Cas van Cooten @chvancooten Twitter profile | Pikagi

Pikagi

Cas van Cooten

@chvancooten

9,936

Followers

688

Following

472

Media

2,996

Statuses

Benevolently malicious offensive security enthusiast || OffSec Developer & Malware Linguist || NimPlant & NimPackt author || @ABNAMRO Red Team

🇳🇱

https://t.co/kLSDLG47bl

Joined March 2011

Don't wanna be here? Send us removal request.

Pinned Tweet

@chvancooten

Cas van Cooten

15 days

Black Hat is around the corner, and that can only mean one thing: NimPlant v1.4! This version introduces a fully-featured Rust implant and much more. Catch me yapping about it on Wednesday, August 7 (1:55pm-3:10pm) at Arsenal Station 4! Release here:

Tweet media one

0

16

90

Last Seen Profiles

@2REEerTZfWyAUq4

@solo_top

@UWAdmissions

@yaya86412

@kachur_kirill

@JAPAMUwU

@boris_urbas

@batsusuke_x

@SweetLittleEats

@pobbbpsa

@Fiona_Allan

@itaintaaron

@AurorWuitschic

@spankthenun

@DawmyAI

@andeer_ATH2

@TaylorLabGroup

@NationalFile

@marniemallow

@CABasanez1920

@ligasmartbank

@abdalh_alrgwan

@ellegoodman05

@WicketBig

@Seed1137707296

@Ao_Aoyama_

@kubolos231

@tocomalta

@ifschord

@laurajVK

@iammanansoni

@kamizaki_ai

@ymoo89

@culturaquito

@kokebsolomon

@DeanYoder3

@chvancooten

Cas van Cooten

3 years

A story in three parts 😶 #log4j

Tweet media one

Tweet media two

Tweet media three

55

1K

4K

@chvancooten

Cas van Cooten

4 years

Want to crack some hashes but your VM is too slow? Here's a cool tip: you can (ab)use Google's Colaboratory to spin up two beefy graphics cards to do the cracking for you. It's free, and works really well! Get started here:

Tweet media one

14

416

999

@chvancooten

Cas van Cooten

2 years

Everyone likes a good hacking story right? I have just the thing for you. Let me tell you about that time I ‘accidentally’ hacked a four-story display next to one of the biggest highways in the Netherlands 👀 🧵

Tweet media one

19

113

945

@chvancooten

Cas van Cooten

3 years

In light of my upcoming OSEP exam I've given my AD cheat sheet some of the care it deserves! Added more content and commands, brushed up existing content. Improved: - AD delegation - Lateral movement with MSSQL - LAPS - Inter-forest exploitation - More! 👇

Tweet card media

Windows & Active Directory Exploitation Cheat Sheet and Command Reference

Last update: November 3rd, 2021 Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz...

casvancooten.com

6

271

729

@chvancooten

Cas van Cooten

2 years

After almost 2 years of working on NimPlant as a personal side project, I’m proud to release it to the public! NimPlant is a light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI. Available here now! 👇

Tweet media one

Tweet media two

32

209

638

@chvancooten

Cas van Cooten

2 years

Kicked off my "MalDev for Dummies" workshop successfully yesterday, which means the repo is now public! Slides, exercises, example code and resources to get you started on your malware development journey. C# and Nim supported for now. Enjoy!!

Tweet card media

GitHub - chvancooten/maldev-for-dummies: A workshop about Malware Development

A workshop about Malware Development. Contribute to chvancooten/maldev-for-dummies development by creating an account on GitHub.

