#BurpHacksForBounties - Day 28/30 - Super CSRF POC Generator Hack.


CSRF POC generator is only available in Burp Suite pro, but not anymore.

Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken


#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity

purpleteam - CLI component of OWASP PurpleTeam

https://github.com/purpleteam-labs/purpleteam

#PurpleTeam #OWASP

Active Directory ACEs abuse mindmap

#pentest #redteam #ad #mindmap

EfsPotato

Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).

https://github.com/zcgonvh/EfsPotato

#windows #privesc #pentest

The path to code execution in the era of EDR, Next-Gen AVs, and AMSI

https://klezvirus.github.io/RedTeaming/AV_Evasion/CodeExeNewDotNet/

#av #bypass #EDR #AMSI

RedTeam n00b Tip:

If you're on a Linux box and need to port scan without nmap, try netcat.

nc -zv 10.11.12.13 1-65535 2>&1 | grep succeeded

Or loop through a list of targets:

for target in $(cat targets.txt); do nc -zv $target 1-65535 2>&1 | grep succeeded; done

#redteam #scan #pentest

IDOR Techniques

https://www.xmind.net/m/CSKSWZ/

#IDOR #bugbountytips

Kubernetes Hardening Guidance

The NSA and CISA have published today a Kubernetes security-hardening guide

https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF

#kubernetes #hardening #security

Malware Development Resources

A tale of EDR bypass methods
# https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/

Antivirus Artifacts
# https://github.com/D3VI5H4/Antivirus-Artifacts

Windows X86-64 System Call Table (XP/2003/Vista/2008/7/2012/8/10)
# https://j00ru.vexillium.org/syscalls/nt/64/

SysWhisoers
# https://github.com/jthuraisamy/SysWhispers

SysWhispers2
# https://github.com/jthuraisamy/SysWhispers2

SysWhispers2_x86
# https://github.com/mai1zhi2/SysWhispers2_x86

Dynamic Invocation in .NET to bypass hooks
# https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/

Dynamic-Invoke
# https://thewover.github.io/Dynamic-Invoke/

Offensive P/Invoke: Leveraging the Win32 API from Managed Code
# https://posts.specterops.io/offensive-p-invoke-leveraging-the-win32-api-from-managed-code-7eef4fdef16d

Syscalls with D/Invoke
# https://offensivedefence.co.uk/posts/dinvoke-syscalls/

Shellycoat
# https://github.com/slaeryan/AQUARMOURY/tree/master/Shellycoat

Defeating Antivirus Real-time Protection From The Inside
# https://breakdev.org/defeating-antivirus-real-time-protection-from-the-inside/

Preventing 3rd Party DLLs from Injecting into your Malware
# https://www.ired.team/offensive-security/defense-evasion/preventing-3rd-party-dlls-from-injecting-into-your-processes

Lets Create An EDR… And Bypass It!
# https://ethicalchaos.dev/2020/05/27/lets-create-an-edr-and-bypass-it-part-1/
# https://ethicalchaos.dev/2020/06/14/lets-create-an-edr-and-bypass-it-part-2/

Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs
# https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis

Red Team Tactics: Utilizing Syscalls in C#
# https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
# https://jhalon.github.io/utilizing-syscalls-in-csharp-2/

Art of Anti Detection
# https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/
# https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/
# https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/

#edr #av #evasion #maldev

Site-wide CSRF using the GraphQL API

Git-Secret

Go scripts for finding an API key / some keywords in a github repository

https://github.com/daffainfo/Git-Secret

#bugbounty #bugbountytips #pentest #api #infosec

Search JS using Gau

gau -subs DOMAIN |grep -iE '\.js'|grep -iEv '(\.jsp|\.json)' >> js.txt

#bugbounty #bugbountytips

AppSec Ezine

https://pathonproject.com/zb/?da0fdd7f7fd0d09c#bod4fYcp6Zbxi3iRKuTDAGQgWNFHbJ/JwPjWjd/Veaw=

#AppSec #Security

Forget Password Vulns

https://www.xmind.net/m/nZwbdk/

#AppSec #hacking #bugbountytips #websecurity #xmind

Cookie Based Auth Vulnerabilities

https://www.xmind.net/m/2FwJ7D/

#AppSec #hacking #bugbountytips #websecurity #xmind

Scope Based Recon

https://www.xmind.net/m/hKKexj/

#AppSec #hacking #bugbountytips #websecurity #xmind

DEF CON 29 Main Stage Presentations:


