#Red_Team_Tactics
1. Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
2. Abusing Reddit API to host the C2 traffic
https://github.com/kleiton0x00/RedditC2
3. Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
1. Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
2. Abusing Reddit API to host the C2 traffic
https://github.com/kleiton0x00/RedditC2
3. Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
#Red_Team_Tactics
1. StealthHook - A method for hooking a function without modifying memory protection
https://www.x86matthew.com/view_post?id=stealth_hook
2. Frida script to bypass common methods of sslpining Android
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
3. pipe_buffer arbitrary read write
https://interruptlabs.co.uk/labs/pipe_buffer
1. StealthHook - A method for hooking a function without modifying memory protection
https://www.x86matthew.com/view_post?id=stealth_hook
2. Frida script to bypass common methods of sslpining Android
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
3. pipe_buffer arbitrary read write
https://interruptlabs.co.uk/labs/pipe_buffer
Gist
Frida script to bypass common methods of sslpining Android
Frida script to bypass common methods of sslpining Android - mixunpin.js
Dirty_Vanity.pdf
2.3 MB
#Red_Team_Tactics
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
]-> A PoC for the new injection technique, abusing windows fork API to evade EDRs:
https://github.com/deepinstinct/Dirty-Vanity
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
]-> A PoC for the new injection technique, abusing windows fork API to evade EDRs:
https://github.com/deepinstinct/Dirty-Vanity
#tools
#Red_Team_Tactics
1. Talon - password guessing tool that targets the Kerberos/LDAP services within the Windows AD environment
https://github.com/optiv/Talon
2. Bypass Rails::Html::SafeListSanitizer filtering and perform an XSS attack
https://hackerone.com/reports/1656627
3. Tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs
https://github.com/binderlabs/DirCreate2System
#Red_Team_Tactics
1. Talon - password guessing tool that targets the Kerberos/LDAP services within the Windows AD environment
https://github.com/optiv/Talon
2. Bypass Rails::Html::SafeListSanitizer filtering and perform an XSS attack
https://hackerone.com/reports/1656627
3. Tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs
https://github.com/binderlabs/DirCreate2System
GitHub
GitHub - optiv/Talon: A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory…
A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment. - optiv/Talon
#Red_Team_Tactics
1. {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
2. How To Exploit File Inclusion Vulnerabilities
https://infosecwriteups.com/how-to-exploit-file-inclusion-vulnerabilities-a-beginners-introduction-stackzero-a55267b5fafb
1. {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
2. How To Exploit File Inclusion Vulnerabilities
https://infosecwriteups.com/how-to-exploit-file-inclusion-vulnerabilities-a-beginners-introduction-stackzero-a55267b5fafb
Claroty
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
Team82 developed a generic web application firewall bypass exploiting a lack of JSON syntax support in leading vendors' SQL injection like AWS and Imperva WAF.
#Red_Team_Tactics
1. Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints
2. Raw sockets hacking
https://antonio-cooler.gitbook.io/coolervoid-tavern/port-knocking-from-the-scratch
]-> Secure shell using port Knocking technique with AES256-GCM: https://github.com/CoolerVoid/ninja_shell
1. Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints
2. Raw sockets hacking
https://antonio-cooler.gitbook.io/coolervoid-tavern/port-knocking-from-the-scratch
]-> Secure shell using port Knocking technique with AES256-GCM: https://github.com/CoolerVoid/ninja_shell
Cymulate
Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
Cymulate researchers have discovered a new vulnerability and created a proof of concept. The technique based on it allows attackers to circumvent many EDR vendors.
#Red_Team_Tactics
1. Process reparenting in MS Windows
https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows
2. CLI tool/library to enhance and speed up script/exploit writing with string conversion/manipulation
https://github.com/noraj/ctf-party
1. Process reparenting in MS Windows
https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows
2. CLI tool/library to enhance and speed up script/exploit writing with string conversion/manipulation
https://github.com/noraj/ctf-party
Trail of Bits Blog
What child is this?