16

200

624

@chvancooten

Cas van Cooten

2 years

You all know about `ssh -D [port]` opening up a SOCKS proxy, but did you know that `ssh -R [port]` opens up a reverse socks proxy on the target? I sure didn't 🤯

Tweet media one

23

70

511

@chvancooten

Cas van Cooten

3 years

Disclaimer²: Normally I wouldn't share such vulns before the vendor has had a chance to mitigate. However, I chose differently in this case because 1) The issue is already very widespread 2) I likely wasn't the first one to tell Apple 3) It's a prime example of how deep this goes

5

24

480

@chvancooten

Cas van Cooten

2 years

Got sidetracked by a fun little Terraform + Ansible project which I dubbed 'CloudLabs AD'. It provisions a small AD lab in the cloud that has some dummy data to play with and is enrolled in Elastic Endpoint Security. Just open sourced it here 👉

Tweet media one

Tweet media two

10

145

479

@chvancooten

Cas van Cooten

3 years

You know what time it is? ⏰It's Active Directory o'clock! I updated my AD Exploitation Cheat Sheet based on (among others) techniques discussed in the CRTO course. New: DPAPI & GPO Abuse Improved: LAPS, AppLocker/CLM, PowerView/Rubeus refs, many more 👇

Tweet card media

Windows & Active Directory Exploitation Cheat Sheet and Command Reference

Last update: November 3rd, 2021 Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz...

casvancooten.com

9

168

460

@chvancooten

Cas van Cooten

3 years

Figured it was high time for another update to my AD cheat sheet! Pushed some new techniques, and made changes to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz sections as well as fixing some whoopsies 🙃

Tweet card media

Windows & Active Directory Exploitation Cheat Sheet and Command Reference

Last update: November 3rd, 2021 Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz...

casvancooten.com

7

152

439

@chvancooten

Cas van Cooten

1 year

Grams is on that malware development 👵

Tweet media one

6

83

437

@chvancooten

Cas van Cooten

2 years

Just published a quick and dirty Python script to replicate the full 'Follina' Office RCE vulnerability for (local) testing on Github. Not suitable for production use, but should help in quickly identifying exposure.

Tweet card media

GitHub - chvancooten/follina.py: POC to replicate the full 'Follina' Office RCE vulnerability for...

POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes - chvancooten/follina.py

8

150

438

@chvancooten

Cas van Cooten

3 years

Disclaimer: I'm fairly sure I'm not the first one to have tried this but I flagged it with Apple's product security team either way. I'm sure they are busy enough patching their systems 😅

4

14

403

@chvancooten

Cas van Cooten

3 years

Operating in an environment with strict applocker rules, but Python is whitelisted? You can use Python to bypass applocker, or even AV/EDR 😏 Here's a nice and simple way to execute an unmanaged DLL file by calling its entrypoint. Code will execute inside of 'python.exe'.

Tweet media one

13

122

401

@chvancooten

Cas van Cooten

3 years

Today I am open souring NimPackt-v1, the first version of my Nim-based packer and shellcode loader. It's old and the code is ugly, but it still works well. I think it also shows how versatile Nim can be. Enjoy! (To my blue friends: Yara rule included 🕵️‍♂️)

Tweet card media

GitHub - chvancooten/NimPackt-v1: Nim-based assembly packer and shellcode loader for opsec & profit

Nim-based assembly packer and shellcode loader for opsec & profit - chvancooten/NimPackt-v1

10

153

369

@chvancooten

Cas van Cooten

4 years

Operating from a restricted environment without outbound connectivity? Venom allows for port reuse and even works on Windows (to my surprise). Now you can set up a SOCKS proxy without disturbing the original service! Check it out 👉

Tweet media one

1

108

331

@chvancooten

Cas van Cooten

4 years

Found a Gitlab instance on a penetration test or red teaming engagement? If the version is <12.9.1, chances are you can get (unauthenticated) RCE by chaining some under-the-radar vulnerabilities! Info in thread 👇 #infosec #redteam #bugbountytips #hacking #gitlab

Tweet media one

5

114

322

@chvancooten

Cas van Cooten

3 years

Officially passed the 48h certification exam! Y'all may now call me OSEP🥳 Blog post soon-ish (hopefully)

Tweet media one

24

2

321

@chvancooten

Cas van Cooten

3 years

When discussing ADCS attacks, particularly ESC8, most go straight for the DC$ account. If you can for some reason not coerce machine auth, targeting users may be just as profitable! 1. Run responder to poison your way to some hashes 2. Relay to ADCS & grab user cert 3. Profit!

