Red Teaming and Social-Engineering related scripts, tools and CheatSheets
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming
#RedTeam_Tactics
#RedTeam
#social_engineering
@BlueRedTeam
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming
#RedTeam_Tactics
#RedTeam
#social_engineering
@BlueRedTeam
GitHub
Penetration-Testing-Tools/red-teaming at master · mgeeky/Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes. - mgeeky/Penetration-Testing-Tools
Collection of Event ID ressources useful for Digital Forensics and Incident Response
https://github.com/stuhli/awesome-event-ids
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://github.com/stuhli/awesome-event-ids
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - stuhli/awesome-event-ids: Collection of Event ID ressources useful for Digital Forensics and Incident Response
Collection of Event ID ressources useful for Digital Forensics and Incident Response - stuhli/awesome-event-ids
1. Determine if the WebClient Service (WebDAV) is running on a remote system
https://github.com/xforcered/GetWebDAVStatus
2. Invoke-DLLClone - Koppeling x Metatwin x LazySign
https://redteamer.tips/appdata-is-a-mistake-introducing-invoke-dllclone
]-> https://github.com/jfmaes/Invoke-DLLClone
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/xforcered/GetWebDAVStatus
2. Invoke-DLLClone - Koppeling x Metatwin x LazySign
https://redteamer.tips/appdata-is-a-mistake-introducing-invoke-dllclone
]-> https://github.com/jfmaes/Invoke-DLLClone
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
GitHub
GitHub - xforcered/GetWebDAVStatus: Determine if the WebClient Service (WebDAV) is running on a remote system
Determine if the WebClient Service (WebDAV) is running on a remote system - xforcered/GetWebDAVStatus
1. Lightweight UNIX backdoor for ethical hacking
https://github.com/phath0m/JadedWraith
2. Patch for Waterfall to improve performance and fix memory issues
https://github.com/2lstudios-mc/FlameCord
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://github.com/phath0m/JadedWraith
2. Patch for Waterfall to improve performance and fix memory issues
https://github.com/2lstudios-mc/FlameCord
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Into the art of Binary Exploitation 0x00002
(Sorcery of ROP)
https://7h3h4ckv157.medium.com/into-the-art-of-binary-exploitation-0x000002-sorcery-of-rop-b4658238ee62
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
(Sorcery of ROP)
https://7h3h4ckv157.medium.com/into-the-art-of-binary-exploitation-0x000002-sorcery-of-rop-b4658238ee62
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Medium
Into the art of Binary Exploitation 0x000002 [Sorcery of ROP]
Hey Hackers, ✋✋
Tool to discover external/internal network attack surface
https://github.com/vmware-labs/attack-surface-framework
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://github.com/vmware-labs/attack-surface-framework
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - vmware-labs/attack-surface-framework: Tool to discover external and internal network attack surface
Tool to discover external and internal network attack surface - vmware-labs/attack-surface-framework
PowerShell Red Team Enum.
Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If you want the entire module perform the following actions after downloading the RedTeamEnum directory and contents to your device.
https://github.com/tobor88/PowerShell-Red-Team
#PowerShell #RedTeam
@BlueRedTeam
Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If you want the entire module perform the following actions after downloading the RedTeamEnum directory and contents to your device.
https://github.com/tobor88/PowerShell-Red-Team
#PowerShell #RedTeam
@BlueRedTeam
GitHub
GitHub - tobor88/PowerShell-Red-Team: Collection of PowerShell functions a Red Teamer may use in an engagement
Collection of PowerShell functions a Red Teamer may use in an engagement - tobor88/PowerShell-Red-Team
Incident Response collection and processing scripts
with automated reporting scripts
https://github.com/FSecureLABS/LinuxCatScale
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
with automated reporting scripts
https://github.com/FSecureLABS/LinuxCatScale
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - WithSecureLabs/LinuxCatScale: Incident Response collection and processing scripts with automated reporting scripts
Incident Response collection and processing scripts with automated reporting scripts - WithSecureLabs/LinuxCatScale
1. CVE-2021-34486:
Windows 20H2 x64 Etw LPE
https://github.com/KaLendsi/CVE-2021-34486
2. CVE-2021-26085 / CVE-2021-26086:
Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability / Atlassian Jira Server/DataCenter 8.4.0 - Arbitrary File read
https://github.com/ColdFusionX/CVE-2021-26085
https://github.com/ColdFusionX/CVE-2021-26086
#exploit
@BlueRedTeam
Windows 20H2 x64 Etw LPE
https://github.com/KaLendsi/CVE-2021-34486
2. CVE-2021-26085 / CVE-2021-26086:
Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability / Atlassian Jira Server/DataCenter 8.4.0 - Arbitrary File read
https://github.com/ColdFusionX/CVE-2021-26085
https://github.com/ColdFusionX/CVE-2021-26086
#exploit
@BlueRedTeam
GitHub
GitHub - KaLendsi/CVE-2021-34486: Windows Etw LPE
Windows Etw LPE. Contribute to KaLendsi/CVE-2021-34486 development by creating an account on GitHub.
1. Sysmon For Linux
https://github.com/Sysinternals/SysmonForLinux
]-> Automating the deployment of Sysmon for Linux/Azure Sentinel in a lab environment
https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
https://github.com/Sysinternals/SysmonForLinux
]-> Automating the deployment of Sysmon for Linux/Azure Sentinel in a lab environment
https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - microsoft/SysmonForLinux: Sysmon for Linux
Sysmon for Linux. Contribute to microsoft/SysmonForLinux development by creating an account on GitHub.
