#Red_Team_Tactics
1. Method of dumping LSASS by abusing the Windows Error Reporting service
https://github.com/deepinstinct/Lsass-Shtinkering
2. Bypass MS Graph API paging limitation and dump all user's objects using Graph API token (Illicit Grant Phishing Attack)
https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py
1. Method of dumping LSASS by abusing the Windows Error Reporting service
https://github.com/deepinstinct/Lsass-Shtinkering
2. Bypass MS Graph API paging limitation and dump all user's objects using Graph API token (Illicit Grant Phishing Attack)
https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py
GitHub
GitHub - deepinstinct/Lsass-Shtinkering
Contribute to deepinstinct/Lsass-Shtinkering development by creating an account on GitHub.
Sandboxing_V8.pdf
224.4 KB
#Offensive_security
"Sandboxing V8", Dec 2022.
]-> High-Level Design: https://docs.google.com/document/u/0/d/1FM4fQmIhEqPG8uGp5o9A-mnPB5BOeScZYpkHjo0KKA8/mobilebasic
]-> V8 Sandbox - External Pointer Sandboxing: https://docs.google.com/document/u/0/d/1V3sxltuFjjhp_6grGHgfqZNK57qfzGzme0QTk0IXDHk/mobilebasic
"Sandboxing V8", Dec 2022.
]-> High-Level Design: https://docs.google.com/document/u/0/d/1FM4fQmIhEqPG8uGp5o9A-mnPB5BOeScZYpkHjo0KKA8/mobilebasic
]-> V8 Sandbox - External Pointer Sandboxing: https://docs.google.com/document/u/0/d/1V3sxltuFjjhp_6grGHgfqZNK57qfzGzme0QTk0IXDHk/mobilebasic
#tools
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
GitHub
GitHub - kubeshark/kubeshark: eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts…
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard. - kubeshark/kubes...
#exploit
1. CVE-2022-46169:
Critical vulnerability affects Cacti network graphing solution
https://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution
2. Linux PrivEsc(2) - Scheduled Tasks (cron)
https://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152
3. CVE-2022-45313/45315:
Mikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315
1. CVE-2022-46169:
Critical vulnerability affects Cacti network graphing solution
https://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution
2. Linux PrivEsc(2) - Scheduled Tasks (cron)
https://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152
3. CVE-2022-45313/45315:
Mikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315
Daily CyberSecurity
CVE-2022-46169: Critical vulnerability affects Cacti network graphing solution
CVE-2022-46169 is a command injection vulnerability that allows unauthenticated attackers to execute arbitrary code on a server running Cacti
Stealthy_Location_Identification_Attack.pdf
1.2 MB
#Research
#5G_Network_Security
"A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks", 2021.
#5G_Network_Security
"A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks", 2021.
❤🔥1
#Malware_analysis
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
Synacktiv
PrideLocker - a new fork of Babuk ESX encryptor
#Threat_Research
1. Reveal Intrusion Campaign Targeting Telco and BPO Companies
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies
2. Moobot Uses a Fake Vulnerability (CVE-2022-28958)
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
1. Reveal Intrusion Campaign Targeting Telco and BPO Companies
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies
2. Moobot Uses a Fake Vulnerability (CVE-2022-28958)
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
CrowdStrike.com
Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
CrowdStrike Services analyzes a recent intrusion campaign targeting telecom and business process outsourcing companies and shares how to defend against this attack.