Tweet media one

Tweet media two

Tweet media three

1

91

311

@chvancooten

Cas van Cooten

16 days

You find this outside of your office, what is your first thought? 👀 (it was 15GB worth of bible texts and videos 😂)

Tweet media one

299

12

289

@chvancooten

Cas van Cooten

2 years

They took my report very well, they were very intrigued about what had happened and interested in learning more about the potential fix (and how they can prevent similar issues in the future). So a great story, and made the world a bit more secure as a result 💯 /fin

10

2

238

@chvancooten

Cas van Cooten

3 years

Back at having fun with Nim! Started a full rewrite of NimPackt, a versatile and AV/EDR safe packer and shellcode loader. Starting from scratch gave me a lot of flexibility to roll out shiny new techniques 👀

Tweet media one

3

52

228

@chvancooten

Cas van Cooten

3 years

Nów it's ready for field testing 😎

Tweet media one

16

20

228

@chvancooten

Cas van Cooten

3 years

I published a technical blog post about using Nim for offensive tooling, focusing on my Nimplant project. It includes many lessons learnt and tips & tricks. The blog setup is quite different than what I'm used to writing, so let me know if you like it!

Tweet card media

Building a C2 Implant in Nim - Considerations and Lessons Learned

Nim for offensive security For a while now I have been playing with the programming language Nim in the context of Offensive Security. Nim is a relatively young and fairly unknown programming...

casvancooten.com

8

90

227

@chvancooten

Cas van Cooten

2 years

WinDBG really captured my mood when working with debuggers

Tweet media one

3

26

207

@chvancooten

Cas van Cooten

2 years

Slides for my talk "BYOT: Build Your Own Tools for Fun and Profit" presented at @x33fcon 2022 published here! 👇

1

64

201

@chvancooten

Cas van Cooten

4 years

I finally got around to polishing my Windows / Active Directory exploitation cheat sheet & command reference! It's in no way an exhaustive list, but it should hopefully be a useful resource (especially for CRTP/CRTE)! Additions very welcome.

4

77

196

@chvancooten

Cas van Cooten

2 years

New commits on Nimplant? Could it be that soon™ is finally soon??? 👁👄👁

Tweet media one

3

38

195

@chvancooten

Cas van Cooten

1 year

In preparation of my @x33fcon workshop and by popular demand I have added the Rust language to my 'MalDev for Dummies' workshop! 🦀 Having played with Rust a fair bit now, I included some thoughts in this thread 🧵 Check it out 👇

Tweet card media

GitHub - chvancooten/maldev-for-dummies: A workshop about Malware Development

A workshop about Malware Development. Contribute to chvancooten/maldev-for-dummies development by creating an account on GitHub.

4

46

176

@chvancooten

Cas van Cooten

3 years

Nimplant: *Does the naughty* Defender ATP:

Tweet media one

4

20

177

@chvancooten

Cas van Cooten

1 year

Ayy I got promoted 🥳

16

0

177

@chvancooten

Cas van Cooten

3 years

As promised, I just uploaded my first blog post of 2021: A course review of the PEN-300 course and OSEP certification by @offsectraining ! Find the blog post below, and let me know what you think!

Tweet card media

Getting the OSEP Certification: 'Evasion Techniques and Breaching Defenses' (PEN-300) Course Review

Updated February 13th, 2023: Some referenced courses are now licensed by AlteredSecurity instead of PentesterAcademy, this post has been updated to reflect. Introduction When Offensive Security...

casvancooten.com

4

37

165

@chvancooten

Cas van Cooten

4 years

Last November, colleagues organized a meeting that would be the start of my obsession with hacking. Since then, I've completed >90 HTB machines, completed Offshore, attained my OSCP, CRTP, CRTE, published a HTB machine, and joined the red team. Have to say it was a good year! :)

