Windows 10 Hardening
The project started as a simple hardening list for Windows 10. After some time, HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10
https://github.com/0x6d69636b/windows_hardening/
#blueteam #windows #hardening #benchmarks
The project started as a simple hardening list for Windows 10. After some time, HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10
https://github.com/0x6d69636b/windows_hardening/
#blueteam #windows #hardening #benchmarks
GitHub
GitHub - 0x6d69636b/windows_hardening: HardeningKitty and Windows Hardening Settings
HardeningKitty and Windows Hardening Settings. Contribute to 0x6d69636b/windows_hardening development by creating an account on GitHub.
APT
Grafana — Unauthorized Arbitrary Read File The latest Grafana unpatched 0Day LFI is now being actively exploited, it affects only Grafana 8.0+ Dorks: Shodan: title:"Grafana" Fofa.so: app="Grafana" ZoomEye: grafana PoC https://example.com/public/plugins/grafana…
A (not so deep) Dive into Grafana CVE-2021-43798
This post will cover some details behind the recent Grafana vulnerability (CVE-2021-43798), which is a directory traversal bug allowing unauthenticated attackers to read files on the target server filesystem. This post will also discuss some real world scenario and attack surface of the Grafana.
https://nusgreyhats.org/posts/writeups/a-not-so-deep-dive-in-to-grafana-cve-2021-43798/
#grafana #lfi #cve
This post will cover some details behind the recent Grafana vulnerability (CVE-2021-43798), which is a directory traversal bug allowing unauthenticated attackers to read files on the target server filesystem. This post will also discuss some real world scenario and attack surface of the Grafana.
https://nusgreyhats.org/posts/writeups/a-not-so-deep-dive-in-to-grafana-cve-2021-43798/
#grafana #lfi #cve
NUS Greyhats
A (not so deep) Dive into Grafana CVE-2021-43798
Tired of log4shell? take some rest then
Arsenal of AWS Security Tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
#aws #security #benchmarks #blueteam
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
#aws #security #benchmarks #blueteam
GitHub
GitHub - toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing…
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. - toniblyx/my-arsenal-of-aws-security-tools
DetectionLab
DetectionLab is a repository containing a variety of Packer, Vagrant, Powershell, Ansible, and Terraform scripts that allow you to automate the process of bringing an ActiveDirectory environment online complete with logging and security tooling using a variety of different platforms.
DetectionLab can currently be deployed to the following platforms:
— Virtualbox (Windows, MacOS, Linux)
— VMware Workstation/Fusion (Windows, MacOS, Linux)
— HyperV
— ESXi
— AWS
— Azure
— LibVirt (Not officially supported)
— Proxmox (Not officially supported)
https://detectionlab.network/
#lab #cloud #blueteam #redteam
DetectionLab is a repository containing a variety of Packer, Vagrant, Powershell, Ansible, and Terraform scripts that allow you to automate the process of bringing an ActiveDirectory environment online complete with logging and security tooling using a variety of different platforms.
DetectionLab can currently be deployed to the following platforms:
— Virtualbox (Windows, MacOS, Linux)
— VMware Workstation/Fusion (Windows, MacOS, Linux)
— HyperV
— ESXi
— AWS
— Azure
— LibVirt (Not officially supported)
— Proxmox (Not officially supported)
https://detectionlab.network/
#lab #cloud #blueteam #redteam
Сaldera — Automated Adversary Emulation Platform
Сaldera is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
https://github.com/mitre/caldera
#blueteam #redteam #automated
Сaldera is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
https://github.com/mitre/caldera
#blueteam #redteam #automated
GitHub
GitHub - mitre/caldera: Automated Adversary Emulation Platform
Automated Adversary Emulation Platform. Contribute to mitre/caldera development by creating an account on GitHub.
Executing Code Using Microsoft Teams Updater
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
#teams #redteam #research
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
#teams #redteam #research
Trustwave
Executing Code Using Microsoft Teams Updater | Trustwave
Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m no exception to that rule.
PHP LFI with Nginx Assistance
This post presents a new method to exploit local file inclusion (LFI) vulnerabilities in utmost generality, assuming only that PHP is running in combination with Nginx under a common standard configuration.
https://bierbaumer.net/security/php-lfi-with-nginx-assistance/
#lfi #nginx #php
This post presents a new method to exploit local file inclusion (LFI) vulnerabilities in utmost generality, assuming only that PHP is running in combination with Nginx under a common standard configuration.
https://bierbaumer.net/security/php-lfi-with-nginx-assistance/
#lfi #nginx #php
GoWard
GoWard proxies HTTP C2 traffic to specified Red Team servers based on the HTTP header of the traffic.
https://github.com/chdav/GoWard
#c2 #proxy #redteam
GoWard proxies HTTP C2 traffic to specified Red Team servers based on the HTTP header of the traffic.
https://github.com/chdav/GoWard
#c2 #proxy #redteam
GitHub
GitHub - tid4l/GoWard: A robust Red Team proxy written in Go.
