APT
Offensive WMI - Reconnaissance & Enumeration (Part 4) This post focuses on interacting with several WMI classes to extract useful and sensitive information https://0xinfection.github.io/posts/wmi-recon-enum/ #wmi
Offensive WMI - Active Directory Enumeration (Part 5)
https://0xinfection.github.io/posts/wmi-ad-enum/
#wmi
https://0xinfection.github.io/posts/wmi-ad-enum/
#wmi
Kubernetes Security Checklist and Requirements
https://github.com/Vinum-Security/kubernetes-security-checklist
#kubernetes #checklist
https://github.com/Vinum-Security/kubernetes-security-checklist
#kubernetes #checklist
GitHub
GitHub - Vinum-Security/kubernetes-security-checklist: Kubernetes Security Checklist and Requirements - All in One (authentication…
Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile) - Vinum-Security/kubernetes-security-che...
Shellcode Injection Techniques
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
GitHub
GitHub - plackyhacker/Shellcode-Injection-Techniques: A collection of C# shellcode injection techniques. All techniques use an…
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some ...
This media is not supported in your browser
VIEW IN TELEGRAM
ZipExec
Is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms.
https://github.com/Tylous/ZipExec
#redteam #netsec
Is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms.
https://github.com/Tylous/ZipExec
#redteam #netsec
This media is not supported in your browser
VIEW IN TELEGRAM
Jira Unauthenticated Access to Screens
Exploit:
Depends on the Program, some accept it and some consider this Informational.
#jira #bugbounty
Exploit:
jira.example.com/rest/api/2/screensNote:
Depends on the Program, some accept it and some consider this Informational.
#jira #bugbounty
Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses
https://v3ded.github.io/redteam/utilizing-programmatic-identifiers-progids-for-uac-bypasses
#uac #bypass #progid
https://v3ded.github.io/redteam/utilizing-programmatic-identifiers-progids-for-uac-bypasses
#uac #bypass #progid
v3ded.github.io
Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses
Introduction In today’s blog, we will specifically talk about evading antivirus signatures that target registry keys which are associated with UAC (User Acco...
Advanced Maldoc Techniques
MS Office File Formats — Advanced Malicious Document (Maldoc) Techniques
# https://medium.com/walmartglobaltech/ms-office-file-formats-advanced-malicious-document-maldoc-techniques-b5f948950fdf
Evasive VBA — Advanced Maldoc Techniques
# https://medium.com/walmartglobaltech/evasive-vba-advanced-maldoc-techniques-1365e9373f80
VBA Stomping — Advanced Maldoc Techniques
# https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278
VBA Project Locked — Project is Unviewable
# https://medium.com/walmartglobaltech/vba-project-locked-project-is-unviewable-4d6a0b2e7cac
#vba #maldoc #advanced
MS Office File Formats — Advanced Malicious Document (Maldoc) Techniques
# https://medium.com/walmartglobaltech/ms-office-file-formats-advanced-malicious-document-maldoc-techniques-b5f948950fdf
Evasive VBA — Advanced Maldoc Techniques
# https://medium.com/walmartglobaltech/evasive-vba-advanced-maldoc-techniques-1365e9373f80
VBA Stomping — Advanced Maldoc Techniques
# https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278
VBA Project Locked — Project is Unviewable
# https://medium.com/walmartglobaltech/vba-project-locked-project-is-unviewable-4d6a0b2e7cac
#vba #maldoc #advanced
Medium
MS Office File Formats — Advanced Malicious Document (Maldoc) Techniques
Authors: Kirk Sayre (@bigmacjpg), Harold Ogden (@haroldogden) and Carrie Roberts (@OrOneEqualsOne)
OffensiveVBA
This repo covers some code execution and AV Evasion methods for Macros in Office documents
https://github.com/S3cur3Th1sSh1t/OffensiveVBA
#vba #offensive #maldoc
This repo covers some code execution and AV Evasion methods for Macros in Office documents
https://github.com/S3cur3Th1sSh1t/OffensiveVBA
#vba #offensive #maldoc
GitHub
GitHub - S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents
This repo covers some code execution and AV Evasion methods for Macros in Office documents - S3cur3Th1sSh1t/OffensiveVBA
C3
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
https://github.com/FSecureLABS/C3
#c2 #cobaltstrike #redteam
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
https://github.com/FSecureLABS/C3
#c2 #cobaltstrike #redteam
GitHub
GitHub - ReversecLabs/C3: Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still…
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. - ReversecLabs/C3
Using Kerberos for Authentication Relay Attacks
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
#kerberos #relay
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
#kerberos #relay
Blogspot
Using Kerberos for Authentication Relay Attacks
Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been doing into relaying Kerberos authentica...
LFI Bypass
#bugbounty #bugbountytips #lfi
1) /usr/bin/cat /etc/passwd == /???/???/c?t$IFS/?t?/p?s?wd
2) /*/?at$IFS/???/???swd
3)/****/?at$IFS/???/*swd
4)/****/?at$IFS/???/*******swd
(IFS is Internal Field Separator = [space], [tab] or a [newline])#bugbounty #bugbountytips #lfi
SharpSystemTriggers
Collection of remote authentication triggers in C#
https://github.com/cube0x0/SharpSystemTriggers
#coerce #authentication #petitpotam #spoolsample #dcom
Collection of remote authentication triggers in C#
https://github.com/cube0x0/SharpSystemTriggers
#coerce #authentication #petitpotam #spoolsample #dcom
GitHub
GitHub - cube0x0/SharpSystemTriggers: Collection of remote authentication triggers in C#
Collection of remote authentication triggers in C# - GitHub - cube0x0/SharpSystemTriggers: Collection of remote authentication triggers in C#
Blue Team Notes
A collection of one-liners, small scripts, and some useful tips for blue team work.
https://github.com/Purp1eW0lf/Blue-Team-Notes
#blueteam #cheatsheet
A collection of one-liners, small scripts, and some useful tips for blue team work.
https://github.com/Purp1eW0lf/Blue-Team-Notes
#blueteam #cheatsheet
GitHub
GitHub - Purp1eW0lf/Blue-Team-Notes: You didn't think I'd go and leave the blue team out, right?
You didn't think I'd go and leave the blue team out, right? - GitHub - Purp1eW0lf/Blue-Team-Notes: You didn't think I'd go and leave the blue team out, right?
Thread Stack Spoofing
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory.
https://github.com/mgeeky/ThreadStackSpoofer
#stackspoofing #av #evasion #inject #shellcode #bypass #edr
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory.
https://github.com/mgeeky/ThreadStackSpoofer
#stackspoofing #av #evasion #inject #shellcode #bypass #edr
GitHub
GitHub - mgeeky/ThreadStackSpoofer: Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better…
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts. - mgeeky/ThreadStackSpoofer