12

8

162

@chvancooten

Cas van Cooten

2 years

Officially bought a house today! 😱

27

0

163

@chvancooten

Cas van Cooten

2 years

Spent some time last week on something entirely different - frontend development! Created a new interface for Nimplant from scratch to teach myself the ropes of Next.JS and Typescript. Not gonna lie, pretty proud of what I achieved in a week (GIF below 👇)

12

17

158

@chvancooten

Cas van Cooten

2 years

After all, why not.... Why not cook up new features a week before release 👀

12

20

163

@chvancooten

Cas van Cooten

2 years

@notshenetworks That's a pretty deep rabbit hole but something like covers a lot of them. If you want something a bit more straightforward my own cheat sheet may be helpful:

7

14

160

@chvancooten

Cas van Cooten

2 years

Bruh, Sliver's SOCKS5-over-WireGuard proxy is so performant that I was just able to get a leaderboard spot on via an RDP session tunneled over my implant. This is sick 🔥

Tweet card media

The smash-hit game! Play with millions of players around the world and try to become the longest of the day!

3

19

157

@chvancooten

Cas van Cooten

2 years

. @Wietze rocking it on stage and launching , a community-driven project that maintains a repository of binaries vulnerable to variety of different DLL hijacks 🔥

3

44

159

@chvancooten

Cas van Cooten

3 years

NEEDS MORE BACON

Tweet media one

3

15

148

@chvancooten

Cas van Cooten

3 years

2021 was another crazy year! I did some cool certs (OSEP, CRTO, PACES), presented at a con, built cool tools, even made the news with some dumb security "research". Here's to 2022 bringing more cool challenges! Starting with my new job as red teamer @ABNAMRO per the 1st of Jan 🥳

15

6

144

@chvancooten

Cas van Cooten

2 years

Playing with Elastic Security a bit and it's pretty dope. A lot of nice rules to play with out of the box 🤤 Would love to provision it in my labs with Ansible but automating the installation in a headless fashion is gonna be a pain lol

Tweet media one

11

23

142

@chvancooten

Cas van Cooten

3 years

As promised - here's my blog post on the excellent "Red Team Ops" course and CRTO certification by @_RastaMouse / @zeropointsecltd . Hopefully helpful for people interested in taking these course, it comes recommended for sure! See why inside 😁

Tweet card media

Operate Like You Mean It: 'Red Team Ops' (CRTO) Course Review

Introduction If you hang around the infosec “twittersphere” or in other security communities, odds are you have already seen someone share their experiences on the ‘Red Team Ops’ course by ZeroPoin...

casvancooten.com

5

26

140

@chvancooten

Cas van Cooten

3 years

I got a promotion today 🥳 Y'all may now call me "Junior Manager". Don't worry, I'll still be on my technical bullshit though 🙃

24

1

138

@chvancooten

Cas van Cooten

3 years

Yay! Passed the 2k with the help of some awesome folks (you know who you are! 💖). As promised it's time to celebrate, so I will be giving away a 1mo HTB VIP+ subscription (courtesy of the 💯 folks at @hackthebox_yow ), AND a 1mo TryHackMe voucher! Like this tweet to participate!

@chvancooten

Cas van Cooten

3 years

Almost 2000 followers! If y’all can bump me there I have something nice for you to celebrate 😏

2

5

74

11

22

137

@chvancooten

Cas van Cooten

1 year

CRTO II is in the pocket! For sure a fun course with some pragmatic and actionable insights for more advanced red team operations. Can't say I was a big fan of the restricted exam environment with browser access and slow machines, but the exam had some fun challenges nonetheless!

Tweet media one

7

5

136

@chvancooten

Cas van Cooten

1 year

My second Github repo to (almost) hit 1k stars ✨ Awesome to see community contributions get so much positive response! Give it a looksie if you're interested in malware dev in Nim, Go, or C#, but don't know where to start! 👇

Tweet card media

GitHub - chvancooten/maldev-for-dummies: A workshop about Malware Development

A workshop about Malware Development. Contribute to chvancooten/maldev-for-dummies development by creating an account on GitHub.