A Primer on Process Reparenting in Windows By Yarden Shafir Process reparenting is a technique used in Microsoft Windows to create a child process under a different parent process than the one maki…
#Red_Team_Tactics
Using Leaking Sentinel Value to Bypass the Latest Chrome v8 HardenProtect
https://medium.com/@numencyberlabs/using-leaking-sentinel-value-to-bypass-the-latest-chrome-v8-hardenprotect-c4ed40e3d34f
Using Leaking Sentinel Value to Bypass the Latest Chrome v8 HardenProtect
https://medium.com/@numencyberlabs/using-leaking-sentinel-value-to-bypass-the-latest-chrome-v8-hardenprotect-c4ed40e3d34f
Medium
Using Leaking Sentinel Value to Bypass the Latest Chrome v8 HardenProtect
A technical analysis where we use sentinel value to bypass the Latest Chrome v8 HardenProtect
#tools
#Red_Team_Tactics
1. Blindside - technique for evading the monitoring of EDR / XDR platforms using hardware breakpoints to inject commands
https://github.com/CymulateResearch/Blindside
2. Avoiding Detection with Shellcode Mutator
https://labs.nettitude.com/blog/shellcode-source-mutations
]-> https://github.com/nettitude/ShellcodeMutator
#Red_Team_Tactics
1. Blindside - technique for evading the monitoring of EDR / XDR platforms using hardware breakpoints to inject commands
https://github.com/CymulateResearch/Blindside
2. Avoiding Detection with Shellcode Mutator
https://labs.nettitude.com/blog/shellcode-source-mutations
]-> https://github.com/nettitude/ShellcodeMutator
GitHub
GitHub - CymulateResearch/Blindside: Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms - GitHub - CymulateResearch/Blindside: Utilizing hardware breakpoints to evade monitoring by Endpoin...
#Red_Team_Tactics
1. Divide And Bypass: A new Simple Way to Bypass AMSI
https://x4sh3s.github.io/posts/Divide-and-bypass-amsi
2. Pass-the-Challenge: Defeating Windows Defender Credential Guard
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
1. Divide And Bypass: A new Simple Way to Bypass AMSI
https://x4sh3s.github.io/posts/Divide-and-bypass-amsi
2. Pass-the-Challenge: Defeating Windows Defender Credential Guard
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
x4sh3s
Divide And Bypass: A new Simple Way to Bypass AMSI
This post is about a new simple way to bypass AMSI (Antimalware Scan Interface), that can be applied on small scripts, specially the popular AMSI bypasses.
#Red_Team_Tactics
1. Writing Windows Kernel Drivers for Advanced Persistence
https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
2. 0 click Facebook Account Takeover and Two-Factor Authentication Bypass
https://medium.com/@yaala/account-takeover-and-two-factor-authentication-bypass-de56ed41d7f9
1. Writing Windows Kernel Drivers for Advanced Persistence
https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
2. 0 click Facebook Account Takeover and Two-Factor Authentication Bypass
https://medium.com/@yaala/account-takeover-and-two-factor-authentication-bypass-de56ed41d7f9
v3ded.github.io
Red Team Tactics: Writing Windows Kernel Drivers for Advanced Persistence (Part 1)
Introduction This post, as indicated by the title, will cover the topic of writing Windows kernel drivers for advanced persistence. Because the subject matte...
#tools
#Red_Team_Tactics
1. DROPS - Adversary Tool Command Generator / "Dynamic Cheat Sheet"
https://sygnialabs.github.io/DROPS
2. ScrapPY - utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools
https://github.com/RoseSecurity/ScrapPY
3. Rust reflective loader
https://github.com/winsecurity/Offensive-Rust/tree/main/peloader64
#Red_Team_Tactics
1. DROPS - Adversary Tool Command Generator / "Dynamic Cheat Sheet"
https://sygnialabs.github.io/DROPS
2. ScrapPY - utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools
https://github.com/RoseSecurity/ScrapPY
3. Rust reflective loader
https://github.com/winsecurity/Offensive-Rust/tree/main/peloader64
GitHub
GitHub - RoseSecurity/ScrapPY: ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate…
ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists that can be utilized by offensive security tools to perform brute force, forced browsing,...
