security / Device Security 💻 - Sales & Marketing Specialist @binareio - 📧 [email protected]
R.Manas @ManasRth
11 Followers 339 Following Athlete || Gardening || Cyber Security || More on the way 😄
$ymantec @SymanTechnology
131 Followers 5K Following
Anand kumar @Anandku901657
9 Followers 170 Following
CODEC Networks @Codec_Networks
800 Followers 2K Following #CyberSecurity | #NetworkSecurity Services & #ITTraining Company offer #ECCouncil #CEH #ECSA #ISO #CCNA #CISSP #CPT #SCADA #CSA #CND #CISM #CISA #PECB #BigData
d @0x61_
426 Followers 700 Following keep incrementing++ | breaking the internet for a living; sung jin woo's komandante heneral; tra-guy's right hand; views are mine, gtfo
Pathocode @pathocode
112 Followers 540 Following
Midge Bornstein @M93UHgopmo
3 Followers 672 Following
吾日三瓶茅台 @hyper2junior
23 Followers 1K Following
Pieter Donche @rival236
218 Followers 935 Following Security Engineer By Day; Hacker/Pentester by night; Elite Hacker - HTB | CRTP | CRTE; #cybersecurity #redteam #purpleteam #threathunting
tigr0w @tigr0w
34 Followers 1K Following
Gothard @Gothard17290048
8 Followers 1K Following
Gustavo Palazolo @GustavoPalazolo
191 Followers 1K Following Security Researcher, tweets are my own.
Christopher Peacock @SecurePeacock
7K Followers 2K Following #PurpleTeam | Ex @RaytheonTech MSSP, @SCYTHE_IO, & @GD_OTS | Taught at BlackHat & DEFCON | #100DaysofSigma | Keep exploring, keep learning, and stay curious
Spencer Walden @__Masq__
777 Followers 4K Following Principal Cyber Threat Analyst @Centene #cti #ctf #blueteam #dfir #malware #netsec #infosec
Neil @Sec_Neil
89 Followers 784 Following I am an Information Security researcher. I fell in love with anything speaks. Malware analysis is my passion.
Donny @dmred1
1K Followers 2K Following Threat hunter |DFIR |Trainer || Mod at https://t.co/nPY5CiRXtA at @nullhyd every view here on my twitter wall is my own ! doesn't represent any entity I associate
Cassio @CASSIO_TT
163 Followers 5K Following
Marcos Vinicios (MV) @iamveene
103 Followers 3K Following I'm here for Offensive Security, Threat Intelligence, Reverse Engineering, Malware Analysis, DFIR, Defense Evasion, Windows Internals, and cyber black magic.
0x4d @0x4d_
2K Followers 1K Following
Anthony. @AnthonySecurity
2K Followers 2K Following Founder @HiveSecLtd, AI / . / Offensive Security
Art&Fact @ArtFact10
263 Followers 2K Following Pentester - RedTeam / Ethical Hacker hack to learn or learn to hack? Exactly where you didn't expect me... Exactement ou tu ne m'attendais pas...
Mohamed reda ameen @AlQa3Qa3M0x0101
1K Followers 670 Following
Zach Hanley @hacks_zach
2K Followers 438 Following Vulnerability Researcher | Attack Engineer @horizon3ai
James Horseman @JamesHorseman2
1K Followers 116 Following Vulnerability Researcher | Attack Engineer @horizon3ai
secret club @the_secret_club
17K Followers 0 Following secret club is a not-for-profit reverse-engineering group; publishing new research on popular software. No ads, no cookies, just research.