#Red_Team_Tactics
1. Red Team Notes 2.0
https://dmcxblue.gitbook.io/red-team-notes-2-0
2. Bypassing MFA with the Pass-the-Cookie Attack
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack
3. RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass
1. Red Team Notes 2.0
https://dmcxblue.gitbook.io/red-team-notes-2-0
2. Bypassing MFA with the Pass-the-Cookie Attack
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack
3. RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass
dmcxblue.gitbook.io
Introduction | Red Team Notes 2.0
#tools
#Offensive_security
GOAD (Game Of Active Directory)
Part 1 - 5:
Part 6 - ADCS
https://mayfly277.github.io/posts/GOADv2-pwning-part6
Part 7 - MSSQL
https://mayfly277.github.io/posts/GOADv2-pwning-part7
Part 8 - Privilege escalation
https://mayfly277.github.io/posts/GOADv2-pwning-part8
Part 9 - Lateral move
https://mayfly277.github.io/posts/GOADv2-pwning-part9
Part 10 - Delegations
https://mayfly277.github.io/posts/GOADv2-pwning-part10
Part 11 - ACL
https://mayfly277.github.io/posts/GOADv2-pwning-part11
]-> GOAD (ver. 2) Tool: https://mayfly277.github.io/posts/GOADv2
#Offensive_security
GOAD (Game Of Active Directory)
Part 1 - 5:
Part 6 - ADCS
https://mayfly277.github.io/posts/GOADv2-pwning-part6
Part 7 - MSSQL
https://mayfly277.github.io/posts/GOADv2-pwning-part7
Part 8 - Privilege escalation
https://mayfly277.github.io/posts/GOADv2-pwning-part8
Part 9 - Lateral move
https://mayfly277.github.io/posts/GOADv2-pwning-part9
Part 10 - Delegations
https://mayfly277.github.io/posts/GOADv2-pwning-part10
Part 11 - ACL
https://mayfly277.github.io/posts/GOADv2-pwning-part11
]-> GOAD (ver. 2) Tool: https://mayfly277.github.io/posts/GOADv2
Mayfly
GOAD - part 6 - ADCS
In the previous post (Goad pwning part5) we tried some attacks with a user account on the domain. On this part we will try attacks when an ADCS is setup in the domain. First we will use petitpotam unauthenticated and ESC8 attack to get domain admin on essos.local…
tesi.pdf
2.1 MB
#Research
"Reinforcement Learning-aided Dynamic Analysis of Evasive Malware" 2022.
"Reinforcement Learning-aided Dynamic Analysis of Evasive Malware" 2022.
#exploit
1. CVE-2022-2414:
XXE in pki-core
https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept
2. CVE-2022-41057:
Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
3. CVE-2022-44638:
Integer overflow in pixman_sample_floor_y leads to heap out-of-bounds write
https://bugs.chromium.org/p/project-zero/issues/detail?id=234
1. CVE-2022-2414:
XXE in pki-core
https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept
2. CVE-2022-41057:
Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
3. CVE-2022-44638:
Integer overflow in pixman_sample_floor_y leads to heap out-of-bounds write
https://bugs.chromium.org/p/project-zero/issues/detail?id=234
GitHub
GitHub - amitlttwo/CVE-2022-2414-Proof-Of-Concept: A flaw was found in pki-core. Access to external entities when parsing XML documents…
A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the co...
#Analytics
#Malware_analysis
1. Top 10 macOS Malware Discoveries in 2022
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022
2. Technical Analysis of DanaBot Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
#Malware_analysis
1. Top 10 macOS Malware Discoveries in 2022
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022
2. Technical Analysis of DanaBot Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
SentinelOne
Top 10 macOS Malware Discoveries in 2022
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.
To find XSS bugs in a website
You can follow these steps :👇
➡ Identify all the input fields on the website, such as text boxes, dropdown menus, and search boxes.
➡ Test each input field by entering different types of data, such as numbers, special characters, and long strings of text.
➡ Pay attention to how the website responds to your input. If the website echoes your input back to you in any way, such as in an error message or a search result, there may be a potential XSS vulnerability.
➡ If you suspect that a particular input field is vulnerable to XSS, try entering special characters, such as the "<" and ">" characters, to see if the website processes them in a way that could allow an attacker to inject malicious code.
➡ If you are able to successfully inject malicious code into the website, you have found an XSS vulnerability.
🌟 Keep in mind that finding XSS vulnerabilities requires a combination of technical skill and attention to detail.
• It is also important to test the website carefully and systematically, as some XSS vulnerabilities may be well-hidden and difficult to find.
• If you are unsure about how to proceed, you may want to seek help from an experienced security professional.
#bugbounty #bugbountytips #infosec #cybersecurity
You can follow these steps :👇
➡ Identify all the input fields on the website, such as text boxes, dropdown menus, and search boxes.
➡ Test each input field by entering different types of data, such as numbers, special characters, and long strings of text.
➡ Pay attention to how the website responds to your input. If the website echoes your input back to you in any way, such as in an error message or a search result, there may be a potential XSS vulnerability.
➡ If you suspect that a particular input field is vulnerable to XSS, try entering special characters, such as the "<" and ">" characters, to see if the website processes them in a way that could allow an attacker to inject malicious code.
➡ If you are able to successfully inject malicious code into the website, you have found an XSS vulnerability.
🌟 Keep in mind that finding XSS vulnerabilities requires a combination of technical skill and attention to detail.
• It is also important to test the website carefully and systematically, as some XSS vulnerabilities may be well-hidden and difficult to find.
• If you are unsure about how to proceed, you may want to seek help from an experienced security professional.
#bugbounty #bugbountytips #infosec #cybersecurity
👍2🥰1