Microsoft Copilot for SharePoint just made recon a whole lot easier. 
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
It opened the door to credentials, internal docs, and more.
All without triggering access logs or alerts.
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
That’s a problem.
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
Read it here: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/
#offsec
0 posts0 participants0 posts today
Continued thread
I wonder if I could manipulate the process via procfs. Perhaps extract a payload into /proc/self/mem or something.
What are some interesting files/directories to overwrite in an AWS Lambda execution environment?
I found an unsafe tarball extraction vulnerability in a customer's code, but I'm not the most familiar with AWS.
OSCP+ 
@BSidesNYC 0x03 Recap: In this session, François Proulx discusses what goes on behind the scenes of #supplychainattacks through the lens of SLSA (Supply chain Levels for Software Artifacts), a threat model designed to tackle these emergent threats.
Continued thread
It even works with processes that have entered Capabilities Mode.
Injecting a shared object anonymously over the ptrace boundary on #FreeBSD via libhijack now works!
https://github.com/SoldierX/libhijack/commit/18b4ad92c0e41e4b0711484b725646c3f04b51ba
It's been about a week since this happened so I'm probably cool-headed enough to talk about it. First a little background info.
A sales person from Offensive Security (https://www.offsec.com/) has been trying to reach out to me for days. First by work email, which I ignored, then through my personal LinkedIn account, which I also ignored.
Then, last week, my son texts me and says, "some guy called me looking for you." I told him I was your son and he said he would try to email. I know that absolutely no one in my professional circle has my son's personal cell number, so I asked him to send me the number that called him.
I call the number back and it's the sales guy from Offensive Security. I immediately asked him how he got my son's number and found out it was part of a ZoomInfo (https://www.zoominfo.com/) record for me. I told him to immediately delete any record he has with my son's information.
I then let him know in no uncertain terms that his company was using some shady data gathering practices if they had my son's cell number and because of that I will personally never do business with OffSec again. I also made it clear that he should never reach out to me again.
Even though I hold the #OSCP and #OSCE certifications and even though they were a career changer for me and for my colleagues, I will no longer do business with their company.
OffSecThe Path to a Secure Future | OffSecBuild cyber workforce resilience with our unmatched skills development and hands-on learning platform and library.
Introduction to offensive security
https://steve-s.gitbook.io/0xtriboulet/
Cool, someone is implementing Offensive/RedTeam techniques in Crystal.
https://github.com/js-on/WeaponizeCrystal
If you haven't heard of the Crystal Programming Language, definitely check it out. While much of the hype has been focused on Go or Rust, I feel like Crystal and Nim are great middle-ground languages, that have high-level features (Class based OOP, AST macros, Generics, closures, builtin concurrency, exception handling, etc), provide low-level access to C primitives, but use GC instead of Rust's borrow checker which can be kind of annoying/overbearing.
#crystallang #offsec #redteam
GitHubGitHub - js-on/WeaponizeCrystal: Experiments in weaponizing Crystal for offensive operations.Experiments in weaponizing Crystal for offensive operations. - GitHub - js-on/WeaponizeCrystal: Experiments in weaponizing Crystal for offensive operations.
Just a few weeks until @cactuscon 11! We can't wait; @dnsprincess is presenting, there will be plenty of 
swag on hand, and you can chat with our team about #infosecjobs at Bishop Fox or our industry-leading #offsec solutions. https://bishopfox.com/events/cactuscon-11
Bishop FoxBishop Fox to Sponsor & Present at security conference CactusCon 11Join Bishop Fox security consultants at the Mesa Convention Center in Mesa, AZ on Jan. 27-28th, 2023 for two days of talks, workshops, CTF, and events.
Bypassing Intel CET with Counterfeit Objects:
https://www.offensive-security.com/offsec/bypassing-intel-cet-with-counterfeit-objects/
www.offensive-security.comBypassing Intel CET with Counterfeit Objects | Offensive SecurityIn this blog, we’ll briefly cover how CFI mitigations works, including CET, and how we can leverage COOP to effectively bypass Intel CET on the latest Windows releases.
I am so stoked to start my first day on the job at #IOActive!
Since some are only on Mastodon. I wanted to share my Offensive Security & Reverse Engineering (OSRE) course labs (docx) which I uploaded to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. They are not just good for software exploitation, but even learning about debugging & diff x86 instructions. There are some assembly quizzes which might be useful, I'll share those too. You can find them under the line saying "Labs 2022 can be found here"
Repo: https://exploitation.ashemery.com
Videos (EN): https://www.youtube.com/playlist?list=PLCS2zI95IiNybAAQ0HL88YzwRpLXje5y6
Videos (AR): https://www.youtube.com/playlist?list=PLCS2zI95IiNyo5AhbVIL2hVX7zhuSkOkz
#Offsec #SoftwareExploitation #RE
That's it for 2022 ... Good luck you all with 2023 :)
How do you wish offsec tools exported/saved "loot" (captured passwords, API keys, files, etc)? Separate files in a directory? Passwords/credentials in their own passwords.txt or creds.txt files? YAML? tar archive? encrypted zip?
#offsec #pentesting
Free Offensive Software Exploitation Course - Binary Exploitation tutorial
GitHub course link:
https://github.com/ashemery/exploitation-course
YouTube video version:
https://youtube.com/playlist?list=PLCS2zI95IiNybAAQ0HL88YzwRpLXje5y6
Continued thread
I guess you're supposed to do hashtags here?
#introduction post
Hello! I'm Keefer. I joined Mastodon slightly before the most recent wave of migrations, after hearing about it on Daniel Miessler's podcast.
I'm a security engineer with experience in cloud security. Recently embarked on a journey to learn more about offensive security and obtained the OSCP last month after about a year of studying. I think I'm hooked! It's been really fun and I've learned a lot by being able to perform some attacks myself.
I've always been more of a lurker on social media in the security space. I know enough to know how much I don't know, and it's a lot! I do want to start sharing / blogging more, though, even if I'm not writing about bleeding edge topics.
Aside from the infosec stuff I enjoy photography and have been getting my feet wet with woodworking recently.
Edited to add: #hacking #offensivesecurity #offsec #infosec #learning #impostersyndrome #woodworking #photography
Hey I'm John, and I love learning and becoming better. Most days I'm trying to be a better dad, husband, friend, community member, and guarding my own #mentalhealth.
For work I do #offsec #pentest #redteam stuff, and enjoy research deep-dives when I get the opportunity. Lately I've been writing lots of tools in #rustlang. Sometimes I stream on #twitch, where I try to code and talk at the same time, poorly. Sometimes I give talks at #infosec cons about my mediocre code (and throw in a few #dadjokes).
Away from screens, my main hobby seems to be trying out new hobbies, but the ones that have stuck are books (mostly #scifi #fantasy spec-fic), playing #guitar, running/exercise, and backyard #hydroponics.