CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming
https://github.com/fireeye/commando-vm
Script is provided to assist penetration testers
in creating handy and versatile toolboxes for offensive engagements
#redteam #blueteam #pentest #infosec
https://github.com/fireeye/commando-vm
Script is provided to assist penetration testers
in creating handy and versatile toolboxes for offensive engagements
#redteam #blueteam #pentest #infosec
GitHub
GitHub - mandiant/commando-vm: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual…
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com - mandiant/commando-vm
A collection of open source tools that aid in red team operations. This repository will help you during red team engagement
https://github.com/shr3ddersec/Shr3dKit/blob/master/README.md
#pentest #redteam #blueteam
https://github.com/shr3ddersec/Shr3dKit/blob/master/README.md
#pentest #redteam #blueteam
GitHub
Shr3dKit/README.md at master · shr3ddersec/Shr3dKit
Red Team Tool Kit. Contribute to shr3ddersec/Shr3dKit development by creating an account on GitHub.
KatzKatz - KatzKatz is a python tool to parse text files containing output from Mimikatz sekurlsa::logonpasswords module.
https://github.com/xFreed0m/KatzKatz
#pentest #redteam #mimikatz
https://github.com/xFreed0m/KatzKatz
#pentest #redteam #mimikatz
GitHub
GitHub - xFreed0m/KatzKatz: Python3 script to parse txt files containing Mimikatz output
Python3 script to parse txt files containing Mimikatz output - GitHub - xFreed0m/KatzKatz: Python3 script to parse txt files containing Mimikatz output
GoMet - Multi-platform agent written in Golang. TCP forwarding, socks5, tunneling, pivoting, shell, download, exec
https://github.com/mimah/GoMet
#pivoting #infosec #redteam
https://github.com/mimah/GoMet
#pivoting #infosec #redteam
PowerShell Cmdlets to interact with BloodHound Data via Neo4j REST API
https://github.com/SadProcessor/CypherDog/blob/master/README.md
#pentest #ad #redteam
https://github.com/SadProcessor/CypherDog/blob/master/README.md
#pentest #ad #redteam
GitHub
SadProcessor/CypherDog
PoSh BloodHound Dog Whisperer. Contribute to SadProcessor/CypherDog development by creating an account on GitHub.
HOW TO build your lab to attack a modern Microsoft cloud environment that is protected Microsoft Defender ATP
https://emptydc.com/2019/03/31/go-hack-yourself/amp/#click=https://t.co/pwk7ZK2eHv
If you try to think like an attacker, you will be better able to understand how to protect your environment.
#redteam #blueteam #dfir
https://emptydc.com/2019/03/31/go-hack-yourself/amp/#click=https://t.co/pwk7ZK2eHv
If you try to think like an attacker, you will be better able to understand how to protect your environment.
#redteam #blueteam #dfir
Empty Datacenter - 100% Cloud
Go, hack yourself!
While talking about the protection mechanisms in modern cloud environments, one tends to forget the other side. You must know your enemy in order to fight him successfully. Today we will build a la…
Device Guard (or WDAC) Is an application whitelisting feature on Windows 10 systems that allows only approved executables, libraries, and scripts to run, even under administrator users. Seemingly, the only way to run unsigned code without specific RCE vulnerabilities would require an administrator to turn the feature off and restart the machine.
This talk will exhibit rarely discussed and novel techniques to bypass Device Guard, some requiring admin access, some requiring Microsoft Office (but no user interaction), and one available under low privileges and using nothing but native OS executables. All techniques presented will eventually allow an attacker to run arbitrary code without disabling Device Guard. As of now, Microsoft decided not to service these techniques with an update.
https://www.youtube.com/watch?v=VJqr_UIwB_M&list=PL1eoQr97VfJlV65VBem99gRd6r4ih9GQE&index=7&t=143s
#windows #bypass #redteam
This talk will exhibit rarely discussed and novel techniques to bypass Device Guard, some requiring admin access, some requiring Microsoft Office (but no user interaction), and one available under low privileges and using nothing but native OS executables. All techniques presented will eventually allow an attacker to run arbitrary code without disabling Device Guard. As of now, Microsoft decided not to service these techniques with an update.
