Command and Control via TCP Handshake
This is my first blog post, so please let me know if there’s any way I can improve this post. I expect it to have inaccuracies and maybe have parts that can be explained better. Would appreciate a quick note if any of you notice them! So, all that BS aside, let’s get into it.
https://thesw4rm.gitlab.io/nfqueue_c2/2019/09/15/Command-and-Control-via-TCP-Handshake/
#c2 #linux #NFQueue
This is my first blog post, so please let me know if there’s any way I can improve this post. I expect it to have inaccuracies and maybe have parts that can be explained better. Would appreciate a quick note if any of you notice them! So, all that BS aside, let’s get into it.
https://thesw4rm.gitlab.io/nfqueue_c2/2019/09/15/Command-and-Control-via-TCP-Handshake/
#c2 #linux #NFQueue
thesw4rm Cybersecurity Stuff
Command and Control via TCP Handshake
Quick Intro/DisclaimerThis is my first blog post, so please let me know if there’s any way I can improve this post. I expect it to have inaccuracies and maybe have parts that can be explained better.
Get SSH login notification on Telegram - Updated
https://8192.one/post/ssh_login_notification_withtelegram/
#linux #security #telegram #ssh
https://8192.one/post/ssh_login_notification_withtelegram/
#linux #security #telegram #ssh
(AB)USING LINUX SNMP FOR RCE
If you have a SNMP community with write permissions on a Linux target, you can get code execution by abusing the NET-SNMP-EXTEND-MIB extension. The SNMP daemon is running as root, making this also a nice local privilege escalation vector.
https://mogwailabs.de/blog/2019/10/abusing-linux-snmp-for-rce/
#linux #snmp #rce #pentesting
If you have a SNMP community with write permissions on a Linux target, you can get code execution by abusing the NET-SNMP-EXTEND-MIB extension. The SNMP daemon is running as root, making this also a nice local privilege escalation vector.
https://mogwailabs.de/blog/2019/10/abusing-linux-snmp-for-rce/
#linux #snmp #rce #pentesting
MOGWAI LABS GmbH web site
404 Page not found
Performing Linux Forensic Analysis and Why You Should Care! Workshop
https://github.com/ashemery/LinuxForensics
#linux #forensics #blueteam
https://github.com/ashemery/LinuxForensics
#linux #forensics #blueteam
GitHub
GitHub - ashemery/LinuxForensics: Everything related to Linux Forensics
Everything related to Linux Forensics. Contribute to ashemery/LinuxForensics development by creating an account on GitHub.
tinyssh
TinySSH is a minimalistic SSH server which implements only a subset of SSHv2 features.
https://tinyssh.org/
#tools #ssh #linux
TinySSH is a minimalistic SSH server which implements only a subset of SSHv2 features.
https://tinyssh.org/
#tools #ssh #linux
Vegile - Ghost In The Shell
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
https://github.com/Screetsec/Vegile
#linux #postexploitation #persistence #evasion
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
https://github.com/Screetsec/Vegile
#linux #postexploitation #persistence #evasion
GitHub
GitHub - screetsec/Vegile: This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your…
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it w...
Rico's cheatsheets
Hey! I'm @rstacruz and this is a modest collection of cheatsheets I've written
https://devhints.io/
#linux #bash #cheatsheet
Hey! I'm @rstacruz and this is a modest collection of cheatsheets I've written
https://devhints.io/
#linux #bash #cheatsheet
Devhints.io cheatsheets
https://assets.devhints.io/previews/index.jpg
A ridiculous collection of web development cheatsheets
Apache2 mod_backdoor
mod_backdoor is a stealth backdoor using an Apache2 module.
https://github.com/VladRico/apache2_BackdoorMod
#tools #redteaming #linux
mod_backdoor is a stealth backdoor using an Apache2 module.
https://github.com/VladRico/apache2_BackdoorMod
#tools #redteaming #linux
GitHub
GitHub - VladRico/apache2_BackdoorMod: A backdoor module for Apache2
A backdoor module for Apache2. Contribute to VladRico/apache2_BackdoorMod development by creating an account on GitHub.
