Alternative Process Injection
Process injection is a well-known defense evasion technique that has been used for decades to execute malicious code in a legitimate process. Until now, it is still a common technique used by hackers/red teamers.
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
#process #injection #maldev
Process injection is a well-known defense evasion technique that has been used for decades to execute malicious code in a legitimate process. Until now, it is still a common technique used by hackers/red teamers.
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
#process #injection #maldev
Bug Bounty Tip — Log4j Vulnerability Cheatsheet
— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)
#log4j #cheatsheet #bugbounty
— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)
#log4j #cheatsheet #bugbounty
❤1
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.
https://github.com/j3ssie/Osmedeus
#osint #vulnerability #scanner #bugbounty
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.
https://github.com/j3ssie/Osmedeus
#osint #vulnerability #scanner #bugbounty
moonwalk
moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell.
https://github.com/mufeedvh/moonwalk
#unix #log #clearing #redteam
moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell.
https://github.com/mufeedvh/moonwalk
#unix #log #clearing #redteam
CloudSploit
CloudSploit's remediation guides are intended to be an open-source resource for improving cloud security. Many cloud IaaS providers like AWS, Azure, and Google Cloud have a shared responsibility model. They provide the physical and architectural security, along with tools to properly secure the services they offer, but it is up to the user to configure those settings properly.
https://github.com/aquasecurity/cloud-security-remediation-guides
#cloud #security #remediation #blueteam
CloudSploit's remediation guides are intended to be an open-source resource for improving cloud security. Many cloud IaaS providers like AWS, Azure, and Google Cloud have a shared responsibility model. They provide the physical and architectural security, along with tools to properly secure the services they offer, but it is up to the user to configure those settings properly.
https://github.com/aquasecurity/cloud-security-remediation-guides
#cloud #security #remediation #blueteam
GitHub
GitHub - aquasecurity/cloud-security-remediation-guides: Security Remediation Guides
Security Remediation Guides. Contribute to aquasecurity/cloud-security-remediation-guides development by creating an account on GitHub.
RogueAssemblyHunter
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
https://github.com/bohops/RogueAssemblyHunter
#dotnet #blueteam #threadhunting
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
https://github.com/bohops/RogueAssemblyHunter
#dotnet #blueteam #threadhunting
GitHub
GitHub - bohops/RogueAssemblyHunter: Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running…
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. - bohops/RogueAssemblyHunter
This media is not supported in your browser
VIEW IN TELEGRAM
Invoke-WinSATBypass
This script will create a mock directory of "
It will after try to download a DLL called
https://github.com/b4keSn4ke/Invoke-WinSATBypass
#uac #bypass #winsat #tools
This script will create a mock directory of "
C:\Windows\System32" and copy a legitimate application of Windows (WinSAT.exe) into it.It will after try to download a DLL called
version.dll, which is loaded by default by WinSAT.exe, in order to perform a UAC Bypass by doing some DLL Hijacking.https://github.com/b4keSn4ke/Invoke-WinSATBypass
#uac #bypass #winsat #tools
ADCS: Playing with ESC4
Enumeration and abuse of Linux-based ADCS ESC4
Research:
https://www.fortalicesolutions.com/posts/adcs-playing-with-esc4
Source:
https://github.com/fortalice/modifyCertTemplate
#adcs #abuse #pentest #tools
Enumeration and abuse of Linux-based ADCS ESC4
Research:
https://www.fortalicesolutions.com/posts/adcs-playing-with-esc4
Source:
https://github.com/fortalice/modifyCertTemplate
#adcs #abuse #pentest #tools
Fortalicesolutions
ADCS: Playing with ESC4
Let's start off with template enumeration - my go-to tool for this from Kali is [certi.py](https://github.com/zer1t0/certi), which has a `list` command for enumeration. Sorting through the output for potential misconfigurations and escalation paths, I found…
Windows 10 Hardening
The project started as a simple hardening list for Windows 10. After some time, HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10
https://github.com/0x6d69636b/windows_hardening/
#blueteam #windows #hardening #benchmarks
The project started as a simple hardening list for Windows 10. After some time, HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10
https://github.com/0x6d69636b/windows_hardening/
#blueteam #windows #hardening #benchmarks
GitHub
GitHub - 0x6d69636b/windows_hardening: HardeningKitty and Windows Hardening Settings
HardeningKitty and Windows Hardening Settings. Contribute to 0x6d69636b/windows_hardening development by creating an account on GitHub.
