Persistence Techniques That Persist https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist
Cyberark
Persistence Techniques That Persist
Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...
Fascinating C code: TCP sockets & HTTP file downloads using only ntdll exports (NtCreateFile & NtDeviceIoControlFile syscalls). Bypasses Winsock for low-level Windows networking.
https://www.x86matthew.com/view_post?id=ntsockets
https://www.x86matthew.com/view_post?id=ntsockets
Red Team Privilege Escalation
Part 1 - Writable SYSTEM Path Privilege Escalation
https://www.praetorian.com/blog/red-team-local-privilege-escalation-writable-system-path-privilege-escalation-part-1
Part 2 - RBCD Based Privilege Escalation
https://www.praetorian.com/blog/red-team-privilege-escalation-rbcd-based-privilege-escalation-part-2
Part 1 - Writable SYSTEM Path Privilege Escalation
https://www.praetorian.com/blog/red-team-local-privilege-escalation-writable-system-path-privilege-escalation-part-1
Part 2 - RBCD Based Privilege Escalation
https://www.praetorian.com/blog/red-team-privilege-escalation-rbcd-based-privilege-escalation-part-2
๐1
๐ RedTeam Story #1: XSS, LFI, Logrotate.
โข MITRE ATT&CK Techniques and Tactics;
โข Attack Context;
โข Methodology;
โข Evasion Mechanism;
โข Goal;
โข Exploitation of Website;
โข Privilege Escalation and Lateral Movement;
โข Post-Exploitation;
โข Automation and Scripting;
โข Persistence;
- MITRE ATT&CK Techniques and Tactics Sorted by Tactics;
- Attack Context;
โข Scripting;
- Creating and Testing a Bash Reverse Shell;
- Verifying the Reverse Shell;
- Establishing a Reverse Shell Connection;
- Analyzing Root Crontab and Persistence Mechanisms;
โ Reviewing Crontab;
โ Root Reset Script;
โ Log Rotation Configuration;
โ Automated Root Login Script;
โ Database Cleanup Script;
โข Privilege Escalation;
โข MITRE ATT&CK Techniques and Tactics;
โข Attack Context;
โข Methodology;
โข Evasion Mechanism;
โข Goal;
โข Exploitation of Website;
โข Privilege Escalation and Lateral Movement;
โข Post-Exploitation;
โข Automation and Scripting;
โข Persistence;
- MITRE ATT&CK Techniques and Tactics Sorted by Tactics;
- Attack Context;
โข Scripting;
- Creating and Testing a Bash Reverse Shell;
- Verifying the Reverse Shell;
- Establishing a Reverse Shell Connection;
- Analyzing Root Crontab and Persistence Mechanisms;
โ Reviewing Crontab;
โ Root Reset Script;
โ Log Rotation Configuration;
โ Automated Root Login Script;
โ Database Cleanup Script;
โข Privilege Escalation;
A Universal Windows Bootkit
An analysis of the MBR bootkit referred to as โHDRootโ
https://williamshowalter.com/a-universal-windows-bootkit/
An analysis of the MBR bootkit referred to as โHDRootโ
https://williamshowalter.com/a-universal-windows-bootkit/
๐ข๐ช๐๐ฆ๐ฃ ๐ง๐ข๐ฃ ๐ญ๐ฌ - ๐ฉ๐๐น๐ป๐ฒ๐ฟ๐ฎ๐ฏ๐น๐ฒ ๐๐๐ ๐๐ฝ๐ฝ๐น๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป๐
The OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security.
Link ๐:-
https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki/Vulnerable-LLM-Applications
The OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security.
Link ๐:-
https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki/Vulnerable-LLM-Applications
This media is not supported in your browser
VIEW IN TELEGRAM
Bluetooth-DOS-Attack
Tool idea:
Make it mandatory for nearby Bluetooth-enabled devices to connect to nearby Bluetooth-enabled devices such as speakers and other things.
https://github.com/Yasher201/Bluetooth-DOS-Attack
Tool idea:
Make it mandatory for nearby Bluetooth-enabled devices to connect to nearby Bluetooth-enabled devices such as speakers and other things.
https://github.com/Yasher201/Bluetooth-DOS-Attack
๐ง๐ฒ๐ฐ๐ต๐ป๐ถ๐พ๐๐ฒ๐ ๐ณ๐ผ๐ฟ ๐ฃ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ ๐๐๐ฐ๐ฎ๐น๐ฎ๐๐ถ๐ผ๐ป ๐ผ๐ป ๐ช๐ถ๐ป๐ฑ๐ผ๐๐
Breaking Barriers and Assumptions
๐ Part 1 :-
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
๐ Part 2 :-
https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
๐ Part 3 :-
https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
Breaking Barriers and Assumptions
๐ Part 1 :-
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
๐ Part 2 :-
https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
๐ Part 3 :-
https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
C2 Cloud - The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cloud. It can manage several simultaneous backdoor sessions with a user-friendly interface.
https://github.com/govindasamyarun/c2-cloud?tab=readme-ov-file#application-setup
https://github.com/govindasamyarun/c2-cloud?tab=readme-ov-file#application-setup
Black Hat Bash.pdf
8.5 MB
Black Hat Bash - Creative Scripting for Hackers and Pentesters by Dolev Farhi, Nick Aleks
๐ฅ1
Kaspersky TDSSKiller abuse to disable EDR software
You can abuse TDSSKiller to interact with kernel-level services to disable EDR software running on the machine.
Removal of Malwarebytes Anti-Malware Service:
Removal of Microsoft Defender:
The "-dcsvc <service_name>" command deletes the specified service, removing the registry keys and executables associated with the service and software.
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/lockbit-ransomware-silently-disables-edr-using-tdsskiller
https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/
You can abuse TDSSKiller to interact with kernel-level services to disable EDR software running on the machine.
Removal of Malwarebytes Anti-Malware Service:
tdsskiller.exe -dcsvc MBAMService Removal of Microsoft Defender:
tdsskiller.exe -dcsvc windefend The "-dcsvc <service_name>" command deletes the specified service, removing the registry keys and executables associated with the service and software.
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/lockbit-ransomware-silently-disables-edr-using-tdsskiller
https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/
Leaked Wallpaper
This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.
https://github.com/MzHmO/LeakedWallpaper
This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.
https://github.com/MzHmO/LeakedWallpaper
PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released:
https://securityonline.info/poc-exploit-for-windows-0-day-flaws-cve-2024-38202-and-cve-2024-21302-released/
https://securityonline.info/poc-exploit-for-windows-0-day-flaws-cve-2024-38202-and-cve-2024-21302-released/