CVE-2023-34362:
MOVEIt Transfer RCE
Part1: https://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure
Part 2: https://blog.assetnote.io/2023/06/13/moveit-transfer-part-two
MOVEIt Transfer RCE
Part1: https://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure
Part 2: https://blog.assetnote.io/2023/06/13/moveit-transfer-part-two
👍1
Pentration Testing, Beginners To Expert!
https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
GitHub
GitHub - xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes: A comprehensive guide for web application penetration…
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities. - xalgord/Massive-...
👍3
Writing Windows Kernel Drivers for Advanced Persistence
Part 1: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
Part 2: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-2
Part 1: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
Part 2: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-2
v3ded.github.io
Red Team Tactics: Writing Windows Kernel Drivers for Advanced Persistence (Part 1)
Introduction This post, as indicated by the title, will cover the topic of writing Windows kernel drivers for advanced persistence. Because the subject matte...
The art of fuzzing: Windows Binaries
https://bushido-sec.com/index.php/2023/06/25/the-art-of-fuzzing-windows-binaries/
https://bushido-sec.com/index.php/2023/06/25/the-art-of-fuzzing-windows-binaries/
Bushido Security
The art of fuzzing: Windows Binaries - Bushido Security
This article delves into the concept of grey-box fuzzing, focusing on testing closed-source Windows binaries. Grey-box fuzzing allows vulnerability researchers to discover undiscovered vulnerabilities by fuzzing targets without having access to their source…
CVE-2023-32031 : MS Exchange PowerShell backend - Remote Code Execution
https://littlepwner.github.io/posts/cve-2023-32031-ms-exchange-powershell-backend-rce/
https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend
https://littlepwner.github.io/posts/cve-2023-32031-ms-exchange-powershell-backend-rce/
https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend
LDAP Queries for Offensive and Defensive Operations
https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations
https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations
Polito, Inc.
LDAP Queries for Offensive and Defensive Operations
The intention of this post is to provide basic queries for targeted AD DS information gathering used in penetration testing. The reader can
Cerez - A simple LD_PRELOAD rootkit
Features
✔ Hidden in the process list
✔ Hidden in the file system
✔ Unreadable
✔ Undeleteable
✔ Unwriteable
❌ Hidden in the network list (WIP)
https://github.com/StayBeautiful-collab/cerez
Features
✔ Hidden in the process list
✔ Hidden in the file system
✔ Unreadable
✔ Undeleteable
✔ Unwriteable
❌ Hidden in the network list (WIP)
https://github.com/StayBeautiful-collab/cerez
RMM – ScreenConnect: Client-Side Evidence
https://dfirtnt.wordpress.com/2023/07/14/rmm-screenconnect-client-side-evidence/
https://dfirtnt.wordpress.com/2023/07/14/rmm-screenconnect-client-side-evidence/
DRIF TNT | Digital Forensics | Incident Response | Tips and Tricks
RMM – ScreenConnect: Client-Side Evidence
Inspired by recent threat intelligence, I am starting a series on Remote Monitoring and Management (RMM) tools. I wanted start with some testing on ScreenConnect to support investigators who may ha…
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
https://www.rapid7.com/blog/post/2023/07/18/etr-critical-zero-day-vulnerability-in-citrix-netscaler-adc-and-netscaler-gateway/
https://www.rapid7.com/blog/post/2023/07/18/etr-critical-zero-day-vulnerability-in-citrix-netscaler-adc-and-netscaler-gateway/
Rapid7
Default description for Twitter sharing.
zer0ptsCTF 2023 - Reverse Engineering Writeups
https://fazect.github.io/zer0ptsctf2023-rev/
amateursCTF 2023 - Reverse Engineering Writeups
https://fazect.github.io/amateursctf2023-rev/
https://fazect.github.io/zer0ptsctf2023-rev/
amateursCTF 2023 - Reverse Engineering Writeups
https://fazect.github.io/amateursctf2023-rev/
Escalating Privileges via Third-Party Windows Installers
https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers
https://github.com/mandiant/msi-search
https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers
https://github.com/mandiant/msi-search
Google Cloud Blog
Escalating Privileges via Third-Party Windows Installers | Mandiant | Google Cloud Blog
GIUDA - Ask a TGS on behalf of another user without password
https://github.com/foxlox/GIUDA
https://github.com/foxlox/GIUDA
GitHub
GitHub - foxlox/GIUDA: Ask a TGS on behalf of another user without password
Ask a TGS on behalf of another user without password - foxlox/GIUDA
KRBUACBypass
By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we can easily bypass UAC and gain SYSTEM privileges.
Research:
https://www.tiraniddo.dev/2022/03/bypassing-uac-in-most-complex-way.html
Source:
https://github.com/wh0amitz/KRBUACBypass
By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we can easily bypass UAC and gain SYSTEM privileges.
Research:
https://www.tiraniddo.dev/2022/03/bypassing-uac-in-most-complex-way.html
Source:
https://github.com/wh0amitz/KRBUACBypass
www.tiraniddo.dev
Bypassing UAC in the most Complex Way Possible!
While it's not something I spend much time on, finding a new way to bypass UAC is always amusing. When reading through some of the features ...
👍1🥰1
It's a tool to interact with remote hosts using the Windows Search Protocol and coerce authentication. The target host will connect over SMB to the listener host using the machine account.
https://github.com/slemire/WSPCoerce
https://github.com/slemire/WSPCoerce
Proof of Concept for CVE-2023-38646
This vulnerability has been declared as critical, because it allows an unauthenticated attacker to execute arbitrary commands with the same privileges as the Metabase server. This vulnerability means the Metabase server can become a potential entry point for malicious attacks, which could compromise the integrity of the whole system it operates on.
https://github.com/Zenmovie/CVE-2023-38646
This vulnerability has been declared as critical, because it allows an unauthenticated attacker to execute arbitrary commands with the same privileges as the Metabase server. This vulnerability means the Metabase server can become a potential entry point for malicious attacks, which could compromise the integrity of the whole system it operates on.
https://github.com/Zenmovie/CVE-2023-38646
GitHub
GitHub - Zenmovie/CVE-2023-38646: Proof of Concept for CVE-2023-38646
Proof of Concept for CVE-2023-38646. Contribute to Zenmovie/CVE-2023-38646 development by creating an account on GitHub.
100 Methods for Container Attacks(RTC0010)
https://redteamrecipe.com/100-Method-For-Container-Attacks/
https://redteamrecipe.com/100-Method-For-Container-Attacks/
ExpiredDomains.com
redteamrecipe.com is for sale! Check it out on ExpiredDomains.com
Buy redteamrecipe.com for 195 on GoDaddy via ExpiredDomains.com. This premium expired .com domain is ideal for establishing a strong online identity.
👍2