ADenum
ADEnum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
https://github.com/SecuProject/ADenum
#ad #ldap #kerberos #enumeration #tools
ADEnum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
https://github.com/SecuProject/ADenum
#ad #ldap #kerberos #enumeration #tools
GitLab CI jobs unmasked passwords scanner
https://github.com/Whitespots-OU/gitlab-ci-secrets
#tools #secrets #devsecops
https://github.com/Whitespots-OU/gitlab-ci-secrets
#tools #secrets #devsecops
GitHub
GitHub - Whitespots-OU/gitlab-ci-secrets: Gitlab CI jobs stdout secrets finder
Gitlab CI jobs stdout secrets finder. Contribute to Whitespots-OU/gitlab-ci-secrets development by creating an account on GitHub.
log4hshell — Quick Guide
https://musana.net/2021/12/13/log4shell-Quick-Guide/
#log4j #waf #bypass #bugbounty
https://musana.net/2021/12/13/log4shell-Quick-Guide/
#log4j #waf #bypass #bugbounty
Cobalt-Clip
Cobalt-clip is clipboard addons for Cobalt Strike to interact with clipboard. With this you can dump, edit and monitor the content of clipboard.
https://github.com/DallasFR/Cobalt-Clip
#cobaltstrike #clipboard #dump
Cobalt-clip is clipboard addons for Cobalt Strike to interact with clipboard. With this you can dump, edit and monitor the content of clipboard.
https://github.com/DallasFR/Cobalt-Clip
#cobaltstrike #clipboard #dump
Data Masking Bash OneLiner
If you need to mask data from utilities such as Responder\Inveigh for your report, use the following command:
If you need to mask data from utilities such as Responder\Inveigh for your report, use the following command:
cat hash.txt | awk -F ":" '{print $1"::"$3":"$4":"substr($5,1,4)"***"substr($6,20,20)"***"substr($6,length($6)-8,8)}' | sort -u | sort -u -t : -k 1,1
The following command can be used to mask data HashCat output:cat hash-hashcat.txt | awk -F ":" '{print ($3"/")$1":"substr($7,1,2)"******"substr($7,length($7)-1,3)}' | sort -u
#report #mask #data #pentestBypass AV & Advanced XDR solutions
Mortar Loader is able to bypass modern anti-virus products and advanced XDR solutions and it has been tested and confirmed bypass for the following:
— Kaspersky
— ESET
— Malewarebytes
— Mcafee
— Cortex XDR
— Windows defender
— Cylance
Research:
https://0xsp.com/security%20research%20&%20development%20(SRD)/defeat-the-castle-bypass-av-advanced-xdr-solutions
Source:
https://github.com/0xsp-SRD/mortar
#av #xdr #evasion #redteam
Mortar Loader is able to bypass modern anti-virus products and advanced XDR solutions and it has been tested and confirmed bypass for the following:
— Kaspersky
— ESET
— Malewarebytes
— Mcafee
— Cortex XDR
— Windows defender
— Cylance
Research:
https://0xsp.com/security%20research%20&%20development%20(SRD)/defeat-the-castle-bypass-av-advanced-xdr-solutions
Source:
https://github.com/0xsp-SRD/mortar
#av #xdr #evasion #redteam
PreAuth RCE in ManageEngine ServiceDesk Plus (CVE-2021-44077)
PoC:
https://github.com/horizon3ai/CVE-2021-44077
Research:
https://xz.aliyun.com/t/10631
#manageengine #servicedesk #rce #cve
PoC:
https://github.com/horizon3ai/CVE-2021-44077
Research:
https://xz.aliyun.com/t/10631
#manageengine #servicedesk #rce #cve
GitHub
GitHub - horizon3ai/CVE-2021-44077: Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077
Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077 - horizon3ai/CVE-2021-44077
Quick & Lazy Malware Development
https://capt-meelo.github.io//redteam/maldev/2021/12/15/lazy-maldev.html
#malware #av #evasion #redteam
https://capt-meelo.github.io//redteam/maldev/2021/12/15/lazy-maldev.html
#malware #av #evasion #redteam
Hack.Learn.Share
Quick & Lazy Malware Development
Quickly and lazily write malware from the perspective of a newbie and someone who has very basic programming skills.
DNS-Black-Cat
Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel.
https://github.com/lawrenceamer/dns-black-cat
#c2 #dns #redteam
Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel.
https://github.com/lawrenceamer/dns-black-cat
#c2 #dns #redteam
GitHub
GitHub - zux0x3a/dns-black-cat: Multi platform toolkit for an interactive DNS shell commands exfiltration, by using DNS-Cat you…
Multi platform toolkit for an interactive DNS shell commands exfiltration, by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol - GitHub - zux0x3a/dns-black...
Auto-Elevate
This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method #41 (ICMLuaUtil UAC bypass) from hfiref0x's UACME utility, this utility can auto-elevate a low privileged Administrative account to NT AUTHORITY\SYSTEM.
https://github.com/FULLSHADE/Auto-Elevate
#uac #bypass #windows #tools
This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method #41 (ICMLuaUtil UAC bypass) from hfiref0x's UACME utility, this utility can auto-elevate a low privileged Administrative account to NT AUTHORITY\SYSTEM.
https://github.com/FULLSHADE/Auto-Elevate
#uac #bypass #windows #tools
Native Function Static Map
A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
# https://u5ksv.csb.app/
# https://github.com/EspressoCake/NativeFunctionStaticMap
#mapping #pinvoke #winapi #maldev
A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
# https://u5ksv.csb.app/
# https://github.com/EspressoCake/NativeFunctionStaticMap
#mapping #pinvoke #winapi #maldev
Alternative Process Injection
Process injection is a well-known defense evasion technique that has been used for decades to execute malicious code in a legitimate process. Until now, it is still a common technique used by hackers/red teamers.
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
#process #injection #maldev
Process injection is a well-known defense evasion technique that has been used for decades to execute malicious code in a legitimate process. Until now, it is still a common technique used by hackers/red teamers.
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
#process #injection #maldev
Bug Bounty Tip — Log4j Vulnerability Cheatsheet
— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)
#log4j #cheatsheet #bugbounty
— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)
#log4j #cheatsheet #bugbounty
❤1
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.
https://github.com/j3ssie/Osmedeus
#osint #vulnerability #scanner #bugbounty
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.
https://github.com/j3ssie/Osmedeus
#osint #vulnerability #scanner #bugbounty