Exploit Development:
Leveraging Page Table Entries for Windows Kernel Exploitation
https://connormcgarr.github.io/pte-overwrites
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Leveraging Page Table Entries for Windows Kernel Exploitation
https://connormcgarr.github.io/pte-overwrites
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Connor McGarr’s Blog
Exploit Development: Leveraging Page Table Entries for Windows Kernel Exploitation
Exploiting page table entries through arbitrary read/write primitives to circumvent SMEP, no-execute (NX) in the kernel, and page table randomization.
CVE-2021-40539:
Zoho ManageEngine ADSelfService Plus <=6113 is vulnerable to REST API authentication bypass with resultant RCE (Patch + PoC)
https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
#exploit
@BlueRedTeam
Zoho ManageEngine ADSelfService Plus <=6113 is vulnerable to REST API authentication bypass with resultant RCE (Patch + PoC)
https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
#exploit
@BlueRedTeam
AttackerKB
CVE-2021-40539 | AttackerKB
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution
1. Active Directory Penetration Testing Cheatsheet
Part 1: https://infosecwriteups.com/active-directory-penetration-testing-cheatsheet-5f45aa5b44ff
Part 2: https://infosecwriteups.com/active-directory-cheatsheet-part-2-b18e9aa2e73a
2. Bypass Server Upload Restrictions
https://infosecwriteups.com/bypass-server-upload-restrictions-69054c5e1be4
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Part 1: https://infosecwriteups.com/active-directory-penetration-testing-cheatsheet-5f45aa5b44ff
Part 2: https://infosecwriteups.com/active-directory-cheatsheet-part-2-b18e9aa2e73a
2. Bypass Server Upload Restrictions
https://infosecwriteups.com/bypass-server-upload-restrictions-69054c5e1be4
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Tool to help on web application firewall bypasses
https://github.com/RedSection/pFuzz
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/RedSection/pFuzz
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - RedSection/pFuzz: pFuzz helps us to bypass web application firewall by using different methods at the same time.
pFuzz helps us to bypass web application firewall by using different methods at the same time. - RedSection/pFuzz
1. NinjaC2 V2.1:
New webshell agent, more features and updated AV bypass
https://github.com/ahmedkhlief/Ninja
2. CVE-2021-33193:
Request splitting via HTTP/2 method injection and mod_proxy
https://github.com/CHYbeta/OddProxyDemo/tree/master/mod_proxy/demo1
3. Ultimate Phish Tool
https://github.com/gasayminajj/robophish
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
New webshell agent, more features and updated AV bypass
https://github.com/ahmedkhlief/Ninja
2. CVE-2021-33193:
Request splitting via HTTP/2 method injection and mod_proxy
https://github.com/CHYbeta/OddProxyDemo/tree/master/mod_proxy/demo1
3. Ultimate Phish Tool
https://github.com/gasayminajj/robophish
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - ahmedkhlief/Ninja: Open source C2 server created for stealth red team operations
Open source C2 server created for stealth red team operations - ahmedkhlief/Ninja
👍1
Red Team Attack Lab for TTP testing & research
https://github.com/Marshall-Hallenbeck/red_team_attack_lab
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Marshall-Hallenbeck/red_team_attack_lab
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - Marshall-Hallenbeck/red_team_attack_lab: Red Team Attack Lab for TTP testing & research
Red Team Attack Lab for TTP testing & research. Contribute to Marshall-Hallenbeck/red_team_attack_lab development by creating an account on GitHub.
1. XSS payloads for bypassing WAF
https://github.com/Walidhossain010/WAF-bypass-xss-payloads
2. Resetting Expired Passwords Remotely
https://www.n00py.io/2021/09/resetting-expired-passwords-remotely
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Walidhossain010/WAF-bypass-xss-payloads
2. Resetting Expired Passwords Remotely
https://www.n00py.io/2021/09/resetting-expired-passwords-remotely
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
1. Detecting and Hunting for the PetitPotam NTLM Relay Attack
https://research.nccgroup.com/2021/09/23/detecting-and-hunting-for-the-petitpotam-ntlm-relay-attack
2. Using CodeQL to detect client-side vulnerabilities in web applications
https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://research.nccgroup.com/2021/09/23/detecting-and-hunting-for-the-petitpotam-ntlm-relay-attack
2. Using CodeQL to detect client-side vulnerabilities in web applications
https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
👍1
A PoC tool utilizing open DNS resolvers to produce an amplification attack against web servers
https://github.com/Kleptocratic/DNS-Fender
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/Kleptocratic/DNS-Fender
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - RoseSecurity/DNS-Fender: A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against…
A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web ...
1. Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY \ SYSTEM
https://github.com/klezVirus/CandyPotato
2. Modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output MISP modules
https://github.com/hpthreatresearch/subcrawl#requirements
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/klezVirus/CandyPotato
2. Modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output MISP modules
https://github.com/hpthreatresearch/subcrawl#requirements
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - klezVirus/CandyPotato: Pure C++, weaponized, fully automated implementation of RottenPotatoNG
Pure C++, weaponized, fully automated implementation of RottenPotatoNG - klezVirus/CandyPotato
Windows Event Logging & Collection Guidance
https://github.com/JSCU-NL/logging-essentials
#BlueTeam_Technique
#BlueTeam
@BlueRedTeam
https://github.com/JSCU-NL/logging-essentials
#BlueTeam_Technique
#BlueTeam
@BlueRedTeam
GitHub
GitHub - JSCU-NL/logging-essentials: A Windows event logging and collection baseline focused on finding balance between forensic…
A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention. - JSCU-NL/logging-essentials
DongTai - interactive application security testing (IAST) product that supports the detection of OWASP WEB TOP-10 vulnerabilities, multi-request related vulnerabilities (including logic vulnerabilities, unauthorized access vulnerabilities, etc.), third-party component vulnerabilities
https://github.com/HXSecurity/DongTai
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://github.com/HXSecurity/DongTai
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - HXSecurity/DongTai: Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real…
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug...
Microsoft Automates Exchange Mitigations
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
TECHCOMMUNITY.MICROSOFT.COM
New security feature in September 2021 Cumulative Update for Exchange Server | Microsoft Community Hub
As part of our continued work to help you protect your Exchange Servers, in the September 2021 Cumulative Update CU we have added a new feature called the...
A complete PoC exploit for CVE-2021-22005
in VMware vCenter
https://securityaffairs.co/wordpress/122686/hacking/cve-2021-22005-exploit-vmware-vcenter.html?utm_source=feedly&utm_medium=rss&utm_campaign=cve-2021-22005-exploit-vmware-vcenter
#exploit
@BlueRedTeam
in VMware vCenter
https://securityaffairs.co/wordpress/122686/hacking/cve-2021-22005-exploit-vmware-vcenter.html?utm_source=feedly&utm_medium=rss&utm_campaign=cve-2021-22005-exploit-vmware-vcenter
#exploit
@BlueRedTeam
Security Affairs
A PoC exploit for CVE-2021-22005 in VMware vCenter available online
An exploit for the recently disclosed CVE-2021-22005 flaw in VMware vCenter was publicly released, threat actors are already using it.
1. XSS to RCE:
Covert Target Websites into Payload Landing Pages
https://whynotsecurity.com/blog/xss-to-rce
2. Redirecting (specific) TCP, UDP and ICMP traffic to another destination
https://github.com/jellever/StreamDivert
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Covert Target Websites into Payload Landing Pages
https://whynotsecurity.com/blog/xss-to-rce
2. Redirecting (specific) TCP, UDP and ICMP traffic to another destination
https://github.com/jellever/StreamDivert
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
WhyNotSecurity
XSS to RCE
XSS to RCE: Covert Target Websites into Payload Landing Pages
Red Teaming and Social-Engineering related scripts, tools and CheatSheets
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming
#RedTeam_Tactics
#RedTeam
#social_engineering
@BlueRedTeam
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming
#RedTeam_Tactics
#RedTeam
#social_engineering
@BlueRedTeam
GitHub
Penetration-Testing-Tools/red-teaming at master · mgeeky/Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes. - mgeeky/Penetration-Testing-Tools
Collection of Event ID ressources useful for Digital Forensics and Incident Response
https://github.com/stuhli/awesome-event-ids
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://github.com/stuhli/awesome-event-ids
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - stuhli/awesome-event-ids: Collection of Event ID ressources useful for Digital Forensics and Incident Response
Collection of Event ID ressources useful for Digital Forensics and Incident Response - stuhli/awesome-event-ids
1. Determine if the WebClient Service (WebDAV) is running on a remote system
https://github.com/xforcered/GetWebDAVStatus
2. Invoke-DLLClone - Koppeling x Metatwin x LazySign
https://redteamer.tips/appdata-is-a-mistake-introducing-invoke-dllclone
]-> https://github.com/jfmaes/Invoke-DLLClone
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/xforcered/GetWebDAVStatus
2. Invoke-DLLClone - Koppeling x Metatwin x LazySign
https://redteamer.tips/appdata-is-a-mistake-introducing-invoke-dllclone
]-> https://github.com/jfmaes/Invoke-DLLClone
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - xforcered/GetWebDAVStatus: Determine if the WebClient Service (WebDAV) is running on a remote system
Determine if the WebClient Service (WebDAV) is running on a remote system - xforcered/GetWebDAVStatus
1. Lightweight UNIX backdoor for ethical hacking
https://github.com/phath0m/JadedWraith
2. Patch for Waterfall to improve performance and fix memory issues
https://github.com/2lstudios-mc/FlameCord
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/phath0m/JadedWraith
2. Patch for Waterfall to improve performance and fix memory issues
https://github.com/2lstudios-mc/FlameCord
#RedTeam_Tactics
#RedTeam
@BlueRedTeam