3

31

129

@chvancooten

Cas van Cooten

6 months

Since people seem to have (re-)discovered Bring-your-own-Python, here's what happens if you embed Python + Impacket within a Rust binary. It works, but turns out almost as thicc as a Go binary (73MB 🤤) lol. Feasible? You be the judge 👀

Tweet media one

13

23

126

@chvancooten

Cas van Cooten

1 year

Just shut down my laptop, and won't turn it back on again until December! Will be leaving on a three-month trip in Southeast Asia with my girlfriend. That also means you won't hear much from me - look forward to catching up with y'all's great research when I get back tho! Ciao 👋

Tweet media one

12

1

128

@chvancooten

Cas van Cooten

3 years

How about I open source Nimpackt v1 if y'all get me to 5k followers? 👀

6

26

116

@chvancooten

Cas van Cooten

3 years

When you're re-watching @Flangvik 's PoshC2 stream and he suddenly uses your site as a reference 😎 P.S. You didn't completely bork the pronunciation 🤣

Tweet media one

3

3

113

@chvancooten

Cas van Cooten

3 years

What do we say to the Gods of dependency issues? Docker! I published a Docker image to conveniently compile all my Nim-based tools without installation or dependency issues. Updated the readme of NimPackt-v1 to include this compilation method as well!

Tweet media one

4

23

103

@chvancooten

Cas van Cooten

3 years

Not ashamed to admit that @nikhil_mitt whooped my ass with some of these pivots, but at least I'm now getting somewhere with the GCB labs! Much much more to go :D

Tweet media one

5

3

102

@chvancooten

Cas van Cooten

3 years

I published my notable OSEP code on Github. It's nothing too fancy, mostly what the course discusses with some extra polishing and functionality here and there :). Perhaps it's helpful to someone! (Note: Spoilers inside if you want to follow the OSEP 😄)

Tweet card media

GitHub - chvancooten/OSEP-Code-Snippets: A repository with my notable code snippets for Offensive...

A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course. - chvancooten/OSEP-Code-Snippets

1

34

102

@chvancooten

Cas van Cooten

2 years

We got a better look of it on the way back, and were lucky enough to actually catch it on camera.

1

3

100

@chvancooten

Cas van Cooten

2 years

Survived my first on-stage con talk! Will share slides soon 👀 (it has memes)

@jorgeorchilles

Jorge Orchilles

@jorgeorchilles

2 years

Next up is @chvancooten @x33fcon #x33fcon

Tweet media one

1

5

27

7

2

100

@chvancooten

Cas van Cooten

4 years

Pushed a pretty cool update to my BugBountyScanner. It now supports multiple domains, uses @pdnuclei to scan for known vulns/misconfigs, queries the Wayback Machine, and identifies interesting URL params. Includes a helper for BurpSuite too! #BugBountyTips

Tweet card media

GitHub - chvancooten/BugBountyScanner: A Bash script and Docker image for Bug Bounty reconnaissan...

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use. - chvancooten/BugBountyScanner

1

29

97

@chvancooten

Cas van Cooten

3 years

@Jean_Maes_1994 @olafhartong I saw a screenshot somewhere that the exact same happens when changing the name of your tesla 😳

1

6

92

@chvancooten

Cas van Cooten

1 year

This should be fun 👀

Tweet media one

7

0

90

@chvancooten

Cas van Cooten

2 years

My first response was thinking “wow, really irresponsible of them to put up an ad this bright in the middle of the night”. Then I got a better look, and I damn near ran my car off the road when I realized that right there, four stories tall, was the SIGN I POSTED JUST THEN 🤯

1

1

87

@chvancooten

Cas van Cooten

10 months

🇳🇱 Als 'expert' meedoen aan Het Klokhuis is toch wel een soort kinderdroom die in vervulling gaat 🤓. Trots op het resultaat, een mooie focus op het ethische deel van ethisch hacken! En "legend van de dag" kan ik in m'n zak steken 😂

@hetklokhuis

Het Klokhuis

10 months

Elk systeem kan gehackt worden. Ethische hackers helpen een bedrijf om zichzelf beter te beveiligen. Janouk gaat mee met ethisch hacker Cas, die een school gaat hacken om te laten zien hoe dit in zijn werk gaat. De Boze man ontmoet twee ethische hackers.