1. Compromising vCenter via SAML Certificates
https://www.horizon3.ai/compromising-vcenter-via-saml-certificates
]-> PoC: https://github.com/horizon3ai/vcenter_saml_login
2. Youtube as covert-channel -
C2 by uploading videos to Youtube
https://github.com/ricardojoserf/covert-tube
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://www.horizon3.ai/compromising-vcenter-via-saml-certificates
]-> PoC: https://github.com/horizon3ai/vcenter_saml_login
2. Youtube as covert-channel -
C2 by uploading videos to Youtube
https://github.com/ricardojoserf/covert-tube
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Horizon3.ai
Compromising vCenter via SAML Certificates
A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML)…
1. Open-source toolkit for large-scale network analysis
https://github.com/networkit/networkit
2. A Linux Auditd rule set mapped to MITRE's Attack Framework
https://github.com/bfuzzy/auditd-attack
#BlueTeam_Techniques
#BlueTeam
@BlueTeam
https://github.com/networkit/networkit
2. A Linux Auditd rule set mapped to MITRE's Attack Framework
https://github.com/bfuzzy/auditd-attack
#BlueTeam_Techniques
#BlueTeam
@BlueTeam
GitHub
GitHub - networkit/networkit: NetworKit is a growing open-source toolkit for large-scale network analysis.
NetworKit is a growing open-source toolkit for large-scale network analysis. - networkit/networkit
LDAP Monitor:
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration
https://github.com/p0dalirius/LDAPmonitor
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration
https://github.com/p0dalirius/LDAPmonitor
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - p0dalirius/LDAPmonitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! - p0dalirius/LDAPmonitor
A new lateral movement technique using DCOM and HTA
https://codewhitesec.blogspot.com/2018/07/lethalhta.html
2. Elevation of privileges via Resource Based Constrained Delegation
https://pentestlab.blog/2021/10/18/resource-based-constrained-delegation
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
https://codewhitesec.blogspot.com/2018/07/lethalhta.html
2. Elevation of privileges via Resource Based Constrained Delegation
https://pentestlab.blog/2021/10/18/resource-based-constrained-delegation
#RedTeam_Tactics
#RedTeam
@BlueRedTeam
Blogspot
CODE WHITE | Blog: LethalHTA - A new lateral movement technique using DCOM and HTA
The following blog post introduces a new lateral movement technique that combines the power of DCOM and HTA. The research on this t...
Web-based tool for the automation of infosec watching
and vulnerability management with a web interface
https://github.com/Guezone/SECMON
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
and vulnerability management with a web interface
https://github.com/Guezone/SECMON
#BlueTeam_Techniques
#BlueTeam
@BlueRedTeam
GitHub
GitHub - alb-uss/SECMON: SECMON is a web-based tool for the automation of infosec watching and vulnerability management with a…
SECMON is a web-based tool for the automation of infosec watching and vulnerability management with a web interface. - alb-uss/SECMON
1. Weaponizing a NFC reader for basic timing attacks
https://ceres-c.it/2021/10/24/weaponizing-NFC-reader
2. Advanced request smuggling
https://portswigger.net/web-security/request-smuggling/advanced
#RedTeam_Tactics
#RedTeam
@blueredteam
https://ceres-c.it/2021/10/24/weaponizing-NFC-reader
2. Advanced request smuggling
https://portswigger.net/web-security/request-smuggling/advanced
#RedTeam_Tactics
#RedTeam
@blueredteam
ceres-c
Weaponizing a NFC reader for basic timing attacks
Towards time accuracy with a python script
#RedTeam_Tactics
#RedTeam
Get shells with JET, the Jolokia Exploitation Toolkit
https://thinkloveshare.com/hacking/shells_with_jolokia_exploitation_toolkit
]-> jolokia-exploitation-toolkit:
https://github.com/laluka/jolokia-exploitation-toolkit
#RedTeam
Get shells with JET, the Jolokia Exploitation Toolkit
https://thinkloveshare.com/hacking/shells_with_jolokia_exploitation_toolkit
]-> jolokia-exploitation-toolkit:
https://github.com/laluka/jolokia-exploitation-toolkit
Thinkloveshare
Get shells with JET, the Jolokia Exploitation Toolkit
I spent too much time hacking on Jolokia, so here's an exploitation toolkit, it provides file read, write, rmi injection, information disclosure, and much more. Enjoy!
#Blue_Team_Techniques
#BlueTeam
1. MalAPI: maps Windows APIs to common techniques used by malware
https://malapi.io
2. How the SolarWinds Hack (almost) went Undetected
https://www.netresec.com/?page=Blog&month=2021-10&post=How-the-SolarWinds-Hack-almost-went-Undetected
@BlueRedTeam
#BlueTeam
1. MalAPI: maps Windows APIs to common techniques used by malware
https://malapi.io
2. How the SolarWinds Hack (almost) went Undetected
https://www.netresec.com/?page=Blog&month=2021-10&post=How-the-SolarWinds-Hack-almost-went-Undetected
@BlueRedTeam
Netresec
How the SolarWinds Hack (almost) went Undetected
My lightning talk from the SEC-T 0x0D conference has now been published on YouTube. This 13 minute talk covers tactics and techniques that the SolarWinds hackers used in order to avoid being detected. Some of these tactics included using DNS based command…