Red teamers, you can turn off Defender from admin powershell with ‘Set-MpPreference -DisableRealTimeMonitoring $true’ but it will result in a balloon notification for anyone logged on. Instead, use ‘Add-MpPreference -ExclusionPath “c:\temp”’ to silently add an exclusions folder.
#CVE-2018-14667 RichFaces Framework 3.X through 3.3.4 Expression Language (EL) injection
https://www.youtube.com/watch?v=HR7-nL5G91w
https://www.youtube.com/watch?v=HR7-nL5G91w
YouTube
Poc of CVE-2018-14667 - Remote Code Execution in WebApps using Richfaces
PoC presented at Hackers to Hackers Conference 2018 (H2HC 2018)
More details in slides: https://www.slideshare.net/mobile/joaomatosff/a-little-bit-about-code-injection-in-webapplication-frameworks-cve201814667-h2hc-2018
CVE-2018-14667 is a Expression Language…
More details in slides: https://www.slideshare.net/mobile/joaomatosff/a-little-bit-about-code-injection-in-webapplication-frameworks-cve201814667-h2hc-2018
CVE-2018-14667 is a Expression Language…
Active Directory Firewall Ports – Let’s Try To Make This Simple
https://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/
https://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/
JSgen.py – bind and reverse shell JS code generator for SSJI in Node.js with filter bypass encodings
https://pentesterslife.blog/2018/06/28/jsgen/
https://pentesterslife.blog/2018/06/28/jsgen/
Undetectable C# & C++ Reverse Shells
https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
SILENTTRINITY. A post-exploitation agent powered by Python, IronPython, C#/.NET
https://github.com/byt3bl33d3r/SILENTTRINITY
https://github.com/byt3bl33d3r/SILENTTRINITY
XS-Searching Google’s bug tracker to find out vulnerable source code
https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549
https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549
Medium
XS-Searching Google’s bug tracker to find out vulnerable source code
Or how side-channel timing attacks aren’t that impractical
Active Directory Kill Chain Attack & Defense
https://github.com/infosecn1nja/AD-Attack-Defense/blob/master/README.md
https://github.com/infosecn1nja/AD-Attack-Defense/blob/master/README.md
Luckystrike: An Evil Office Document Generator.
https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
SynerComm
Luckystrike: An Evil Office Document Generator. - SynerComm
DerbyCon Tool Drop 2.0 Talk here. Luckystrike demo begins at 18:45. <tldr> Luckystrike is a PowerShell based generator of malicious .xls documents (soon to be .doc). All your payloads are saved into a database for easy retrieval & embedding into a new or…
Understanding the AD Account attributes - LastLogon, LastLogonTimeStamp and LastLogonDate
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
SMB Named Pipe Pivoting in Meterpreter
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
Medium
SMB Named Pipe Pivoting in Meterpreter
A hidden feature of Metasploit, is the ability to add SMB Named Pipe listeners in a meterpreter session to pivot on an internal network…