1. Linphone SIP Protocol Stack:
Crashing SIP Clients With a Single Slash
https://claroty.com/2021/08/31/blog-research-crashing-sip-clients-with-a-single-slash
2. MacOS Security & Privilege Escalation
https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Crashing SIP Clients With a Single Slash
https://claroty.com/2021/08/31/blog-research-crashing-sip-clients-with-a-single-slash
2. MacOS Security & Privilege Escalation
https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
1. Multiple vulnerabilities in EMC VNX NAS 8.1.9-232
+ Security Advisory
https://www.errno.fr/VNX_advisory
2. Anatomy and Disruption of Metasploit Shellcode
https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shellcode
#Blue_Team_Techniques
#BlueRedTeam
@BlueRedTeam
+ Security Advisory
https://www.errno.fr/VNX_advisory
2. Anatomy and Disruption of Metasploit Shellcode
https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shellcode
#Blue_Team_Techniques
#BlueRedTeam
@BlueRedTeam
1. JDBC Connection URL Attack
https://su18.org/post/jdbc-connection-url-attack
2. IP-Board Stored XSS to RCE Chain
https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain
3. Attacking Google Chrome's Strict Site Isolation via Speculative Execution and Type Confusion
https://www.spookjs.com
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://su18.org/post/jdbc-connection-url-attack
2. IP-Board Stored XSS to RCE Chain
https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain
3. Attacking Google Chrome's Strict Site Isolation via Speculative Execution and Type Confusion
https://www.spookjs.com
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
su18.org
JDBC Connection URL Attack | 素十八
你救赎的人 终将成为你的光
macOS XPC Exploitation - Sandbox Share case study
https://www.synacktiv.com/en/publications/macos-xpc-exploitation-sandbox-share-case-study.html
]-> Exploit code:
https://github.com/synacktiv/CTF-Write-ups/blob/main/Alles-CTF-2021/pwn/sandbox_share.md
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://www.synacktiv.com/en/publications/macos-xpc-exploitation-sandbox-share-case-study.html
]-> Exploit code:
https://github.com/synacktiv/CTF-Write-ups/blob/main/Alles-CTF-2021/pwn/sandbox_share.md
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Play the music and bypass TCC aka CVE-2020-29621 (PoC)
https://wojciechregula.blog/post/play-the-music-and-bypass-tcc-aka-cve-2020-29621
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://wojciechregula.blog/post/play-the-music-and-bypass-tcc-aka-cve-2020-29621
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
1. Bypassing GCP Org Policy with Custom Metadata
https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html
2. Deanonymizing LinkedIn Users
https://blog.h3xstream.com/2021/04/deanonymizing-linkedin-users.html
// Privacy issues with some of LinkedIn’s external APIs
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html
2. Deanonymizing LinkedIn Users
https://blog.h3xstream.com/2021/04/deanonymizing-linkedin-users.html
// Privacy issues with some of LinkedIn’s external APIs
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
H3Xstream
h3xStream's blog: Deanonymizing LinkedIn Users
In this blog post, we will look at the privacy issues with some of LinkedIn’s external APIs. We will demonstrate how it is p...
Fast Identification of Vulnerable Web Technologies
https://github.com/RossGeerlings/webstor#supported-platforms
#Blue_Team_Techniques
#BlueTeam
@BlueRedTeam
https://github.com/RossGeerlings/webstor#supported-platforms
#Blue_Team_Techniques
#BlueTeam
@BlueRedTeam
Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444
https://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a
#Blue_Team_Techniques
#Blue_Team
@BlueRedTeam
https://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a
#Blue_Team_Techniques
#Blue_Team
@BlueRedTeam
1. Kerberoast with ACL abuse capabilities
https://github.com/ShutdownRepo/targetedKerberoast
2. A collection of Windows print spooler exploits containerized with other utilities for practical exploitation
https://github.com/BeetleChunks/SpoolSploit#create-and-access-the-spoolsploit-docker-container
#Red_Team
@BlueRedTeam
https://github.com/ShutdownRepo/targetedKerberoast
2. A collection of Windows print spooler exploits containerized with other utilities for practical exploitation
https://github.com/BeetleChunks/SpoolSploit#create-and-access-the-spoolsploit-docker-container
#Red_Team
@BlueRedTeam
GitHub
GitHub - ShutdownRepo/targetedKerberoast: Kerberoast with ACL abuse capabilities
Kerberoast with ACL abuse capabilities. Contribute to ShutdownRepo/targetedKerberoast development by creating an account on GitHub.
