1. Bypassing GCP Org Policy with Custom Metadata
https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html
2. Deanonymizing LinkedIn Users
https://blog.h3xstream.com/2021/04/deanonymizing-linkedin-users.html
// Privacy issues with some of LinkedIn’s external APIs
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html
2. Deanonymizing LinkedIn Users
https://blog.h3xstream.com/2021/04/deanonymizing-linkedin-users.html
// Privacy issues with some of LinkedIn’s external APIs
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
H3Xstream
h3xStream's blog: Deanonymizing LinkedIn Users
In this blog post, we will look at the privacy issues with some of LinkedIn’s external APIs. We will demonstrate how it is p...
Fast Identification of Vulnerable Web Technologies
https://github.com/RossGeerlings/webstor#supported-platforms
#Blue_Team_Techniques
#BlueTeam
@BlueRedTeam
https://github.com/RossGeerlings/webstor#supported-platforms
#Blue_Team_Techniques
#BlueTeam
@BlueRedTeam
Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444
https://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a
#Blue_Team_Techniques
#Blue_Team
@BlueRedTeam
https://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a
#Blue_Team_Techniques
#Blue_Team
@BlueRedTeam
1. Kerberoast with ACL abuse capabilities
https://github.com/ShutdownRepo/targetedKerberoast
2. A collection of Windows print spooler exploits containerized with other utilities for practical exploitation
https://github.com/BeetleChunks/SpoolSploit#create-and-access-the-spoolsploit-docker-container
#Red_Team
@BlueRedTeam
https://github.com/ShutdownRepo/targetedKerberoast
2. A collection of Windows print spooler exploits containerized with other utilities for practical exploitation
https://github.com/BeetleChunks/SpoolSploit#create-and-access-the-spoolsploit-docker-container
#Red_Team
@BlueRedTeam
GitHub
GitHub - ShutdownRepo/targetedKerberoast: Kerberoast with ACL abuse capabilities
Kerberoast with ACL abuse capabilities. Contribute to ShutdownRepo/targetedKerberoast development by creating an account on GitHub.
Exploit Development:
Leveraging Page Table Entries for Windows Kernel Exploitation
https://connormcgarr.github.io/pte-overwrites
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Leveraging Page Table Entries for Windows Kernel Exploitation
https://connormcgarr.github.io/pte-overwrites
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Connor McGarr’s Blog
Exploit Development: Leveraging Page Table Entries for Windows Kernel Exploitation
Exploiting page table entries through arbitrary read/write primitives to circumvent SMEP, no-execute (NX) in the kernel, and page table randomization.
CVE-2021-40539:
Zoho ManageEngine ADSelfService Plus <=6113 is vulnerable to REST API authentication bypass with resultant RCE (Patch + PoC)
https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
#exploit
@BlueRedTeam
Zoho ManageEngine ADSelfService Plus <=6113 is vulnerable to REST API authentication bypass with resultant RCE (Patch + PoC)
https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
#exploit
@BlueRedTeam
AttackerKB
CVE-2021-40539 | AttackerKB
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution
1. Active Directory Penetration Testing Cheatsheet
Part 1: https://infosecwriteups.com/active-directory-penetration-testing-cheatsheet-5f45aa5b44ff
Part 2: https://infosecwriteups.com/active-directory-cheatsheet-part-2-b18e9aa2e73a
2. Bypass Server Upload Restrictions
https://infosecwriteups.com/bypass-server-upload-restrictions-69054c5e1be4
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Part 1: https://infosecwriteups.com/active-directory-penetration-testing-cheatsheet-5f45aa5b44ff
Part 2: https://infosecwriteups.com/active-directory-cheatsheet-part-2-b18e9aa2e73a
2. Bypass Server Upload Restrictions
https://infosecwriteups.com/bypass-server-upload-restrictions-69054c5e1be4
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Tool to help on web application firewall bypasses
https://github.com/RedSection/pFuzz
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/RedSection/pFuzz
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - RedSection/pFuzz: pFuzz helps us to bypass web application firewall by using different methods at the same time.
