Forwarded from Red Team Manager
Как часто вы сталкиваетесь с ситуацией, когда смотришь на коллегу и думаешь: "да как тебя еще не уволили"? Решил ответить на данный вопрос и разобраться, стоит ли бояться увольнений
https://teletype.in/@redteammanager/OqRhIw5ep6n
https://teletype.in/@redteammanager/OqRhIw5ep6n
Teletype
Терпеть нельзя уволить
Как часто вы сталкиваетесь с ситуацией, когда смотришь на коллегу и думаешь: "да как тебя еще не уволили"? Увы, реальность такова, что...
Easy cross compilation - zig
#tool #maldev
Sometimes on engagement you need to cross compile your c(++) tools, but doing it is a headache because of lots of compilers you need for every OS and architecture. I found an interesting way to do it using only one tool: Zig compiler.
Leveraging the ability of LLVM and integrated cross-os and cross-architecture support built-in to the Zig compiler, you can cross compile for lots of OS and architectures.
Here is an example for cross compiling for x64 Windows, Linux and OSX:
👉
Also it can be integrated into your build system (e.g. CMake or Makefile):
👉
In addition, you also can easily leverage a power of LLVM obfuscators (e.g. https://github.com/eshard/obfuscator-llvm) to make it harder to analyze your malware.
Btw, don't forget to strip your binary 😉
#tool #maldev
Sometimes on engagement you need to cross compile your c(++) tools, but doing it is a headache because of lots of compilers you need for every OS and architecture. I found an interesting way to do it using only one tool: Zig compiler.
Leveraging the ability of LLVM and integrated cross-os and cross-architecture support built-in to the Zig compiler, you can cross compile for lots of OS and architectures.
Here is an example for cross compiling for x64 Windows, Linux and OSX:
👉
zig c++ -target x86_64-macos hello_world.cpp -o hw_mac.out
👉zig c++ -target x86_64-linux hello_world.cpp -o hw_lin.out
👉zig c++ -target x86_64-windows hello_world.cpp -o hw_win.out
Also it can be integrated into your build system (e.g. CMake or Makefile):
👉
CC="zig cc -target x86_64-macos" CXX="zig c++ -target x86_64-macos" AR="zig ar" RANLIB="zig ranlib" USE_JEMALLOC=no USE_SYSTEMD=no
In addition, you also can easily leverage a power of LLVM obfuscators (e.g. https://github.com/eshard/obfuscator-llvm) to make it harder to analyze your malware.
Btw, don't forget to strip your binary 😉
👍3
YARP as a C2 Redirector
#rastamouse
YARP: Yet Another Reverse Proxy is a .NET library developed by Microsoft designed to run on top of ASP.NET Core infrastructure. The intended use case for YARP is to sit between backend and frontend services to provide reverse proxy and load balancing services. The content of this blog post is to show how it can
via Rasta Mouse Blog
#rastamouse
YARP: Yet Another Reverse Proxy is a .NET library developed by Microsoft designed to run on top of ASP.NET Core infrastructure. The intended use case for YARP is to sit between backend and frontend services to provide reverse proxy and load balancing services. The content of this blog post is to show how it can
via Rasta Mouse Blog
Misconfiguration Manager: Overlooked and Overprivileged
#specterops
via SpecterOps Team Medium (author: Duane Michael)
#specterops
via SpecterOps Team Medium (author: Duane Michael)
Medium
Misconfiguration Manager: Overlooked and Overprivileged
TL;DR: Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated…
Introducing PCI's New Self-Assessment Questionnaire
#trustedsec
The PCI DSS 4.0 transition deadline is approaching on April 01, 2024, and we have a new type of reduced-scope self-assessment questionnaire (SAQ) to go with it: SAQ SPoC.
via TrustedSec Blog (author: Chris Camejo)
#trustedsec
The PCI DSS 4.0 transition deadline is approaching on April 01, 2024, and we have a new type of reduced-scope self-assessment questionnaire (SAQ) to go with it: SAQ SPoC.
via TrustedSec Blog (author: Chris Camejo)
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
#netspi
NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. Learn how NetSPI discovered and exploited the vulnerability.
via NetSPI Technical Blog (author: Rich Wolferd)
#netspi
NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. Learn how NetSPI discovered and exploited the vulnerability.
