PTorZillaPrint: Firefox & Tor Browser fingerprint testing. https://github.com/arkenfox/TZP
GitHub
GitHub - arkenfox/TZP
Contribute to arkenfox/TZP development by creating an account on GitHub.
#tools
#Blue_Team_Techniques
1. Detecting Fake Events in Azure Sign-in Logs
https://www.inversecos.com/2023/01/detecting-fake-events-in-azure-sign-in.html
2. Crassus - Windows privilege escalation discovery tool
https://github.com/vullabs/Crassus
#Blue_Team_Techniques
1. Detecting Fake Events in Azure Sign-in Logs
https://www.inversecos.com/2023/01/detecting-fake-events-in-azure-sign-in.html
2. Crassus - Windows privilege escalation discovery tool
https://github.com/vullabs/Crassus
Inversecos
Detecting Fake Events in Azure Sign-in Logs
Antivirus_Event_Analysis_1.11.pdf
56.8 KB
#Infographics
#Malware_analysis
Antivirus Event Analysis Cheat Sheet, ver. 1.11.0.
]-> https://www.nextron-systems.com/2023/01/13/antivirus-event-analysis-cheat-sheet-v1-11-0
#Malware_analysis
Antivirus Event Analysis Cheat Sheet, ver. 1.11.0.
]-> https://www.nextron-systems.com/2023/01/13/antivirus-event-analysis-cheat-sheet-v1-11-0
#Offensive_security
1. SCCM Site Takeover via Automatic Client Push Installation
https://posts.specterops.io/sccm-site-takeover-via-automatic-client-push-installation-f567ec80d5b1
2. Codecepticon - .NET application that allows you to obfuscate C#, VBA VB6 (macros), PowerShell source code
https://github.com/Accenture/Codecepticon
1. SCCM Site Takeover via Automatic Client Push Installation
https://posts.specterops.io/sccm-site-takeover-via-automatic-client-push-installation-f567ec80d5b1
2. Codecepticon - .NET application that allows you to obfuscate C#, VBA VB6 (macros), PowerShell source code
https://github.com/Accenture/Codecepticon
SpecterOps
SCCM Site Takeover via Automatic Client Push Installation - SpecterOps
Vulnerability alert: SCCM site takeover revealed. Watch a demo of the attack path and learn how to secure your system against this threat.
impl_scalable_sec.pdf
3.6 MB
#Whitepaper
#SCADA_Security
"Implementing Scalable Security for Devices Without 802.1x Support", 2022.
#SCADA_Security
"Implementing Scalable Security for Devices Without 802.1x Support", 2022.
#exploit
1. CVE-2022-28944/CVE-2022-24644:
EMCO Software Multiple Products/KeyMouse 3.08 (Win) - Unauth. Update RCE
https://github.com/gerr-re/cve-2022-28944
https://github.com/gerr-re/cve-2022-24644
2. Client-Side SSRF to Google Cloud Project Takeover [Google VRP]
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover
3. CVE-2022-3656:
Symbolic Link Following + Upload Warning Bypass
https://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34
1. CVE-2022-28944/CVE-2022-24644:
EMCO Software Multiple Products/KeyMouse 3.08 (Win) - Unauth. Update RCE
https://github.com/gerr-re/cve-2022-28944
https://github.com/gerr-re/cve-2022-24644
2. Client-Side SSRF to Google Cloud Project Takeover [Google VRP]
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover
3. CVE-2022-3656:
Symbolic Link Following + Upload Warning Bypass
https://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34
GitHub
GitHub - gar-re/cve-2022-28944
Contribute to gar-re/cve-2022-28944 development by creating an account on GitHub.
#Red_Team_Tactics
1. Avoid antivirus by hiding the import table
https://xz.aliyun.com/t/12035
2. Measuring, Reporting On, and Planning For Red Team Maturity
https://www.redteammaturity.com/release-blog
3. Measuring Sliver vs Havoc
https://git.culbertreport.com/posts/Sliver-vs-Havoc
1. Avoid antivirus by hiding the import table
https://xz.aliyun.com/t/12035
2. Measuring, Reporting On, and Planning For Red Team Maturity
https://www.redteammaturity.com/release-blog
3. Measuring Sliver vs Havoc
https://git.culbertreport.com/posts/Sliver-vs-Havoc
Vjw0rm.pdf
5 MB
#Malware_analysis
How to Analyze JavaScript Malware - A Case Study of Vjw0rm
How to Analyze JavaScript Malware - A Case Study of Vjw0rm
#exploit
1. CVE-2022-22274:
A Stack-based buffer overflow vulnerability in the SonicOS
https://github.com/pwneddr/Sonic_CVE-2022-22274_poc
2. CVE-2022-3652:
Race condition in JSCreateLowering, leading to RCE
https://bugs.chromium.org/p/chromium/issues/detail?id=1369871
1. CVE-2022-22274:
A Stack-based buffer overflow vulnerability in the SonicOS
https://github.com/pwneddr/Sonic_CVE-2022-22274_poc
2. CVE-2022-3652:
Race condition in JSCreateLowering, leading to RCE
https://bugs.chromium.org/p/chromium/issues/detail?id=1369871
GitHub
GitHub - 4lucardSec/Sonic_CVE-2022-22274_poc
Contribute to 4lucardSec/Sonic_CVE-2022-22274_poc development by creating an account on GitHub.
#Offensive_security
1. .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar
2. Restoring Dyld Memory Loading
https://blog.xpnsec.com/restoring-dyld-memory-loading
1. .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar
2. Restoring Dyld Memory Loading
https://blog.xpnsec.com/restoring-dyld-memory-loading
defion.security
Bad things come in large packages: .pkg signature verification bypass on macOS
Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files
TROJANPUZZLE.pdf
2.8 MB
#Research
"TROJANPUZZLE: Covertly Poisoning Code-Suggestion Models", 2023.
"TROJANPUZZLE: Covertly Poisoning Code-Suggestion Models", 2023.
#Threat_Research
DER Entitlements: The (Brief) Return of the Psychic Paper (CVE-2022-42855)
https://googleprojectzero.blogspot.com/2023/01/der-entitlements-brief-return-of.html
DER Entitlements: The (Brief) Return of the Psychic Paper (CVE-2022-42855)
https://googleprojectzero.blogspot.com/2023/01/der-entitlements-brief-return-of.html
projectzero.google
DER Entitlements: The (Brief) Return of the Psychic Paper
Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, w...
Forensia
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
#Unloading Sysmon Driver.
#Gutmann Method File Shredding.
#USNJrnl Disabler.
#Prefetch Disabler.
#Log Eraser and Event log Disabler.
#User Assist Update Time Disabler.
#Access Time Disabler.
#Clear Recent Items
#Clear Shim Cache
#Clear RecentFileCache
#Clear ShellBag
#File Melting Capabilities.
https://system32.ink/news-feed/p/139/
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
#Unloading Sysmon Driver.
#Gutmann Method File Shredding.
#USNJrnl Disabler.
#Prefetch Disabler.
#Log Eraser and Event log Disabler.
#User Assist Update Time Disabler.
#Access Time Disabler.
#Clear Recent Items
#Clear Shim Cache
#Clear RecentFileCache
#Clear ShellBag
#File Melting Capabilities.
https://system32.ink/news-feed/p/139/