Tweet media one

2

10

24

18

6

86

@chvancooten

Cas van Cooten

3 years

Woohoo, pass confirmed! This was a lot of fun. Published a blog post about my experience with the GCB labs and PACES certification here:

Tweet media one

@SecurityTube

Pentester Academy

3 years

Congratulations to @chvancooten for the rare distinction of clearing our PentesterAcademy Certified Enterprise Security Specialist exam! #PACES #GCBLab cc @nikhil_mitt

Tweet media one

1

1

8

8

6

82

@chvancooten

Cas van Cooten

10 days

That's a wrap! Happy to have been invited to present Nimplant (and its new Rust version 🦀) at Black Hat Arsenal. The slides are available here, hopefully I can share the video version soon for those who missed it!

Tweet media one

3

10

85

@chvancooten

Cas van Cooten

2 years

Some pre-Defcon pew pews

Tweet media one

Tweet media two

8

0

80

@chvancooten

Cas van Cooten

8 months

I'm back! 🥳 After three fantastic months of travelling Southeast Asia (Indonesia, Philippines, Vietnam & Thailand), I am now back on my regular bullshit (F's in the chat). Look forward to catching up on the cool stuff you folks have been doing in the meantime!

Tweet media one

10

0

82

@chvancooten

Cas van Cooten

3 years

Touched down in Abu Dhabi for #HITBCyberWeek ! ☀️

Tweet media one

0

2

82

@chvancooten

Cas van Cooten

2 years

When appearing on national media... Rick roll the masses! ᵒʳ ᵃᵗ ˡᵉᵃˢᵗ ᵃᵗᵗᵉᵐᵖᵗ ᵗᵒ

Tweet media one

Tweet media two

5

1

82

@chvancooten

Cas van Cooten

4 years

Got confirmation this morning that I am now officially a Certified Red Team Professional! 🎉 To celebrate, a new blog for anyone interested in pursuing CRTP. "Getting the CRTP Certification: ‘Attacking and Defending Active Directory’ Course Review"

5

9

76

@chvancooten

Cas van Cooten

4 years

@shivangx01b @D0rkerDevil Sounds like you're doing something awfully similar to BugBountyScanner (), feel free to contribute if you have cool additions!

Tweet card media

GitHub - chvancooten/BugBountyScanner: A Bash script and Docker image for Bug Bounty reconnaissan...

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use. - chvancooten/BugBountyScanner

2

22

76

@chvancooten

Cas van Cooten

2 years

Something about Crowdstrike being a pain in the behind about people testing with their product combined with their engineers freely snooping on dev machines of their clients doesn't sit right with me 🤔 I'm all for transparency but it isn't a one-way street

@amunchbach

Andrew Munchbach

2 years

@polpanek @_vivami I’m kind of bummed the sensor wasn’t configured… I wanted to just look at the telemetry 🤣

1

0

1

4

15

77

@chvancooten

Cas van Cooten

3 years

It's so great to see @ippsec , who for a large part inspired and most definitely educated my own hacking career, tackle a machine I created! Glad to see my puns were well-received lol. Same goes for the walkthroughs by @_johnhammond , @0xdf_ , @xct_de & others. Hope y'all liked it!

@ippsec

ippsec

3 years

#HackTheBox Laboratory video is now online! An easy box that involved exploiting an old Gitlab instance. My favorite part was using the gitlab console to play with user permissions -

4

38

265

1

7

77

@chvancooten

Cas van Cooten

11 months

Celebrated my 30th birthday on a boat, and then spent it on a jungle island at the bottom of a volcano amidst the rice fields. #afk life is pretty good 😎

Tweet media one

17

1

76

@chvancooten

Cas van Cooten

3 years

Gave BugBountyScanner some of the long overdue love it deserved. Updated tools to the latest version, various enhancements and tweaks w.r.t. performance. Go try it out and grab some bounties!