Exploit Development:
Leveraging Page Table Entries for Windows Kernel Exploitation
https://connormcgarr.github.io/pte-overwrites
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Leveraging Page Table Entries for Windows Kernel Exploitation
https://connormcgarr.github.io/pte-overwrites
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Connor McGarr’s Blog
Exploit Development: Leveraging Page Table Entries for Windows Kernel Exploitation
Exploiting page table entries through arbitrary read/write primitives to circumvent SMEP, no-execute (NX) in the kernel, and page table randomization.
CVE-2021-40539:
Zoho ManageEngine ADSelfService Plus <=6113 is vulnerable to REST API authentication bypass with resultant RCE (Patch + PoC)
https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
#exploit
@BlueRedTeam
Zoho ManageEngine ADSelfService Plus <=6113 is vulnerable to REST API authentication bypass with resultant RCE (Patch + PoC)
https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
#exploit
@BlueRedTeam
AttackerKB
CVE-2021-40539 | AttackerKB
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution
1. Active Directory Penetration Testing Cheatsheet
Part 1: https://infosecwriteups.com/active-directory-penetration-testing-cheatsheet-5f45aa5b44ff
Part 2: https://infosecwriteups.com/active-directory-cheatsheet-part-2-b18e9aa2e73a
2. Bypass Server Upload Restrictions
https://infosecwriteups.com/bypass-server-upload-restrictions-69054c5e1be4
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Part 1: https://infosecwriteups.com/active-directory-penetration-testing-cheatsheet-5f45aa5b44ff
Part 2: https://infosecwriteups.com/active-directory-cheatsheet-part-2-b18e9aa2e73a
2. Bypass Server Upload Restrictions
https://infosecwriteups.com/bypass-server-upload-restrictions-69054c5e1be4
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Tool to help on web application firewall bypasses
https://github.com/RedSection/pFuzz
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/RedSection/pFuzz
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - RedSection/pFuzz: pFuzz helps us to bypass web application firewall by using different methods at the same time.
pFuzz helps us to bypass web application firewall by using different methods at the same time. - RedSection/pFuzz
1. NinjaC2 V2.1:
New webshell agent, more features and updated AV bypass
https://github.com/ahmedkhlief/Ninja
2. CVE-2021-33193:
Request splitting via HTTP/2 method injection and mod_proxy
https://github.com/CHYbeta/OddProxyDemo/tree/master/mod_proxy/demo1
3. Ultimate Phish Tool
https://github.com/gasayminajj/robophish
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
New webshell agent, more features and updated AV bypass
https://github.com/ahmedkhlief/Ninja
2. CVE-2021-33193:
Request splitting via HTTP/2 method injection and mod_proxy
https://github.com/CHYbeta/OddProxyDemo/tree/master/mod_proxy/demo1
3. Ultimate Phish Tool
https://github.com/gasayminajj/robophish
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - ahmedkhlief/Ninja: Open source C2 server created for stealth red team operations
Open source C2 server created for stealth red team operations - ahmedkhlief/Ninja
👍1
Red Team Attack Lab for TTP testing & research
https://github.com/Marshall-Hallenbeck/red_team_attack_lab
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Marshall-Hallenbeck/red_team_attack_lab
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - Marshall-Hallenbeck/red_team_attack_lab: Red Team Attack Lab for TTP testing & research
Red Team Attack Lab for TTP testing & research. Contribute to Marshall-Hallenbeck/red_team_attack_lab development by creating an account on GitHub.
1. XSS payloads for bypassing WAF
https://github.com/Walidhossain010/WAF-bypass-xss-payloads
2. Resetting Expired Passwords Remotely
https://www.n00py.io/2021/09/resetting-expired-passwords-remotely
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Walidhossain010/WAF-bypass-xss-payloads
2. Resetting Expired Passwords Remotely
https://www.n00py.io/2021/09/resetting-expired-passwords-remotely
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
1. Detecting and Hunting for the PetitPotam NTLM Relay Attack
https://research.nccgroup.com/2021/09/23/detecting-and-hunting-for-the-petitpotam-ntlm-relay-attack
2. Using CodeQL to detect client-side vulnerabilities in web applications
https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://research.nccgroup.com/2021/09/23/detecting-and-hunting-for-the-petitpotam-ntlm-relay-attack
2. Using CodeQL to detect client-side vulnerabilities in web applications
https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
👍1
A PoC tool utilizing open DNS resolvers to produce an amplification attack against web servers
https://github.com/Kleptocratic/DNS-Fender
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Kleptocratic/DNS-Fender
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - RoseSecurity/DNS-Fender: A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against…
A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web ...