Have you checked your PSReadline history lately? Do you know it stores the commands in clear-text and is persistent across reboots? This is on a Domain Controller. #PowerShell #RedTeam
LethalHTA - A new lateral movement technique using DCOM and HTA
https://codewhitesec.blogspot.com/2018/07/lethalhta.html
https://codewhitesec.blogspot.com/2018/07/lethalhta.html
Blogspot
CODE WHITE | Blog: LethalHTA - A new lateral movement technique using DCOM and HTA
The following blog post introduces a new lateral movement technique that combines the power of DCOM and HTA. The research on this t...
PHP_imap_open_exploit
Bypassing disabled exec functions in PHP via imap_open (Debian & Ubuntu)
https://github.com/Bo0oM/PHP_imap_open_exploit
Bypassing disabled exec functions in PHP via imap_open (Debian & Ubuntu)
https://github.com/Bo0oM/PHP_imap_open_exploit
GitHub
GitHub - Bo0oM/PHP_imap_open_exploit: Bypassing disabled exec functions in PHP (c) CRLF
Bypassing disabled exec functions in PHP (c) CRLF. Contribute to Bo0oM/PHP_imap_open_exploit development by creating an account on GitHub.
Exploiting internal tomcat server with SSRF - Insomnihack teaser 2017 Web 50 writeup
https://blog.0daylabs.com/2017/01/22/smart-tomcat/
https://blog.0daylabs.com/2017/01/22/smart-tomcat/
0Daylabs
Exploiting internal tomcat server with SSRF - Insomnihack teaser 2017 Web 50 writeup
Exploiting internal tomcat server (with default credentials) using SSRF (Insomnihack teaser 2017 Web 50 writeup)
Red teamers, you can turn off Defender from admin powershell with ‘Set-MpPreference -DisableRealTimeMonitoring $true’ but it will result in a balloon notification for anyone logged on. Instead, use ‘Add-MpPreference -ExclusionPath “c:\temp”’ to silently add an exclusions folder.
#CVE-2018-14667 RichFaces Framework 3.X through 3.3.4 Expression Language (EL) injection
https://www.youtube.com/watch?v=HR7-nL5G91w
https://www.youtube.com/watch?v=HR7-nL5G91w
YouTube
Poc of CVE-2018-14667 - Remote Code Execution in WebApps using Richfaces
PoC presented at Hackers to Hackers Conference 2018 (H2HC 2018)
More details in slides: https://www.slideshare.net/mobile/joaomatosff/a-little-bit-about-code-injection-in-webapplication-frameworks-cve201814667-h2hc-2018
CVE-2018-14667 is a Expression Language…
More details in slides: https://www.slideshare.net/mobile/joaomatosff/a-little-bit-about-code-injection-in-webapplication-frameworks-cve201814667-h2hc-2018
CVE-2018-14667 is a Expression Language…
Active Directory Firewall Ports – Let’s Try To Make This Simple
https://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/
https://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/
JSgen.py – bind and reverse shell JS code generator for SSJI in Node.js with filter bypass encodings
https://pentesterslife.blog/2018/06/28/jsgen/
https://pentesterslife.blog/2018/06/28/jsgen/
Undetectable C# & C++ Reverse Shells
https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
SILENTTRINITY. A post-exploitation agent powered by Python, IronPython, C#/.NET
https://github.com/byt3bl33d3r/SILENTTRINITY
https://github.com/byt3bl33d3r/SILENTTRINITY
XS-Searching Google’s bug tracker to find out vulnerable source code
https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549
https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549
Medium
XS-Searching Google’s bug tracker to find out vulnerable source code
Or how side-channel timing attacks aren’t that impractical