Nightmare
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. I call it that because it's a lot of people's nightmare to get hit by weaponized 0 days, which these skills directly translate into doing that type of work (plus it's a really cool song).
https://guyinatuxedo.github.io/
#linux #learning #pwn #exploitation #shellcoding
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. I call it that because it's a lot of people's nightmare to get hit by weaponized 0 days, which these skills directly translate into doing that type of work (plus it's a really cool song).
https://guyinatuxedo.github.io/
#linux #learning #pwn #exploitation #shellcoding
guyinatuxedo.github.io
Nightmare - Nightmare
Nightmare: an intro to binary exploitation / reverse engineering course based around CTF challenges.
dlinject.py
Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things.
https://github.com/DavidBuchanan314/dlinject
#linux #bypass #evasion
Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things.
https://github.com/DavidBuchanan314/dlinject
#linux #bypass #evasion
GitHub
GitHub - DavidBuchanan314/dlinject: Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace - DavidBuchanan314/dlinject
Zombie Ant Farm: A Kit For Playing Hide and Seek with Linux EDRs
https://github.com/dsnezhkov/zombieant
#linux #bypass #evasion
https://github.com/dsnezhkov/zombieant
#linux #bypass #evasion
GitHub
GitHub - dsnezhkov/zombieant: Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion. - GitHub - dsnezhkov/zombieant: Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
collection of verified Linux kernel exploits
lpe is based on the tool out-of-tree (documentation) and allows collaborative work on Linux kernel exploits without too much complexity.
https://github.com/jollheef/lpe
#tools #linux #privesc
lpe is based on the tool out-of-tree (documentation) and allows collaborative work on Linux kernel exploits without too much complexity.
https://github.com/jollheef/lpe
#tools #linux #privesc
GitHub
GitHub - jollheef/lpe: collection of verified Linux kernel exploits
collection of verified Linux kernel exploits. Contribute to jollheef/lpe development by creating an account on GitHub.
sudo_killer
Linux Privilege Escalation through SUDO abuse.
https://github.com/TH3xACE/SUDO_KILLER
#tools #linux #lpe
Linux Privilege Escalation through SUDO abuse.
https://github.com/TH3xACE/SUDO_KILLER
#tools #linux #lpe
GitHub
GitHub - TH3xACE/SUDO_KILLER: A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like…
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileg...
DEFEATING STACK CANARY, PIE AND DEP ON REMOTE 64 BIT SERVER WITH BYTE WISE BRUTEFORCE
https://www.ret2rop.com/2020/05/canary-pie-byte-bruteforce.html
#linux #exploitation #pwn
https://www.ret2rop.com/2020/05/canary-pie-byte-bruteforce.html
#linux #exploitation #pwn
Linux Privilege Escalation in Four Ways
How overprivileged processes compromise your system
https://medium.com/swlh/linux-privilege-escalation-in-four-ways-eedb52903b3
#linux #privesc #oscp
How overprivileged processes compromise your system
https://medium.com/swlh/linux-privilege-escalation-in-four-ways-eedb52903b3
#linux #privesc #oscp
Medium
Linux Privilege Escalation in Four Ways
How overprivileged processes compromise your system
The art of gaining root
This is my First blog about Linux Privilege escalation. So Without wasting any time Let’s Start I’ll start with basics.
https://mystiko.sh/?p=699
#linux #exploitation #oscp
This is my First blog about Linux Privilege escalation. So Without wasting any time Let’s Start I’ll start with basics.
https://mystiko.sh/?p=699
#linux #exploitation #oscp
Escaping Docker Privileged Containers
Why you should not run Docker with the “privileged” flag
https://medium.com/better-programming/escaping-docker-privileged-containers-a7ae7d17f5a1
#docker #lpe #linux
Why you should not run Docker with the “privileged” flag
https://medium.com/better-programming/escaping-docker-privileged-containers-a7ae7d17f5a1
#docker #lpe #linux
Medium
Escaping Docker Privileged Containers
Why you should not run Docker with the “privileged” flag
Penetration Testing Cheat Sheet
This is more of a checklist for myself. May contain useful tips and tricks.
https://github.com/ivan-sincek/penetration-testing-cheat-sheet
#cheatsheet #pentesting #linux #windows
This is more of a checklist for myself. May contain useful tips and tricks.
https://github.com/ivan-sincek/penetration-testing-cheat-sheet
#cheatsheet #pentesting #linux #windows
GitHub
GitHub - ivan-sincek/penetration-testing-cheat-sheet: Work in progress...
Work in progress... Contribute to ivan-sincek/penetration-testing-cheat-sheet development by creating an account on GitHub.