NASim.pdf
1.7 MB
#Threat_Research
#Red_Team_Tactics
"Autonomous Penetration Testing using Reinforcement Learning"
]-> Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
#Red_Team_Tactics
"Autonomous Penetration Testing using Reinforcement Learning"
]-> Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
Forwarded from Deadly malware xp
#Red_Team_Tactics
1. NTLMRecon: identify commonly accessible NTLM authentication endpoints
https://github.com/praetorian-inc/NTLMRecon#installation
2. Bypass firewalls with of-CORs and typo-squatting
https://github.com/trufflesecurity/of-cors
1. NTLMRecon: identify commonly accessible NTLM authentication endpoints
https://github.com/praetorian-inc/NTLMRecon#installation
2. Bypass firewalls with of-CORs and typo-squatting
https://github.com/trufflesecurity/of-cors
GitHub
GitHub - praetorian-inc/NTLMRecon: A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM…
A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints. - praetorian-inc/NTLMRecon
Forwarded from Deadly malware xp
#Red_Team_Tactics
1. Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
https://github.com/D1rkMtr/UnhookingPatch
2. A new AMSI Bypass technique using .NET ALI Call Hooking
https://github.com/pracsec/AmsiBypassHookManagedAPI
3. Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID
https://github.com/D1rkMtr/FilelessNtdllReflection
1. Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
https://github.com/D1rkMtr/UnhookingPatch
2. A new AMSI Bypass technique using .NET ALI Call Hooking
https://github.com/pracsec/AmsiBypassHookManagedAPI
3. Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID
https://github.com/D1rkMtr/FilelessNtdllReflection
Forwarded from Deadly malware xp
#Red_Team_Tactics
How To Attack Admin Panels Successfully
Part 1: https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
Part 2: https://medium.com/geekculture/how-to-attack-admin-panels-successfully-part-2-9316c3caad3a
How To Attack Admin Panels Successfully
Part 1: https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
Part 2: https://medium.com/geekculture/how-to-attack-admin-panels-successfully-part-2-9316c3caad3a
Medium
How To Attack Admin Panels Successfully
Attacking Web Apps Admin Panels The Right Way
Forwarded from Deadly malware xp
PhiAttack.pdf
179 KB
#Red_Team_Tactics
"PhiAttack: Rewriting the Java Card Class Hierarchy", 2021.
"PhiAttack: Rewriting the Java Card Class Hierarchy", 2021.
#Red_Team_Tactics
1. Avoid antivirus by hiding the import table
https://xz.aliyun.com/t/12035
2. Measuring, Reporting On, and Planning For Red Team Maturity
https://www.redteammaturity.com/release-blog
3. Measuring Sliver vs Havoc
https://git.culbertreport.com/posts/Sliver-vs-Havoc
1. Avoid antivirus by hiding the import table
https://xz.aliyun.com/t/12035
2. Measuring, Reporting On, and Planning For Red Team Maturity
https://www.redteammaturity.com/release-blog
3. Measuring Sliver vs Havoc
https://git.culbertreport.com/posts/Sliver-vs-Havoc
#tools
#Red_Team_Tactics
1. Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
https://github.com/PaulNorman01/Forensia
2. VirusTotalC2 - Abusing VirusTotal API to host C2 traffic
https://github.com/D1rkMtr/VirusTotalC2
#Red_Team_Tactics
1. Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
https://github.com/PaulNorman01/Forensia
2. VirusTotalC2 - Abusing VirusTotal API to host C2 traffic
https://github.com/D1rkMtr/VirusTotalC2
GitHub
GitHub - PaulNorman01/Forensia: Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase. - PaulNorman01/Forensia