#Red_Team_Tactics
1. Method of dumping LSASS by abusing the Windows Error Reporting service
https://github.com/deepinstinct/Lsass-Shtinkering
2. Bypass MS Graph API paging limitation and dump all user's objects using Graph API token (Illicit Grant Phishing Attack)
https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py
1. Method of dumping LSASS by abusing the Windows Error Reporting service
https://github.com/deepinstinct/Lsass-Shtinkering
2. Bypass MS Graph API paging limitation and dump all user's objects using Graph API token (Illicit Grant Phishing Attack)
https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py
GitHub
GitHub - deepinstinct/Lsass-Shtinkering
Contribute to deepinstinct/Lsass-Shtinkering development by creating an account on GitHub.
Sandboxing_V8.pdf
224.4 KB
#Offensive_security
"Sandboxing V8", Dec 2022.
]-> High-Level Design: https://docs.google.com/document/u/0/d/1FM4fQmIhEqPG8uGp5o9A-mnPB5BOeScZYpkHjo0KKA8/mobilebasic
]-> V8 Sandbox - External Pointer Sandboxing: https://docs.google.com/document/u/0/d/1V3sxltuFjjhp_6grGHgfqZNK57qfzGzme0QTk0IXDHk/mobilebasic
"Sandboxing V8", Dec 2022.
]-> High-Level Design: https://docs.google.com/document/u/0/d/1FM4fQmIhEqPG8uGp5o9A-mnPB5BOeScZYpkHjo0KKA8/mobilebasic
]-> V8 Sandbox - External Pointer Sandboxing: https://docs.google.com/document/u/0/d/1V3sxltuFjjhp_6grGHgfqZNK57qfzGzme0QTk0IXDHk/mobilebasic
#tools
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
GitHub
GitHub - kubeshark/kubeshark: eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts…
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard. - kubeshark/kubes...
#exploit
1. CVE-2022-46169:
Critical vulnerability affects Cacti network graphing solution
https://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution
2. Linux PrivEsc(2) - Scheduled Tasks (cron)
https://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152
3. CVE-2022-45313/45315:
Mikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315
1. CVE-2022-46169:
Critical vulnerability affects Cacti network graphing solution
https://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution
2. Linux PrivEsc(2) - Scheduled Tasks (cron)
https://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152
3. CVE-2022-45313/45315:
Mikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315
Daily CyberSecurity
CVE-2022-46169: Critical vulnerability affects Cacti network graphing solution
CVE-2022-46169 is a command injection vulnerability that allows unauthenticated attackers to execute arbitrary code on a server running Cacti
Stealthy_Location_Identification_Attack.pdf
1.2 MB
#Research
#5G_Network_Security
"A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks", 2021.
#5G_Network_Security
"A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks", 2021.
❤🔥1
#Malware_analysis
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
Synacktiv
PrideLocker - a new fork of Babuk ESX encryptor
#Threat_Research
1. Reveal Intrusion Campaign Targeting Telco and BPO Companies
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies
2. Moobot Uses a Fake Vulnerability (CVE-2022-28958)
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
1. Reveal Intrusion Campaign Targeting Telco and BPO Companies
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies
2. Moobot Uses a Fake Vulnerability (CVE-2022-28958)
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
CrowdStrike.com
Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
CrowdStrike Services analyzes a recent intrusion campaign targeting telecom and business process outsourcing companies and shares how to defend against this attack.
#Red_Team_Tactics
1. Red Team Notes 2.0
https://dmcxblue.gitbook.io/red-team-notes-2-0
2. Bypassing MFA with the Pass-the-Cookie Attack
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack
3. RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass
1. Red Team Notes 2.0
https://dmcxblue.gitbook.io/red-team-notes-2-0
2. Bypassing MFA with the Pass-the-Cookie Attack
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack
3. RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass
dmcxblue.gitbook.io
Introduction | Red Team Notes 2.0
#tools
#Offensive_security
GOAD (Game Of Active Directory)
Part 1 - 5:
Part 6 - ADCS
https://mayfly277.github.io/posts/GOADv2-pwning-part6
Part 7 - MSSQL
https://mayfly277.github.io/posts/GOADv2-pwning-part7
Part 8 - Privilege escalation
https://mayfly277.github.io/posts/GOADv2-pwning-part8
Part 9 - Lateral move
https://mayfly277.github.io/posts/GOADv2-pwning-part9
Part 10 - Delegations
https://mayfly277.github.io/posts/GOADv2-pwning-part10
Part 11 - ACL
https://mayfly277.github.io/posts/GOADv2-pwning-part11
]-> GOAD (ver. 2) Tool: https://mayfly277.github.io/posts/GOADv2
#Offensive_security
GOAD (Game Of Active Directory)
Part 1 - 5:
Part 6 - ADCS
https://mayfly277.github.io/posts/GOADv2-pwning-part6
Part 7 - MSSQL
https://mayfly277.github.io/posts/GOADv2-pwning-part7
Part 8 - Privilege escalation
https://mayfly277.github.io/posts/GOADv2-pwning-part8
Part 9 - Lateral move
https://mayfly277.github.io/posts/GOADv2-pwning-part9
Part 10 - Delegations
https://mayfly277.github.io/posts/GOADv2-pwning-part10
Part 11 - ACL
https://mayfly277.github.io/posts/GOADv2-pwning-part11
]-> GOAD (ver. 2) Tool: https://mayfly277.github.io/posts/GOADv2
Mayfly
GOAD - part 6 - ADCS
In the previous post (Goad pwning part5) we tried some attacks with a user account on the domain. On this part we will try attacks when an ADCS is setup in the domain. First we will use petitpotam unauthenticated and ESC8 attack to get domain admin on essos.local…
tesi.pdf
2.1 MB
#Research
"Reinforcement Learning-aided Dynamic Analysis of Evasive Malware" 2022.
"Reinforcement Learning-aided Dynamic Analysis of Evasive Malware" 2022.
#exploit
1. CVE-2022-2414:
XXE in pki-core
https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept
2. CVE-2022-41057:
Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
3. CVE-2022-44638:
Integer overflow in pixman_sample_floor_y leads to heap out-of-bounds write
https://bugs.chromium.org/p/project-zero/issues/detail?id=234
1. CVE-2022-2414:
XXE in pki-core
https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept
2. CVE-2022-41057:
Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
3. CVE-2022-44638:
Integer overflow in pixman_sample_floor_y leads to heap out-of-bounds write
https://bugs.chromium.org/p/project-zero/issues/detail?id=234
GitHub
GitHub - amitlttwo/CVE-2022-2414-Proof-Of-Concept: A flaw was found in pki-core. Access to external entities when parsing XML documents…
A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the co...