Dhave@Security:~# @DhaveSecurity
209 Followers 2K Following 💻 Cybersecurity & Government Intelligence Professional👾 👻 Hacker & Speaker 🎤
Payton Miller @aLilSus
106 Followers 165 Following Penetration Tester I do phishing Accidentally pushed functional code to production.
Joel GM @JoelGMSec
3K Followers 2K Following ● Senior Red Team Cybersecurity Expert ● Ex-CTO @ Cyberguard ● SysAdmin +10 years ● Creator of AutoRDPwn: The Shadow Attack Framework
Claes Spett (.PrØÐi... @J3rge
7K Followers 693 Following Programmer | Exploit Dev | Reverse Engineering | Backdooring Everything I Break! - Author of Asphyxia C2/Rootkit - 0xFFFFFFUCk
bukaw @mk82js
157 Followers 2K Following
Reasonable_In🖊 @TranslationInLo
302 Followers 5K Following Billionaire bros, Anti - { Liberal, Feminist, Colonist, Communist, Sugardaddy, Protagonist, Capitalist, Socialist} Group of 34 guys using same acc😂bonito sor
horse @horse04331529
6 Followers 92 Following
jpg @Fanblok
51 Followers 270 Following
Marcos Vinicios (MV) @iamveene
103 Followers 3K Following I'm here for Offensive Security, Threat Intelligence, Reverse Engineering, Malware Analysis, DFIR, Defense Evasion, Windows Internals, and cyber black magic.
Spencer Walden @__Masq__
777 Followers 4K Following Principal Cyber Threat Analyst @Centene #cti #ctf #blueteam #dfir #malware #netsec #infosec
Token @TokenSession
1 Followers 72 Following
Rayhan0x01 @Rayhan0x01
2K Followers 551 Following Platform & AppSec Engineer | CTF Organizer @RedTeamVillage_ | OSCP, OSWE
zhengwei @justzhengwei
318 Followers 3K Following C/C++ Developer | 跨平台开发 (Win/Mac/Linux) Python & Java enthusiast. 🐧 Linux power user. Building software that runs everywhere.
TheSphinx @__SPX__
904 Followers 675 Following #WebDeveloper #Malware researcher. #Senior developer. React, Python, C++, C#, VB, Java, Php. 🇮🇹 WannaBe #redteamer. ✏️ [email protected]
Ajay Fuloria @ajayfuloria
345 Followers 989 Following redteam. pentest. cyber. geopolitics. public speaking. karm yoga.
jungman @notajungman
922 Followers 5K Following undefined, and any attempt would be ill advised and unrefined. Also, it's time to start shrugging.
ghstmai1er @ghstmai1er
174 Followers 5K Following
MagicMikey @MagicMikey18
38 Followers 2K Following
سكارف @1SKARF1
21K Followers 8K Following
KayKo @dashkayko
18 Followers 191 Following
0x4d @0x4d_
2K Followers 1K Following
Gleb Cherbov @cherboff
319 Followers 339 Following
Charleth @CG83210277
18 Followers 247 Following
Donny @dmred1
1K Followers 2K Following Threat hunter |DFIR |Trainer || Mod at https://t.co/nPY5CiRXtA at @nullhyd every view here on my twitter wall is my own ! doesn't represent any entity I associate
Anthony. @AnthonySecurity
2K Followers 2K Following Founder @HiveSecLtd, AI / . / Offensive Security
Rahmat Nurfauzi @infosecn1nja
3K Followers 1K Following Security Researcher/Red/Purple Teaming/Adversary Simulation/Threat Hunter. Contributors of Atomic Red Team, PS Empire, ATT&CK Framework, LOLBas, and more.
Bassam Assiri🇸🇦 @BassamAssiri
7K Followers 2K Following Non Technical Account Cyber Account:@BassamAssiriSec
Shubham @shubhTheRed
14 Followers 331 Following I am here for the news! ManUnited, CyberSec and etc etc... #GGMU
Punished Enoch @LazarusBlackNSA
119 Followers 820 Following #GutterShaman - #Flâneur - #Writer - #OSINT - #RedTeam - #TheCrown #TheClown (they/them/god)
Gh0stHax @Gh0stHax
166 Followers 227 Following Hacker of things.. | Network | Web App | Burp Suite | pfp: @drybonz1 |
Trends for United States
You might like