Tweet media one

1

15

74

@chvancooten

Cas van Cooten

3 years

@Jean_Maes_1994 @olafhartong Found it, halfway down this repo

1

11

72

@chvancooten

Cas van Cooten

3 years

Almost 2000 followers! If y’all can bump me there I have something nice for you to celebrate 😏

2

5

74

@chvancooten

Cas van Cooten

2 years

@passthehashbrwn HELLO YES I GOT A SHELL BUT YOUR COMMANDS ARE NOT WORKING, HOW DO I DEPLOY MY RANSOMWARE PLS?!

Tweet media one

7

1

72

@chvancooten

Cas van Cooten

5 months

It's been a while - but I just tagged NimPlant version 1.3! This one has been lingering on the dev branch for quite some time. No major new features, but a lot of code refactoring and various enhancements. Special thanks to some wonderful contributors! 🚀

Tweet media one

2

14

73

@chvancooten

Cas van Cooten

2 years

Added a second execution mode ('command' vs 'binary') to my #Follina exploit script, and added some arguments to customize the behavior. I guess that's enough for now since the vuln will be patched soon anyway 🙃

Tweet media one

@chvancooten

Cas van Cooten

2 years

Just published a quick and dirty Python script to replicate the full 'Follina' Office RCE vulnerability for (local) testing on Github. Not suitable for production use, but should help in quickly identifying exposure.

8

150

438

2

12

71

@chvancooten

Cas van Cooten

2 years

When I got home, I immediately logged back in and turned off the screen due to the potential risk of blinding drivers (keep in mind these were two BIG signs, next to a huge highway - made a bit more clear by street view). The upside was that I now knew who this sign belonged to!

Tweet media one

5

0

67

@chvancooten

Cas van Cooten

1 year

Don't be like these people exposing their NimPlant server on Shodan - check your tools!

Tweet media one

@thehackerish

thehackerish

1 year

Nimplant can be customized. But be CAREFUL, @chvancooten has a good sense of humor that will get you flagged😆 Here is a full tutorial

0

4

30

5

16

66

@chvancooten

Cas van Cooten

2 years

That was fast lol. Thanks y'all 🥰 Will drop Nimplant on 14 February 2023, my valentine's gift for this dope community 💘

@chvancooten

Cas van Cooten

2 years

8k followers and I'll set a hard deadline for myself on releasing Nimplant 👁👄👁

Tweet media one

3

3

53

3

5

66

@chvancooten

Cas van Cooten

2 years

A couple of months ago I was bored, and this tweet by @pry0cc triggered a Shodan safari (as one does on a Friday night). I went looking, and sure enough I found exactly one exposed IP here in the Netherlands. It looked like a digital display of sorts.

@pry0cc

pry0cc

3 years

If you want to find these kinds of signs on Shodan, just look for “Daktronics” they’re usually unsecured with default passwords… and attached to hospitals and schools entrance.

Tweet media one

1

8

64

2

3

65

@chvancooten

Cas van Cooten

3 months

Nimplant in Rust? Yessir 🫡. I will be presenting the new version at BH Arsenal this year, and share how you can utilize Rust features for enhanced opsec(™️). See you in Vegas!

3

12

66

@chvancooten

Cas van Cooten

3 years

Having fun building out my Nim C2 today. Got multi-agent support to work, guess it's almost ready for field testing 😎

Tweet media one

5

8

64

@chvancooten

Cas van Cooten

4 years

If you don't know about yet, you should! Easy and quick to query from the command line (without any installation), and oftentimes provides a quicker and more usable quick reference than e.g. manpages or --help.

