Class
Topic: Sql injection
Time: 8 Pm IST
Details: https://system32.ink/classes
Host: @vanshsec
Invite Link (Web) : https://system32.ink/zoom-meetings/sqli/?pak=QnhXbW50UHpUcnlwUHJ0ekpRYlBlZz09&join=V2NzRklocno1Ylc1YUVyWUVrRFI1QT09&type=meeting&redirect
Jyada se jyada sankhya me aakar class ki shobha ka Aanand leve, dhnywaad
Topic: Sql injection
Time: 8 Pm IST
Details: https://system32.ink/classes
Host: @vanshsec
Invite Link (Web) : https://system32.ink/zoom-meetings/sqli/?pak=QnhXbW50UHpUcnlwUHJ0ekpRYlBlZz09&join=V2NzRklocno1Ylc1YUVyWUVrRFI1QT09&type=meeting&redirect
Jyada se jyada sankhya me aakar class ki shobha ka Aanand leve, dhnywaad
Gmailc2
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions.
C2 Feature:
▫️ Persistence (type persist)
▫️ Shell Access
▫️ System Info (type info)
▫️ More Features Will Be Added
Features:
▫️ FUD Ratio 0/40
▫️ Bypass Any EDR's Solutions
▫️ Bypass Any Network Restrictions
▫️ Commands Are Being Sent in Base64 And Decoded on server side
▫️ No More Tcp Shits
https://system32.ink/news-feed/p/151/
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions.
C2 Feature:
▫️ Persistence (type persist)
▫️ Shell Access
▫️ System Info (type info)
▫️ More Features Will Be Added
Features:
▫️ FUD Ratio 0/40
▫️ Bypass Any EDR's Solutions
▫️ Bypass Any Network Restrictions
▫️ Commands Are Being Sent in Base64 And Decoded on server side
▫️ No More Tcp Shits
https://system32.ink/news-feed/p/151/
System32
MCracker2002 posted an update
Gmailc2A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions.C2 Feature: ▫️ Persistence (type persist) ▫️ Shell Access ▫️ System Info (type info) ▫️ More Features Will Be AddedFeatures:…
#tools
#Red_Team_Tactics
1. Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
https://github.com/PaulNorman01/Forensia
2. VirusTotalC2 - Abusing VirusTotal API to host C2 traffic
https://github.com/D1rkMtr/VirusTotalC2
#Red_Team_Tactics
1. Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
https://github.com/PaulNorman01/Forensia
2. VirusTotalC2 - Abusing VirusTotal API to host C2 traffic
https://github.com/D1rkMtr/VirusTotalC2
GitHub
GitHub - PaulNorman01/Forensia: Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase. - PaulNorman01/Forensia
attacking_safari_2022.pdf
1.4 MB
#Threat_Research
"Attacking Safari in 2022".
"Attacking Safari in 2022".
#Malware_analysis
Analysis of CVE-2022-42475 - FortiOS - heap-based buffer overflow in SSLVPNd
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
Analysis of CVE-2022-42475 - FortiOS - heap-based buffer overflow in SSLVPNd
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
Fortinet Blog
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd | Fortinet Blog
Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our on…
#exploit
1. Redis 6.0.16 - RCE
https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1
2. Linux kernel exploit development
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development?s=09
1. Redis 6.0.16 - RCE
https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1
2. Linux kernel exploit development
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development?s=09
Medium
Hacking Redis for fun and CTF points
This post will go through an exploit that achieves code execution in the Redis server via a memory corruption issue. It works for Redis…
Chronos.pdf
805.8 KB
#Research
"CHRONOS: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports", 2023.
]-> Repo: https://github.com/soarsmu/Chronos
"CHRONOS: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports", 2023.