1-Babak Javadi, Nick Draffen, Eric Bettse, Anze Jensterle - The PACS man Comes For Us All

https://www.youtube.com/watch?v=NARJrwX_KFY

2-Reza Soosahabi, Chuck McAuley - SPARROW: A Novel Covert Communication Scheme

https://www.youtube.com/watch?v=oaLIo9HwW-g

3-Tomer Bar, Eran Segal - 2021 Our Journey Back To The Future Of Windows Vulnerabilities

https://www.youtube.com/watch?v=VxNi5pVDZU0

4-Sick Codes - The Agricultural Data Arms Race Exploiting a Tractor Load of Vulns

https://www.youtube.com/watch?v=zpouLO-GXLo

5-Shir Tamari, Ami Luttwak - New class of DNS Vulns Affecting DNS-as-Service Platforms

https://www.youtube.com/watch?v=72uzIZPyVjI

6-Sheila A Berta - The Unbelievable Insecurity of the Big Data Stack

https://www.youtube.com/watch?v=vl9hk4fQdos

7-Roy Davis - No Key No PIN No Combo No Problem Pwning ATMs For Fun and Profit

https://www.youtube.com/watch?v=9cG-JL0LHYw

8-Rotem Bar - Abusing SAST tools When scanners do more than just scanning

https://www.youtube.com/watch?v=Jl-CU6G4Ofc

9-Richard Thieme AKA neuralcowboy - UFOs: Misinformation, Disinfo, and the Basic Truth

https://www.youtube.com/watch?v=mExktWB0qz4

10-Richard Henderson - Old MacDonald Had a Barcode, E I E I CAR

https://www.youtube.com/watch?v=cIcbAMO6sxo

11-Rex Guo, Junyuan Zeng - Phantom Attack: Evading System Call Monitoring

https://www.youtube.com/watch?v=yaAdM8pWKG8

12-Paz Hameiri - TEMPEST Radio Station

https://www.youtube.com/watch?v=m9WkEwshNKc

13-Patrick Wardle - Bundles of Joy: Breaking MacOS via Subverted Applications Bundles

https://www.youtube.com/watch?v=raSTgFqYaoc

14-PatH - Warping Reality: Creating and Countering the Next Generation of Linux Rootkits

https://www.youtube.com/watch?v=g6SKWT7sROQ

15-Orange Tsai - ProxyLogon Just Tip of the Iceberg, New Attack Surface on Exchange Server-@onhex_ir

https://www.youtube.com/watch?v=5mqid-7zp8k

16-Matthew Bryant - Hacking G Suite: The Power of Dark Apps Script Magic

https://www.youtube.com/watch?v=6AsVUS79gLw

17-Mars Cheng, Selmon Yang - Taking Apart and Taking Over ICS & SCADA Ecosystems

https://www.youtube.com/watch?v=L0w_aE4jRFw

18-Laura Abbott, Rick Altherr -Breaking TrustZone M: Privilege Escalation on LPC55S69

https://www.youtube.com/watch?v=eKKgaGbcq4o

19-Justin Perdok - Hi Im DOMAIN Steve, Please Let Me Access VLAN2

https://www.youtube.com/watch?v=lDCoyxIhTN8

20-Jenko Hwong - New Phishing Attacks Exploiting OAuth Authentication Flows

https://www.youtube.com/watch?v=9slRYvpKHp4

21-Jeff Dileo - Instrument and Find Out: Parasitic Tracers for High Level Languages

https://www.youtube.com/watch?v=Iy1BNywebpY

22-James Kettle - HTTP2: The Sequel is Always Worse

https://www.youtube.com/watch?v=rHxVVeM9R-M

23-Jacob Baines - Bring Your Own Print Driver Vulnerability

https://www.youtube.com/watch?v=vdesswZYz-8

24-Ian Coldwater, Chad Rikansrud - Real Life Story of the 1st Mainframe Container Breakout

https://www.youtube.com/watch?v=7DXF7YDBf-g

25-hyp3ri0n aka Alejandro Caceres Jason Hopper - PunkSPIDER and IOStation: Making a Mess-@onhex_ir

https://www.youtube.com/watch?v=DlS_sl4hTWg

26-Hao Xing, Zekai Wu - How I use a JSON 0day to Steal Your Money on the Blockchain

https://www.youtube.com/watch?v=pUexrXOGCkE

27-David Dworken - Worming through IDEs

https://www.youtube.com/watch?v=pzqu_qaoNuY

28-Cory Doctorow - Privacy Without Monopoly

https://www.youtube.com/watch?v=deRRR5B1hwI

29-Christopher Wade - Breaking Secure Bootloaders

https://www.youtube.com/watch?v=z4gIxdFfJDg

30-Chad Seaman - UPnProxyPot: Fake the Funk, Become a Blackhat Proxy, MITM their TLS...

https://www.youtube.com/watch?v=mHCGNUsrTf0

31-Brian Hong - Sleight of ARM: Demystifying Intel Houdini

https://www.youtube.com/watch?v=9oQ5XjA1aq0

32-Bill Graydon - Defeating Physical Intrusion Detection Alarm Wires

https://www.youtube.com/watch?v=Liz9R_QxSgk

33-Ben Kurtz - Offensive Golang Bonanza: Writing Golang Malware

https://www.youtube.com/watch?v=3RQb05ITSyk