APT
@APT_Notes
12.6K subscribers
550 photos
27 videos
24 files
889 links
This channel discusses:

— Offensive Security
— RedTeam
— Malware Research
— OSINT
— etc

Disclaimer:
t.iss.one/APT_Notes/6

Chat Link:
t.iss.one/APT_Notes_PublicChat
Download Telegram
About
Blog
Apps
Platform
Join
APT
12.6K subscribers
APT
SpoolSploit

SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full system access.

https://github.com/BeetleChunks/SpoolSploit

#ad #spooler #rpc
GitHub
GitHub - BeetleChunks/SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical…
A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. - BeetleChunks/SpoolSploit
224 views
APT
CVE-2021-30632 — Chrome 0day 

var a;
function foo() {
    a = new Uint32Array(100);
}
%PrepareFunctionForOptimization(foo);
foo();
foo();
a["xxx"] =1;
delete a["xxx"];
%OptimizeFunctionOnNextCall(foo);
foo();

#Chrome #0day #PoC
242 views
APT
Brute Force Wordlist

Some files for bruteforcing certain things.

https://github.com/random-robbie/bruteforce-lists

#wordlist #bruteforce
GitHub
GitHub - random-robbie/bruteforce-lists: Some files for bruteforcing certain things.
Some files for bruteforcing certain things. Contribute to random-robbie/bruteforce-lists development by creating an account on GitHub.
230 views
APT
Forwarded from burpsuite (not official)
5 RCEs in npm for $15,000
robertchen.cc/blog
198 views
APT
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941)

Amazing writeup on finding a vulnerability through .NET reversing, enjoyed reading about the breakpoints that were set and how they logically owned Citrix ShareFile through a third party dependency

https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html

#citrix #sharefile #rce
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
232 viewsedited  
APT
AzureHunter

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

https://github.com/darkquasar/AzureHunter

#azure #o365
GitHub
GitHub - darkquasar/AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365 - darkquasar/AzureHunter
249 views
APT
$8,000 Payout: XSS to RCE in the Opera Browser

https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
Opera Security
$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser
Continuing from his previous post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera's Bug Bounty Programme: a Remote Code Execution in Opera's My Flow Feature. What follows is his write-up and experience.
279 views
APT
Hunt Evil.pdf
1.5 MB
SANS DFIR — Hunt Evil

#forensic #sans #dfir
382 views
APT
Beginners Guide to 0day/CVE AppSec Research

Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE

https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html

#appsec #0day #research
Boku
Beginners Guide to 0day/CVE AppSec Research
312 viewsedited  
APT
This media is not supported in your browser
VIEW IN TELEGRAM
reconFTW

ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.

https://github.com/six2dez/reconftw

#reconFTW #bugbounty #hacking
236 views
APT
How to Create an Internal/Corporate Red Team

https://malcomvetter.medium.com/how-to-create-an-internal-corporate-red-team-1023027ea1e3

#redteam
Medium
How to Create an Internal/Corporate Red Team
Congratulations! Your organization has approved the creation of an internal Red Team program and tasked you to do it! Here are some quick…
235 views
APT
CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

https://github.com/r0ckysec/CVE-2021-22005

#cve #vCenter #RCE
222 views
APT
Forwarded from PT SWARM
New article: "Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings"

Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers
Nikita Abramov & Mikhail Klyuchnikov:

https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
230 views
APT
GOAD (Game Of Active Directory)

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.

https://github.com/Orange-Cyberdefense/GOAD

#ActiveDirectory #AD #Microsoft #Pentest #vulnerabilites
330 views
APT
Awesome CobaltStrike

https://github.com/zer0yu/Awesome-CobaltStrike

#CobaltStrike #C2 #RedTeam
GitHub
GitHub - zer0yu/Awesome-CobaltStrike: List of Awesome CobaltStrike Resources
List of Awesome CobaltStrike Resources. Contribute to zer0yu/Awesome-CobaltStrike development by creating an account on GitHub.
239 viewsedited  
APT
APT
Offensive WMI (Part 3) https://0xinfection.github.io/posts/wmi-registry-part-3/ #wmi
Offensive WMI - Reconnaissance & Enumeration (Part 4)

This post focuses on interacting with several WMI classes to extract useful and sensitive information

https://0xinfection.github.io/posts/wmi-recon-enum/

#wmi
0xInfection's Blog
Offensive WMI - Reconnaissance & Enumeration (Part 4)
This is the fourth part of the “Offensive WMI” series which will focus a bit more on information gathering and enumeration. WMI provides a plethora of classes from which we can enumerate a lot of stuff. So let’s dive in without wasting any more time.
Gathering…
242 views
APT
Information Gathering and Scanning for Sensitive Information

https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e

#OSINT #Recon
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
241 views
APT
https://youtu.be/FiT7-zxQGbo

#c2 #cpp
YouTube
DIY C2 - Malleable Agent Config
00:00 - Intro
01:08 - Showing malleable c2 configs
06:55 - Creating a Hello World in C++ then creating a 2000 byte variable
10:25 - Adding JSON Support to our program
14:10 - Creating a Struct and function to initialize the config
17:55 - Having our main…
245 viewsedited  
APT
iOS 15 0day Exploits

https://github.com/illusionofchaos/ios-gamed-0day
https://github.com/illusionofchaos/ios-nehelper-wifi-info-0day
https://github.com/illusionofchaos/ios-nehelper-enum-apps-0day

#ios #0day #exploit
GitHub
GitHub - illusionofchaos/ios-gamed-0day: iOS gamed exploit (fixed in 15.0.2)
iOS gamed exploit (fixed in 15.0.2). Contribute to illusionofchaos/ios-gamed-0day development by creating an account on GitHub.
249 views
APT
Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)

https://twitter.com/ducnt_/status/1445386557574324234

#cve #apache
Twitter
Nguyen The Duc
Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips 👀
381 views