via NetSPI Technical Blog (author: Rich Wolferd)
Failure to Restrict URL Access: It’s Still a Thing
#trustedsec
Here are some brief thoughts about an old issue. If you are a full-time application security professional, stop reading. You know all about this, you know probably five different ways to describe and talk about this,…
via TrustedSec Blog (author: Geoff Walton)
#trustedsec
Here are some brief thoughts about an old issue. If you are a full-time application security professional, stop reading. You know all about this, you know probably five different ways to describe and talk about this,…
via TrustedSec Blog (author: Geoff Walton)
Azure Deployment Scripts: Assuming User-Assigned Managed Identities
#netspi
Learn how to use Deployment Scripts to complete faster privilege escalation with Azure User-Assigned Managed Identities.
via NetSPI Technical Blog (author: Karl Fosaaen)
#netspi
Learn how to use Deployment Scripts to complete faster privilege escalation with Azure User-Assigned Managed Identities.
via NetSPI Technical Blog (author: Karl Fosaaen)
Making Desync attacks easy with TRACE
#portswigger
Have you ever found an HTTP desync vulnerability that seemed impossible to exploit due to its complicated constraints? In this blogpost we will explore a new exploitation technique that can be used to
via PortSwigger Research
#portswigger
Have you ever found an HTTP desync vulnerability that seemed impossible to exploit due to its complicated constraints? In this blogpost we will explore a new exploitation technique that can be used to
via PortSwigger Research
Introducing Jigsaw: Shellcode Obfuscation
#redsiege
Consultant As offensive security professionals, we often find ourselves writing custom shellcode loaders for initial access and code execution. Unless we’re using a fully custom C2, […]
via RedSiege Blog (author: Red Siege)
#redsiege
Consultant As offensive security professionals, we often find ourselves writing custom shellcode loaders for initial access and code execution. Unless we’re using a fully custom C2, […]
via RedSiege Blog (author: Red Siege)
Identity Providers for RedTeamers
#xpn
Originally presented at SOCON-2024, and continuing the series into post-exploitation techniques against Identity Providers, in this blog post we'll look at Ping, OneLogin and Entra ID. I'll discuss how post-exploitation techniques effective against Okta apply to other providers, release new tools for post-exploitation, and look at what proves to be effective when critical assets lie beyond an Identity Provider portal.
via XPN InfoSec Blog
#xpn
Originally presented at SOCON-2024, and continuing the series into post-exploitation techniques against Identity Providers, in this blog post we'll look at Ping, OneLogin and Entra ID. I'll discuss how post-exploitation techniques effective against Okta apply to other providers, release new tools for post-exploitation, and look at what proves to be effective when critical assets lie beyond an Identity Provider portal.
via XPN InfoSec Blog
From Error to Entry: Cracking the Code of Password-Spraying Tools
#trustedsec
IntroductionFirst things first, all of the tools in this blog post are really great tools and I have used most of them. (Thanks to the authors of the tools to sacrifice time and energy to write tools for the…
via TrustedSec Blog (author: Oddvar Moe)
#trustedsec
IntroductionFirst things first, all of the tools in this blog post are really great tools and I have used most of them. (Thanks to the authors of the tools to sacrifice time and energy to write tools for the…
via TrustedSec Blog (author: Oddvar Moe)
Web2 Bugs in Web3 Systems
#netspi
Discover how attackers use vulnerabilities in off-chain components to achieve critical impact against on-chain systems.
via NetSPI Technical Blog (author: Hannay Almohanna)
#netspi
Discover how attackers use vulnerabilities in off-chain components to achieve critical impact against on-chain systems.
via NetSPI Technical Blog (author: Hannay Almohanna)
Securing Sensitive Data: How Ransomware Challenges the Healthcare Industry
#trustedsec
The healthcare industry is a prime target for ransomware attacks due to the critical nature of its services and the sensitive data it handles. This blog post outlines essential steps that healthcare organizations can…
via TrustedSec Blog (author: Carlos Perez)
#trustedsec
The healthcare industry is a prime target for ransomware attacks due to the critical nature of its services and the sensitive data it handles. This blog post outlines essential steps that healthcare organizations can…
via TrustedSec Blog (author: Carlos Perez)
Introducing STAR-FS
#mdsec
March, 2024 Last week, the Bank of England announced the introduction of a new regulatory framework, STAR-FS, to support the financial sector in its cyber resilience operations. Over 4 years...
via MDSec Blog (author: Admin)
#mdsec
March, 2024 Last week, the Bank of England announced the introduction of a new regulatory framework, STAR-FS, to support the financial sector in its cyber resilience operations. Over 4 years...
via MDSec Blog (author: Admin)