]-> Repo: https://github.com/soarsmu/Chronos
#tools
#Threat_Research
1. Detection of Lateral Movement with the Sliver C2 Framework
https://blogs.vmware.com/security/2023/01/detection-of-lateral-movement-with-the-sliver-c2-framework.html
]-> https://github.com/vmware-samples/tau-research
2. Java code inspector for web vulnerability scan
https://github.com/4ra1n/code-inspector
3. Survey of security mitigations and architectures, December 2022
https://saaramar.github.io/memory_safety_blogpost_2022
#Threat_Research
1. Detection of Lateral Movement with the Sliver C2 Framework
https://blogs.vmware.com/security/2023/01/detection-of-lateral-movement-with-the-sliver-c2-framework.html
]-> https://github.com/vmware-samples/tau-research
2. Java code inspector for web vulnerability scan
https://github.com/4ra1n/code-inspector
3. Survey of security mitigations and architectures, December 2022
https://saaramar.github.io/memory_safety_blogpost_2022
VMware Security Blog
Detection of Lateral Movement with the Sliver C2 Framework
Here's how an attacker may use Sliver to generate an implant, control it, and move laterally within a corporate network, and what network traffic this activity may generate.
#Offensive_security
1. All Common Ports: Enumerations and Exploitations
https://pentestbook.six2dez.com/enumeration/ports#general
2. Explorer Persistence technique: Hijacking cscapi.dll order loading path and writing malicious dll into C:\Windows\cscapi.dll
https://github.com/D1rkMtr/ExplorerPersist
1. All Common Ports: Enumerations and Exploitations
https://pentestbook.six2dez.com/enumeration/ports#general
2. Explorer Persistence technique: Hijacking cscapi.dll order loading path and writing malicious dll into C:\Windows\cscapi.dll
https://github.com/D1rkMtr/ExplorerPersist
Six2Dez
Ports | Pentest Book
automated_threat_handbook_v1-2.pdf
1.6 MB
#Whitepaper
#Threat_Research
#WebApp_Security
"OWASP Automated Threats Handbook: Web Applications, Version 1.2".
#Threat_Research
#WebApp_Security
"OWASP Automated Threats Handbook: Web Applications, Version 1.2".
#Hardware_Security
How Signal Works inside the Kernel
https://f0rm2l1n.github.io/2022-09-07-How-Signal-Works-inside-the-Kernel
How Signal Works inside the Kernel
https://f0rm2l1n.github.io/2022-09-07-How-Signal-Works-inside-the-Kernel
CEH_v12_Lab_Manual.7z
477 MB
#Tech_book
"CEH Version 12 Lab Manual: Ethical Hacking and Countermeasures" (.pdf, full course, 2112 pages), 2022.
"CEH Version 12 Lab Manual: Ethical Hacking and Countermeasures" (.pdf, full course, 2112 pages), 2022.
#DFIR
Analysing Hayabusa Results with jq
https://github.com/Yamato-Security/hayabusa/blob/main/doc/AnalysisWithJQ-English.md
Analysing Hayabusa Results with jq
https://github.com/Yamato-Security/hayabusa/blob/main/doc/AnalysisWithJQ-English.md
GitHub
hayabusa/doc/AnalysisWithJQ-English.md at main · Yamato-Security/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. - Yamato-Security/hayabusa
Class Starting At 8:00 Pm
Join Now Invite Link (Web) : https://system32.ink/zoom-meetings/sqli/?pak=QnhXbW50UHpUcnlwUHJ0ekpRYlBlZz09&join=V2NzRklocno1Ylc1YUVyWUVrRFI1QT09&type=meeting&redirect
Join Now Invite Link (Web) : https://system32.ink/zoom-meetings/sqli/?pak=QnhXbW50UHpUcnlwUHJ0ekpRYlBlZz09&join=V2NzRklocno1Ylc1YUVyWUVrRFI1QT09&type=meeting&redirect
#Malware_analysis
1. Analyzing Rhadamanthys Stealer
https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
2. BianLian Ransomware (Decrypted)
https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware
1. Analyzing Rhadamanthys Stealer
https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
2. BianLian Ransomware (Decrypted)
https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware
Medium
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Threat Background