APT
Grafana — Unauthorized Arbitrary Read File The latest Grafana unpatched 0Day LFI is now being actively exploited, it affects only Grafana 8.0+ Dorks: Shodan: title:"Grafana" Fofa.so: app="Grafana" ZoomEye: grafana PoC https://example.com/public/plugins/grafana…
A (not so deep) Dive into Grafana CVE-2021-43798
This post will cover some details behind the recent Grafana vulnerability (CVE-2021-43798), which is a directory traversal bug allowing unauthenticated attackers to read files on the target server filesystem. This post will also discuss some real world scenario and attack surface of the Grafana.
https://nusgreyhats.org/posts/writeups/a-not-so-deep-dive-in-to-grafana-cve-2021-43798/
#grafana #lfi #cve
This post will cover some details behind the recent Grafana vulnerability (CVE-2021-43798), which is a directory traversal bug allowing unauthenticated attackers to read files on the target server filesystem. This post will also discuss some real world scenario and attack surface of the Grafana.
https://nusgreyhats.org/posts/writeups/a-not-so-deep-dive-in-to-grafana-cve-2021-43798/
#grafana #lfi #cve
NUS Greyhats
A (not so deep) Dive into Grafana CVE-2021-43798
Tired of log4shell? take some rest then
Arsenal of AWS Security Tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
#aws #security #benchmarks #blueteam
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
#aws #security #benchmarks #blueteam
GitHub
GitHub - toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing…
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. - toniblyx/my-arsenal-of-aws-security-tools
DetectionLab
DetectionLab is a repository containing a variety of Packer, Vagrant, Powershell, Ansible, and Terraform scripts that allow you to automate the process of bringing an ActiveDirectory environment online complete with logging and security tooling using a variety of different platforms.
DetectionLab can currently be deployed to the following platforms:
— Virtualbox (Windows, MacOS, Linux)
— VMware Workstation/Fusion (Windows, MacOS, Linux)
— HyperV
— ESXi
— AWS
— Azure
— LibVirt (Not officially supported)
— Proxmox (Not officially supported)
https://detectionlab.network/
#lab #cloud #blueteam #redteam
DetectionLab is a repository containing a variety of Packer, Vagrant, Powershell, Ansible, and Terraform scripts that allow you to automate the process of bringing an ActiveDirectory environment online complete with logging and security tooling using a variety of different platforms.
DetectionLab can currently be deployed to the following platforms:
— Virtualbox (Windows, MacOS, Linux)
— VMware Workstation/Fusion (Windows, MacOS, Linux)
— HyperV
— ESXi
— AWS
— Azure
— LibVirt (Not officially supported)
— Proxmox (Not officially supported)
https://detectionlab.network/
#lab #cloud #blueteam #redteam
Сaldera — Automated Adversary Emulation Platform
Сaldera is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
https://github.com/mitre/caldera
#blueteam #redteam #automated
Сaldera is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
https://github.com/mitre/caldera
#blueteam #redteam #automated
GitHub
GitHub - mitre/caldera: Automated Adversary Emulation Platform
Automated Adversary Emulation Platform. Contribute to mitre/caldera development by creating an account on GitHub.
Executing Code Using Microsoft Teams Updater
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
#teams #redteam #research
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
#teams #redteam #research
Trustwave
Executing Code Using Microsoft Teams Updater | Trustwave
Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m no exception to that rule.
PHP LFI with Nginx Assistance
This post presents a new method to exploit local file inclusion (LFI) vulnerabilities in utmost generality, assuming only that PHP is running in combination with Nginx under a common standard configuration.
https://bierbaumer.net/security/php-lfi-with-nginx-assistance/
#lfi #nginx #php
This post presents a new method to exploit local file inclusion (LFI) vulnerabilities in utmost generality, assuming only that PHP is running in combination with Nginx under a common standard configuration.
https://bierbaumer.net/security/php-lfi-with-nginx-assistance/
#lfi #nginx #php
GoWard
GoWard proxies HTTP C2 traffic to specified Red Team servers based on the HTTP header of the traffic.
https://github.com/chdav/GoWard
#c2 #proxy #redteam
GoWard proxies HTTP C2 traffic to specified Red Team servers based on the HTTP header of the traffic.
https://github.com/chdav/GoWard
#c2 #proxy #redteam
GitHub
GitHub - tid4l/GoWard: A robust Red Team proxy written in Go.
A robust Red Team proxy written in Go. Contribute to tid4l/GoWard development by creating an account on GitHub.