A robust Red Team proxy written in Go. Contribute to tid4l/GoWard development by creating an account on GitHub.
ldap2json — Offline Analysis Tool
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Features:
— Authenticate with password
— Authenticate with LM:NT hashes
— Authenticate with kerberos ticket
— Save ldap content in json format
https://github.com/p0dalirius/ldap2json
#ldap #json #tools #redteam
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Features:
— Authenticate with password
— Authenticate with LM:NT hashes
— Authenticate with kerberos ticket
— Save ldap content in json format
https://github.com/p0dalirius/ldap2json
#ldap #json #tools #redteam
👍1
ADExplorerSnapshot
ADExplorerSnapshot is an AD Explorer snapshot ingestor for BloodHound.
AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool allows you to convert those snapshots to BloodHound-compatible JSON files.
https://github.com/c3c/ADExplorerSnapshot.py
#adexplorer #ldap #json #bloodhound
ADExplorerSnapshot is an AD Explorer snapshot ingestor for BloodHound.
AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool allows you to convert those snapshots to BloodHound-compatible JSON files.
https://github.com/c3c/ADExplorerSnapshot.py
#adexplorer #ldap #json #bloodhound
Decoding PDF Injection
This article talks about PDF injection from scratch to the execution of XSS and SSRF via PDF injection.
https://medium.com/@urshilaravindran/pdf-injection-in-simple-words-8c399f92593c
#pdf #xss #ssrf #injection
This article talks about PDF injection from scratch to the execution of XSS and SSRF via PDF injection.
https://medium.com/@urshilaravindran/pdf-injection-in-simple-words-8c399f92593c
#pdf #xss #ssrf #injection
Medium
Decoding PDF Injection
PDF injection was listed down in the top 10 web application hacking techniques of 2020 and still it appears to be one of the most…
VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit (Vortex)
A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).
Features:
— User Search and Collection
— Password Leaks
— Main Domain Identification
— Subdomain Search
— VPN Endpoint Detection
— Password Spraying/Guessing attacks
— Search profiles on Social Networks
https://github.com/klezVirus/vortex
#osint #vpn #enumeration #spraying #tools
A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).
Features:
— User Search and Collection
— Password Leaks
— Main Domain Identification
— Subdomain Search
— VPN Endpoint Detection
— Password Spraying/Guessing attacks
— Search profiles on Social Networks
https://github.com/klezVirus/vortex
#osint #vpn #enumeration #spraying #tools
❤1
Apache APISIX Dashboard — Unauthorized RCE (CVE-2021-45232)
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
#apache #apisix #cve #poc
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
title:"Apache APISIX Dashboard"PoC:
curl https://IP:9000/apisix/admin/migrate/exporthttps://apisix.apache.org/blog/2021/12/28/dashboard-cve-2021-45232/
#apache #apisix #cve #poc
Forwarded from PT SWARM
New article "Fuzzing for XSS via nested parsers condition" by our researcher @Psych0tr1a.
This techniques allowed us to find a bunch of vulnerabilities in popular web products that no one had noticed before!
https://swarm.ptsecurity.com/fuzzing-for-xss-via-nested-parsers-condition/
This techniques allowed us to find a bunch of vulnerabilities in popular web products that no one had noticed before!
https://swarm.ptsecurity.com/fuzzing-for-xss-via-nested-parsers-condition/
Redash Exploiting (CVE-2021-41192)
Redash is a package for data visualization and sharing.
If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the
https://ian.sh/redash
#redash #cve #research
Redash is a package for data visualization and sharing.
If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the
REDASH_COOKIE_SECRET or REDASH_SECRET_KEY environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.https://ian.sh/redash
#redash #cve #research
API Guesser
A simple website to guess API Key / OAuth Token
When you do pentest / Github recon and find API key / OAuth token but you don't know what API key it is, you can use my website that I built from javascript
https://api-guesser.netlify.app
Source:
https://github.com/daffainfo/apiguesser-web
#api #token #osint #bugbounty
A simple website to guess API Key / OAuth Token
When you do pentest / Github recon and find API key / OAuth token but you don't know what API key it is, you can use my website that I built from javascript
https://api-guesser.netlify.app
Source:
https://github.com/daffainfo/apiguesser-web
#api #token #osint #bugbounty