#Blue_Team_Techniques
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools
GitHub
GitHub - NetSPI/PowerHuntShares: PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges…
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains. - NetSPI/PowerHuntShares
#Threat_Research
Dynamic Analysis of Windows Exploit Mitigations - Import Address Filtering
https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Dynamic Analysis of Windows Exploit Mitigations - Import Address Filtering
https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Medium
Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering.
~My Research process
SkyPort.pdf
414.9 KB
#Research
"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches", 2022.
"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches", 2022.
A_Case_Study_Malware_Classification.pdf
1.5 MB
#Malware_analysis
"Fusing Feature Engineering and Deep Learning: A Case Study for Malware Classification", 2022.
]-> Repo: https://github.com/danielgibert/fusing_feature_engineering_and_deep_learning_a_case_study_for_malware_classification
"Fusing Feature Engineering and Deep Learning: A Case Study for Malware Classification", 2022.
]-> Repo: https://github.com/danielgibert/fusing_feature_engineering_and_deep_learning_a_case_study_for_malware_classification
LTrack.pdf
2.5 MB
#Research
"LTRACK: Stealthy Tracking of Mobile Phones in LTE", 2022.
"LTRACK: Stealthy Tracking of Mobile Phones in LTE", 2022.
⚜ List of Websites Giving free RDP/VPS ⚜
🌀 http://vpswala.org/
🌀 http://ohosti.com/vpshosting.php
🌀 https://gratisvps.net/
🌀 https://my.letscloud.io/sign-up/
🌀 https://developer.rackspace.com/
🌀 https://www.vultr.com/
🌀 https://www.ionos.com/
🌀 https://www.cloudsigma.com/
🌀 https://www.digitalocean.com/
🌀 http://ezywatch.com/freevps/
🌀 https://yellowcircle.net/
🌀 https://www.ctl.io/free-trial/
🌀 https://www.ihor.ru/
🌀 https://www.neuprime.com/l_vds3.php
🌀 https://www.skysilk.com/
🌀 https://sadd.io/
🌀 https://www.apponfly.com/en/
🌀 http://vpswala.org/
🌀 http://ohosti.com/vpshosting.php
🌀 https://gratisvps.net/
🌀 https://my.letscloud.io/sign-up/
🌀 https://developer.rackspace.com/
🌀 https://www.vultr.com/
🌀 https://www.ionos.com/
🌀 https://www.cloudsigma.com/
🌀 https://www.digitalocean.com/
🌀 http://ezywatch.com/freevps/
🌀 https://yellowcircle.net/
🌀 https://www.ctl.io/free-trial/
🌀 https://www.ihor.ru/
🌀 https://www.neuprime.com/l_vds3.php
🌀 https://www.skysilk.com/
🌀 https://sadd.io/
🌀 https://www.apponfly.com/en/
vpswala
Free VPS Server Hosting 24/7 | No Credit Card Required
Get 100% Free VPS Server Hosting with AMD EPYC processors, NVMe SSD storage, full root access on Windows & Linux. No credit card — deploy in 60 seconds.
Shennina Automating Host Exploitation with AI
https://github.com/mazen160/shennina
BOF-pack-1 A care package of useful bofs for red team engagments
https://github.com/jsecu/BOF-pack-1
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device
https://github.com/SpyGuard/SpyGuard
https://github.com/mazen160/shennina
BOF-pack-1 A care package of useful bofs for red team engagments
https://github.com/jsecu/BOF-pack-1
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device
https://github.com/SpyGuard/SpyGuard
GitHub
GitHub - mazen160/shennina: Automating Host Exploitation with AI
Automating Host Exploitation with AI. Contribute to mazen160/shennina development by creating an account on GitHub.
