C3 (Custom Command and Control) is a tool that allows #Red_Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It allows the Red Team to concern themselves only with the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest
https://github.com/FSecureLABS/C3
for a detailed tutorial
https://labs.f-secure.com/tools/c3
https://github.com/FSecureLABS/C3
for a detailed tutorial
https://labs.f-secure.com/tools/c3
oyabun_v2.7z
4.7 MB
#Penetration_Testing
#oyabun_v2 #leak
_ More sandbox detection methods
_ Fresh modules for data exfiltration and administration
_ AV evasion options
_ Ngrok’s region selection
_ Possibility to manage multiple connections
_ Language-specific command stagers
_ Tunnels …
_ Dedicated command for testing connectivity of each endpoint
_ Experimental hardware disruptors
_ Improved authtoken initialization
_ Indicator of active implants count in the prompt
_ New approach for SSL keypairs regeneration
_ New custom banner and ASCII art
_ Other useful command-line options
#and_more .. .
#oyabun_v2 #leak
_ More sandbox detection methods
_ Fresh modules for data exfiltration and administration
_ AV evasion options
_ Ngrok’s region selection
_ Possibility to manage multiple connections
_ Language-specific command stagers
_ Tunnels …
_ Dedicated command for testing connectivity of each endpoint
_ Experimental hardware disruptors
_ Improved authtoken initialization
_ Indicator of active implants count in the prompt
_ New approach for SSL keypairs regeneration
_ New custom banner and ASCII art
_ Other useful command-line options
#and_more .. .
#CVE-2021-43557 Apache APISIX Path traversal in request_uri variable
https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable
#poc for CVE-2021-43557
https://github.com/xvnpw/k8s-CVE-2021-43557-poc
https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable
#poc for CVE-2021-43557
https://github.com/xvnpw/k8s-CVE-2021-43557-poc
The_Complete_Guide_to_Understanding_Apple_Mac_Security_for_Enterprise.pdf
10.7 MB
#SentinelOne
The Complete Guide to Understanding Apple Mac Security for Enterprise
direct download ⬇️
https://www.sentinelone.com/wp-content/uploads/2021/11/The-Complete-Guide-to-Understanding-Apple-Mac-Security-for-Enterprise.pdf
GSOh No! Hunting for Vulnerabilities in VirtualBox Network Offloads
https://www.sentinelone.com/labs/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads
The Complete Guide to Understanding Apple Mac Security for Enterprise
direct download ⬇️
https://www.sentinelone.com/wp-content/uploads/2021/11/The-Complete-Guide-to-Understanding-Apple-Mac-Security-for-Enterprise.pdf
GSOh No! Hunting for Vulnerabilities in VirtualBox Network Offloads
https://www.sentinelone.com/labs/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads
notable code snippets for Offensive Security's PEN-300 (OSEP) course
https://github.com/chvancooten/OSEP-Code-Snippets?s=09
https://github.com/chvancooten/OSEP-Code-Snippets?s=09
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures
https://github.com/mytechnotalent/Reverse-Engineering
https://github.com/mytechnotalent/Reverse-Engineering
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together
https://github.com/signorrayan/RedTeam_toolkit
Offensive tooling notes and experiments in AutoIt_v3
https://github.com/V1V1/OffensiveAutoIt
https://github.com/signorrayan/RedTeam_toolkit
Offensive tooling notes and experiments in AutoIt_v3
https://github.com/V1V1/OffensiveAutoIt
Run binaries straight from memory in Linux
https://github.com/liamg/memit
403/401 Bypass Methods + Bash Automation + Your Support ;)
https://github.com/Dheerajmadhukar/4-ZERO-3
https://github.com/liamg/memit
403/401 Bypass Methods + Bash Automation + Your Support ;)
https://github.com/Dheerajmadhukar/4-ZERO-3
information about EDRs that can be useful during red team exercise
https://github.com/Mr-Un1k0d3r/EDRs
AV/EDR evasion via direct system calls
https://github.com/jthuraisamy/SysWhispers2
https://github.com/Mr-Un1k0d3r/EDRs
AV/EDR evasion via direct system calls
https://github.com/jthuraisamy/SysWhispers2
#cracken a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust
https://github.com/shmuelamar/cracken
#karma_v2 is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
https://github.com/Dheerajmadhukar/karma_v2
https://github.com/shmuelamar/cracken
#karma_v2 is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
https://github.com/Dheerajmadhukar/karma_v2
The fastest and safest AV1 encoder
https://github.com/xiph/rav1e
Safe, fast, small crypto using Rust
https://github.com/briansmith/ring
https://github.com/xiph/rav1e
Safe, fast, small crypto using Rust
https://github.com/briansmith/ring
proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool
https://github.com/FDlucifer/Proxy-Attackchain
ProxyVulns
https://github.com/hosch3n/ProxyVulns
https://github.com/FDlucifer/Proxy-Attackchain
ProxyVulns
https://github.com/hosch3n/ProxyVulns
VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
https://github.com/l0ggg/VMware_vCenter
https://github.com/l0ggg/VMware_vCenter