Tweet media one

0

25

64

@chvancooten

Cas van Cooten

3 years

And that's a wrap for the #OSEP challenge labs! Had a lot of fun struggling my way through various machines in the 6 distinct lab environments. Now to finalize my notes and codebase, do a few more practice runs to iron out the kinks, and then go for the exam I suppose 🥳

Tweet media one

5

3

63

@chvancooten

Cas van Cooten

2 years

The video for my @x33fcon talk "BYOT: Build Your Own Tools for Fun and Profit" is up now!

Tweet card media

16. BYOT: Build Your Own Tools for Fun and Profit by Cas van Cooten

Threat intelligence shows that malicious actors are diversifying their malware codebase. As such, the red team also needs to step up their malware developmen...

www.youtube.com

@chvancooten

Cas van Cooten

2 years

Slides for my talk "BYOT: Build Your Own Tools for Fun and Profit" presented at @x33fcon 2022 published here! 👇

1

64

201

3

13

60

@chvancooten

Cas van Cooten

2 years

NimPlant will be ready for release in about 2 weeks! Since I would like to release it as responsibly as possible, I'm looking to give one or a few defensive practitioners early access in exchange for some detection rules I can release with the project or indicators I can build in

@chvancooten

Cas van Cooten

2 years

That was fast lol. Thanks y'all 🥰 Will drop Nimplant on 14 February 2023, my valentine's gift for this dope community 💘

3

5

66

4

7

61

@chvancooten

Cas van Cooten

2 years

Touchdown in Vegas! If you're around hit me up and let's grab a drink in the next few days 😁 First order of business is to sleep off the jetlag tho 😴

Tweet media one

4

0

60

@chvancooten

Cas van Cooten

3 years

And that's a wrap for the #OSEP exam! I have to say, the exam lab environment was a lot of fun to work through. Shame I didn't get to exploit all the exploitation paths, but still had a blast getting the 'secret.txt' objective. Fingers crossed for the result!

Tweet media one

6

0

60

@chvancooten

Cas van Cooten

3 years

So taking hacking exams with a slight fever (thanks Pfizer...) turns out not to be the best idea, but I made it! All four flags for the @zeropointsecltd CRTO certification exam submitted 😄 Very fun course and exam, especially the last flag was worth it. Blog post soon™!

Tweet media one

5

3

59

@chvancooten

Cas van Cooten

8 months

This is awesome, now AI can do your frontend work for you 🤩 I predict a significant increase in sleek-looking hacker tools 😂

Tweet media one

4

1

58

@chvancooten

Cas van Cooten

1 year

HmmmMMMM a new, statically typed, compiled, Python-based programming language with low level functionality and native cpython support? Are you thinking what I'm thinking? 😏 It also has emoji file extensions lol 🔥🔥🔥

Tweet card media

Mojo 🔥: Programming language for all of AI

Mojo combines the usability of Python with the performance of C, unlocking unparalleled programmability of AI hardware and extensibility of AI models.

www.modular.com

3

6

57

@chvancooten

Cas van Cooten

3 years

Just submitted my first ever conference CFP proposal, working title "BYOT: Build Your Own Tools for fun and profit". Fingers crossed! 🤞

3

3

56

@chvancooten

Cas van Cooten

2 years

Super cool to see your name pop up in an @ippsec video (2nd time 😎😎). Didn't think the follina poc would still be useful for something 😁

Tweet media one

0

0

57

@chvancooten

Cas van Cooten

1 year

Just merged NimPlant v1.1! Some pretty cool changes as well as some smaller tweaks and bug fixes. Thanks for the issue reports and PRs so far!

Tweet media one

2

13

55

@chvancooten

Cas van Cooten

3 years

👀

Tweet media one

2

1

56

@chvancooten

Cas van Cooten

5 months

For those that are dabbling in Rust 🦀 like myself: make sure to change your IDE's linter from 'cargo check' to 'clippy'. It's much more performant and will help you write better, faster, and more idiomatic code. A great way to learn!🔥

Tweet media one

4

6

56