pFuzz helps us to bypass web application firewall by using different methods at the same time. - RedSection/pFuzz
1. NinjaC2 V2.1:
New webshell agent, more features and updated AV bypass
https://github.com/ahmedkhlief/Ninja
2. CVE-2021-33193:
Request splitting via HTTP/2 method injection and mod_proxy
https://github.com/CHYbeta/OddProxyDemo/tree/master/mod_proxy/demo1
3. Ultimate Phish Tool
https://github.com/gasayminajj/robophish
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
New webshell agent, more features and updated AV bypass
https://github.com/ahmedkhlief/Ninja
2. CVE-2021-33193:
Request splitting via HTTP/2 method injection and mod_proxy
https://github.com/CHYbeta/OddProxyDemo/tree/master/mod_proxy/demo1
3. Ultimate Phish Tool
https://github.com/gasayminajj/robophish
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - ahmedkhlief/Ninja: Open source C2 server created for stealth red team operations
Open source C2 server created for stealth red team operations - ahmedkhlief/Ninja
👍1
Red Team Attack Lab for TTP testing & research
https://github.com/Marshall-Hallenbeck/red_team_attack_lab
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Marshall-Hallenbeck/red_team_attack_lab
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - Marshall-Hallenbeck/red_team_attack_lab: Red Team Attack Lab for TTP testing & research
Red Team Attack Lab for TTP testing & research. Contribute to Marshall-Hallenbeck/red_team_attack_lab development by creating an account on GitHub.
1. XSS payloads for bypassing WAF
https://github.com/Walidhossain010/WAF-bypass-xss-payloads
2. Resetting Expired Passwords Remotely
https://www.n00py.io/2021/09/resetting-expired-passwords-remotely
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Walidhossain010/WAF-bypass-xss-payloads
2. Resetting Expired Passwords Remotely
https://www.n00py.io/2021/09/resetting-expired-passwords-remotely
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
1. Detecting and Hunting for the PetitPotam NTLM Relay Attack
https://research.nccgroup.com/2021/09/23/detecting-and-hunting-for-the-petitpotam-ntlm-relay-attack
2. Using CodeQL to detect client-side vulnerabilities in web applications
https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://research.nccgroup.com/2021/09/23/detecting-and-hunting-for-the-petitpotam-ntlm-relay-attack
2. Using CodeQL to detect client-side vulnerabilities in web applications
https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
👍1
A PoC tool utilizing open DNS resolvers to produce an amplification attack against web servers
https://github.com/Kleptocratic/DNS-Fender
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Kleptocratic/DNS-Fender
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - RoseSecurity/DNS-Fender: A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against…
A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web ...
1. Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY \ SYSTEM
https://github.com/klezVirus/CandyPotato
2. Modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output MISP modules
https://github.com/hpthreatresearch/subcrawl#requirements
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/klezVirus/CandyPotato
2. Modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output MISP modules
https://github.com/hpthreatresearch/subcrawl#requirements
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - klezVirus/CandyPotato: Pure C++, weaponized, fully automated implementation of RottenPotatoNG
Pure C++, weaponized, fully automated implementation of RottenPotatoNG - klezVirus/CandyPotato
Windows Event Logging & Collection Guidance
https://github.com/JSCU-NL/logging-essentials
#BlueTeam_Technique
#BlueTeam
@BlueRedTeam
https://github.com/JSCU-NL/logging-essentials
#BlueTeam_Technique
#BlueTeam
@BlueRedTeam
GitHub
GitHub - JSCU-NL/logging-essentials: A Windows event logging and collection baseline focused on finding balance between forensic…
A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention. - JSCU-NL/logging-essentials
DongTai - interactive application security testing (IAST) product that supports the detection of OWASP WEB TOP-10 vulnerabilities, multi-request related vulnerabilities (including logic vulnerabilities, unauthorized access vulnerabilities, etc.), third-party component vulnerabilities
https://github.com/HXSecurity/DongTai
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://github.com/HXSecurity/DongTai
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - HXSecurity/DongTai: Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real…
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug...
Microsoft Automates Exchange Mitigations
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
TECHCOMMUNITY.MICROSOFT.COM
New security feature in September 2021 Cumulative Update for Exchange Server | Microsoft Community Hub
As part of our continued work to help you protect your Exchange Servers, in the September 2021 Cumulative Update CU we have added a new feature called the...
A complete PoC exploit for CVE-2021-22005
in VMware vCenter
https://securityaffairs.co/wordpress/122686/hacking/cve-2021-22005-exploit-vmware-vcenter.html?utm_source=feedly&utm_medium=rss&utm_campaign=cve-2021-22005-exploit-vmware-vcenter
#exploit
@BlueRedTeam
in VMware vCenter
https://securityaffairs.co/wordpress/122686/hacking/cve-2021-22005-exploit-vmware-vcenter.html?utm_source=feedly&utm_medium=rss&utm_campaign=cve-2021-22005-exploit-vmware-vcenter
#exploit
@BlueRedTeam
Security Affairs
A PoC exploit for CVE-2021-22005 in VMware vCenter available online
An exploit for the recently disclosed CVE-2021-22005 flaw in VMware vCenter was publicly released, threat actors are already using it.