https://www.youtube.com/watch?v=VJqr_UIwB_M&list=PL1eoQr97VfJlV65VBem99gRd6r4ih9GQE&index=7&t=143s
#windows #bypass #redteam
YouTube
TR19: Sneaking Past Device Guard
ippsec - Mimikatz obfuscation for AV/HIDS evasion
https://youtu.be/9pwMCHlNma4
#redteam #av #edrbypass
https://youtu.be/9pwMCHlNma4
#redteam #av #edrbypass
YouTube
AV Evasion - Mimikatz
00:58 - Installing FireEye Commando to help keep our development environments sync'd
04:30 - Using Git to download mimikatz, openifang with Visual Studio 2017 and installing dependencies
08:50 - Verifying that we can compile mimikatz before we make any changes.…
04:30 - Using Git to download mimikatz, openifang with Visual Studio 2017 and installing dependencies
08:50 - Verifying that we can compile mimikatz before we make any changes.…
Dechaining Macros and Evading EDR
Microsoft Office macros continue to be one of the primary delivery mechanisms in real world attacks seen by Countercept and often present the easiest and simplest way to compromise most organisations. However, common payloads haven’t changed that much over time, aside from the addition of increasingly complex obfuscation.
https://www.countercept.com/blog/dechaining-macros-and-evading-edr
#redteam #pentest
Microsoft Office macros continue to be one of the primary delivery mechanisms in real world attacks seen by Countercept and often present the easiest and simplest way to compromise most organisations. However, common payloads haven’t changed that much over time, aside from the addition of increasingly complex obfuscation.
https://www.countercept.com/blog/dechaining-macros-and-evading-edr
#redteam #pentest
WinPwn - In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate this process and for the proxy reason I wrote my own script with automatic proxy recognition and integration.
https://github.com/SecureThisShit/WinPwn
#pentest #redteam
https://github.com/SecureThisShit/WinPwn
#pentest #redteam
GitHub
GitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-Security
Automation for internal Windows Penetrationtest / AD-Security - GitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-Security
Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse tunnelling
Ngrok is a fantastic tool for creating a secure tunnel from the public web to a machine behind NAT or a firewall. Sadly, it costs money and it’s proprietary. If you’re a developer, odds are that you’re already renting a server in the public cloud, so why not roll your own ngrok?
https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html
#pivoting #pentest #redteam
Ngrok is a fantastic tool for creating a secure tunnel from the public web to a machine behind NAT or a firewall. Sadly, it costs money and it’s proprietary. If you’re a developer, odds are that you’re already renting a server in the public cloud, so why not roll your own ngrok?
https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html
#pivoting #pentest #redteam
Empire Domain Fronting With Microsoft Azure
https://truneski.github.io/blog/2019/02/27/empire-domain-fronting-with-microsoft-azure/
#redteam #empire
https://truneski.github.io/blog/2019/02/27/empire-domain-fronting-with-microsoft-azure/
#redteam #empire
Antimalware Scan Interface (AMSI) — A Red Team Analysis on Evasion
https://iwantmore.pizza/posts/amsi.html
#redteam #evasion #amsi
https://iwantmore.pizza/posts/amsi.html
#redteam #evasion #amsi
Next Gen Phishing – Leveraging Azure Information Protection -
How to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker
https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection/ …
#phishing #azure #pentest #redteam
How to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker
https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection/ …
#phishing #azure #pentest #redteam
Red Team Diary, Entry #3: Custom Malware Development (Establishing A Shell Through the Target’s Browser)
In this post I will demonstrate how you can develop your own custom malware that establishes a shell through the target’s browser. We chose to abuse the target’s browser so that any traffic back to us will look like legitimate web page browsing.
https://medium.com/@d.bougioukas/red-team-diary-entry-3-custom-malware-development-establish-a-shell-through-the-browser-bed97c6398a5
#redteam #beef #exploitation
In this post I will demonstrate how you can develop your own custom malware that establishes a shell through the target’s browser. We chose to abuse the target’s browser so that any traffic back to us will look like legitimate web page browsing.
https://medium.com/@d.bougioukas/red-team-diary-entry-3-custom-malware-development-establish-a-shell-through-the-browser-bed97c6398a5
#redteam #beef #exploitation
Medium
Red Team Diary, Entry #3: Custom Malware Development (Establish A Shell Through the Browser)
Repurposing BeEF and AutoIt for stealthy malware development