Titan: A generic user defined reflective DLL for Cobalt Strike
https://github.com/SecIdiot/titan
A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
https://github.com/capt-meelo/laZzzy
a small wiper malware programmed in c#
https://github.com/IntelBroker/Endurance-Wiper
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team
https://github.com/t3l3machus/Villain
Passively collect assets and automatically perform SQL injection detection (plug-in automatic Bypass), XSS detection, RCE detection, and sensitive information detection
https://github.com/ExpLangcn/EPScan
SharpUserIP: Extract the login log on the domain controller or remotely, and quickly obtain the IP address corresponding to the domain user
https://github.com/lele8/SharpUserIP
ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
https://github.com/RoseSecurity/ScrapPY
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing
https://github.com/securebinary/firebaseExploiter
https://github.com/SecIdiot/titan
A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
https://github.com/capt-meelo/laZzzy
a small wiper malware programmed in c#
https://github.com/IntelBroker/Endurance-Wiper
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team
https://github.com/t3l3machus/Villain
Passively collect assets and automatically perform SQL injection detection (plug-in automatic Bypass), XSS detection, RCE detection, and sensitive information detection
https://github.com/ExpLangcn/EPScan
SharpUserIP: Extract the login log on the domain controller or remotely, and quickly obtain the IP address corresponding to the domain user
https://github.com/lele8/SharpUserIP
ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
https://github.com/RoseSecurity/ScrapPY
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing
https://github.com/securebinary/firebaseExploiter
GitHub
GitHub - enkomio/BrokenFlow: A simple PoC to invoke an encrypted shellcode by using an hidden call
A simple PoC to invoke an encrypted shellcode by using an hidden call - enkomio/BrokenFlow
👍1
#exploit
1. CVE-2022-3328:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
https://seclists.org/oss-sec/2022/q4/164
2. CVE-2022-46146:
Authentication Bypass in Open-Source Prometheus Project
https://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project
3. CVE-2022-4116:
Quarkus Java framework RCE
https://joebeeton.github.io
]-> https://github.com/JoeBeeton/simple-request-attacks
1. CVE-2022-3328:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
https://seclists.org/oss-sec/2022/q4/164
2. CVE-2022-46146:
Authentication Bypass in Open-Source Prometheus Project
https://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project
3. CVE-2022-4116:
Quarkus Java framework RCE
https://joebeeton.github.io
]-> https://github.com/JoeBeeton/simple-request-attacks
seclists.org
oss-sec: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
#Threat_Research
Active C2 Discovery Using Protocol Emulation
Part 1 (HYDSEve, NetWire):
https://blogs.vmware.com/security/2019/11/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire.html
Part 2 (Winnti 4.0):
https://blogs.vmware.com/security/2020/02/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0.html
Part 3 (ShadowPad):
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
Part 4 (Dacls, aka MATA):
https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html
Active C2 Discovery Using Protocol Emulation
Part 1 (HYDSEve, NetWire):
https://blogs.vmware.com/security/2019/11/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire.html
Part 2 (Winnti 4.0):
https://blogs.vmware.com/security/2020/02/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0.html
Part 3 (ShadowPad):
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
Part 4 (Dacls, aka MATA):
https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html
VMware Security Blog
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)
Malware C2 addresses can be an important IOC to detect known threats. VMware Threat Analysis Unit (TAU) analyzed HYDSEVEN NetWire samples then implemented a scanner to discover active C2 servers on the Internet by emulating the customized C2 protocol.
#Offensive_security
1. Demystifying the "SVCHOST.EXE" Process and Its Command Line Options
https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
2. Tools and PoCs for Windows syscall investigation
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
1. Demystifying the "SVCHOST.EXE" Process and Its Command Line Options
https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
2. Tools and PoCs for Windows syscall investigation
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
Medium
Demystifying the “SVCHOST.EXE” Process and Its Command Line Options
Understanding the “svchost.exe” process and its command line options
#tools
#Hardware_Security
Dynamic analysis framework for CPU microcode
https://github.com/pietroborrello/CustomProcessingUnit
]-> Ghidra Processor Module to disassemble/decompile the x86 Intel Atom microcode:
https://github.com/pietroborrello/ghidra-atom-microcode
#Hardware_Security
Dynamic analysis framework for CPU microcode
https://github.com/pietroborrello/CustomProcessingUnit
]-> Ghidra Processor Module to disassemble/decompile the x86 Intel Atom microcode:
https://github.com/pietroborrello/ghidra-atom-microcode
GitHub
GitHub - pietroborrello/CustomProcessingUnit: The first analysis framework for CPU microcode
The first analysis framework for CPU microcode. Contribute to pietroborrello/CustomProcessingUnit development by creating an account on GitHub.
#Red_Team_Tactics
1. Stalking inside of your Chromium Browser
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
2. New PowerShell History Defense Evasion Technique
https://www.blackhillsinfosec.com/new-powershell-history-defense-evasion-technique
1. Stalking inside of your Chromium Browser
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
2. New PowerShell History Defense Evasion Technique
https://www.blackhillsinfosec.com/new-powershell-history-defense-evasion-technique
SpecterOps
Stalking inside of your Chromium Browser - SpecterOps
With chromium-based browsers being the new favorite, learn how to combine multiple commands supported by CDP to save time and increase efficiency in a red team engagement.
#exploit
1. Grafana RCE via SMTP server parameter injection
https://hackerone.com/reports/1200647
2. CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
3. CVE-2022-34669:
NVidia GPU Display Driver Vulnerablities
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
1. Grafana RCE via SMTP server parameter injection
https://hackerone.com/reports/1200647
2. CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
3. CVE-2022-34669:
NVidia GPU Display Driver Vulnerablities
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
HackerOne
Aiven Ltd disclosed on HackerOne: Grafana RCE via SMTP server...
## Summary:
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
#tools
#Fuzzing
Userefuzz - User-Agent, X-Forwarded-For and Referer SQLI Fuzzer
https://github.com/root-tanishq/userefuzz
#Fuzzing
Userefuzz - User-Agent, X-Forwarded-For and Referer SQLI Fuzzer
https://github.com/root-tanishq/userefuzz
GitHub
GitHub - root-tanishq/userefuzz: User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer - root-tanishq/userefuzz