APT
https://twitter.com/buffaloverflow/status/1435596990650503168?s=21 #0day #office
Twitter
Felix
🙋Having a hard time replicating Office samples exploiting CVE-2021-40444 (MSHTML Remote Code Execution Vulnerability) because the server side component is taken down? ⚙️Imaginary C2 got you covered, it allows to easily simulate the server side component:…
APT
Offensive WMI The Basics (Part 1) # https://0xinfection.github.io/posts/wmi-basics-part-1/ Exploring Namespaces, Classes & Methods (Part 2) # https://0xinfection.github.io/posts/wmi-classes-methods-part-2/ #wmi
0xInfection's Blog
Offensive WMI - Interacting with Windows Registry (Part 3)
This is the third instalment of the “Offensive WMI” series (the 2nd is here), and this blog will focus on interacting with the Windows Registry. A useful thing to know before we start, MITRE ATT&CK classifies querying of registry values under T1012 and its…
Active Directory Pentest Mindmap
# https://github.com/Orange-Cyberdefense/arsenal/raw/master/mindmap/pentest_ad.png
# https://www.xmind.net/m/5dypm8/
UPD (12.11.2021):
https://raw.githubusercontent.com/Orange-Cyberdefense/arsenal/master/mindmap/pentest_ad.png
UPD (10.11.2022):
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg
#mindmap #ad #pentest
# https://github.com/Orange-Cyberdefense/arsenal/raw/master/mindmap/pentest_ad.png
# https://www.xmind.net/m/5dypm8/
UPD (12.11.2021):
https://raw.githubusercontent.com/Orange-Cyberdefense/arsenal/master/mindmap/pentest_ad.png
UPD (10.11.2022):
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg
#mindmap #ad #pentest
🔥1
Karma v2
Passive Open Source Intelligence Automated Reconnaissance Framework
https://github.com/Dheerajmadhukar/karma_v2
#osint #recon
Passive Open Source Intelligence Automated Reconnaissance Framework
https://github.com/Dheerajmadhukar/karma_v2
#osint #recon
GitHub
GitHub - Dheerajmadhukar/karma_v2: ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework) - Dheerajmadhukar/karma_v2
Kali Linux Tools Page
Now you can learn more about all the tools that you can install in Kali.
https://kali.org/tools/
#tools #cheatsheet #kali
Now you can learn more about all the tools that you can install in Kali.
https://kali.org/tools/
#tools #cheatsheet #kali
targetedKerberoast
Kerberoast with ACL abuse capabilities
https://github.com/ShutdownRepo/targetedKerberoast
#kerberoasting #ad #spn
Kerberoast with ACL abuse capabilities
https://github.com/ShutdownRepo/targetedKerberoast
#kerberoasting #ad #spn
GitHub
GitHub - ShutdownRepo/targetedKerberoast: Kerberoast with ACL abuse capabilities
Kerberoast with ACL abuse capabilities. Contribute to ShutdownRepo/targetedKerberoast development by creating an account on GitHub.
SpoolSploit
SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full system access.
https://github.com/BeetleChunks/SpoolSploit
#ad #spooler #rpc
SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full system access.
https://github.com/BeetleChunks/SpoolSploit
#ad #spooler #rpc
GitHub
GitHub - BeetleChunks/SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical…
A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. - BeetleChunks/SpoolSploit
Brute Force Wordlist
Some files for bruteforcing certain things.
https://github.com/random-robbie/bruteforce-lists
#wordlist #bruteforce
Some files for bruteforcing certain things.
https://github.com/random-robbie/bruteforce-lists
#wordlist #bruteforce
GitHub
GitHub - random-robbie/bruteforce-lists: Some files for bruteforcing certain things.
Some files for bruteforcing certain things. Contribute to random-robbie/bruteforce-lists development by creating an account on GitHub.
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941)
Amazing writeup on finding a vulnerability through .NET reversing, enjoyed reading about the breakpoints that were set and how they logically owned Citrix ShareFile through a third party dependency
https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
#citrix #sharefile #rce
Amazing writeup on finding a vulnerability through .NET reversing, enjoyed reading about the breakpoints that were set and how they logically owned Citrix ShareFile through a third party dependency
https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
#citrix #sharefile #rce
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
AzureHunter
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
#azure #o365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
#azure #o365
GitHub
GitHub - darkquasar/AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365 - darkquasar/AzureHunter
$8,000 Payout: XSS to RCE in the Opera Browser
https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
Opera Security
$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser
Continuing from his previous post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera's Bug Bounty Programme: a Remote Code Execution in Opera's My Flow Feature. What follows is his write-up and experience.
Beginners Guide to 0day/CVE AppSec Research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Boku
Beginners Guide to 0day/CVE AppSec Research
This media is not supported in your browser
VIEW IN TELEGRAM
reconFTW
ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.
https://github.com/six2dez/reconftw
#reconFTW #bugbounty #hacking
ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.
https://github.com/six2dez/reconftw
#reconFTW #bugbounty #hacking