Bypass AV & Advanced XDR solutions
Mortar Loader is able to bypass modern anti-virus products and advanced XDR solutions and it has been tested and confirmed bypass for the following:
— Kaspersky
— ESET
— Malewarebytes
— Mcafee
— Cortex XDR
— Windows defender
— Cylance
Research:
https://0xsp.com/security%20research%20&%20development%20(SRD)/defeat-the-castle-bypass-av-advanced-xdr-solutions
Source:
https://github.com/0xsp-SRD/mortar
#av #xdr #evasion #redteam
Mortar Loader is able to bypass modern anti-virus products and advanced XDR solutions and it has been tested and confirmed bypass for the following:
— Kaspersky
— ESET
— Malewarebytes
— Mcafee
— Cortex XDR
— Windows defender
— Cylance
Research:
https://0xsp.com/security%20research%20&%20development%20(SRD)/defeat-the-castle-bypass-av-advanced-xdr-solutions
Source:
https://github.com/0xsp-SRD/mortar
#av #xdr #evasion #redteam
PreAuth RCE in ManageEngine ServiceDesk Plus (CVE-2021-44077)
PoC:
https://github.com/horizon3ai/CVE-2021-44077
Research:
https://xz.aliyun.com/t/10631
#manageengine #servicedesk #rce #cve
PoC:
https://github.com/horizon3ai/CVE-2021-44077
Research:
https://xz.aliyun.com/t/10631
#manageengine #servicedesk #rce #cve
GitHub
GitHub - horizon3ai/CVE-2021-44077: Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077
Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077 - horizon3ai/CVE-2021-44077
Quick & Lazy Malware Development
https://capt-meelo.github.io//redteam/maldev/2021/12/15/lazy-maldev.html
#malware #av #evasion #redteam
https://capt-meelo.github.io//redteam/maldev/2021/12/15/lazy-maldev.html
#malware #av #evasion #redteam
Hack.Learn.Share
Quick & Lazy Malware Development
Quickly and lazily write malware from the perspective of a newbie and someone who has very basic programming skills.
DNS-Black-Cat
Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel.
https://github.com/lawrenceamer/dns-black-cat
#c2 #dns #redteam
Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel.
https://github.com/lawrenceamer/dns-black-cat
#c2 #dns #redteam
GitHub
GitHub - zux0x3a/dns-black-cat: Multi platform toolkit for an interactive DNS shell commands exfiltration, by using DNS-Cat you…
Multi platform toolkit for an interactive DNS shell commands exfiltration, by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol - GitHub - zux0x3a/dns-black...
Auto-Elevate
This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method #41 (ICMLuaUtil UAC bypass) from hfiref0x's UACME utility, this utility can auto-elevate a low privileged Administrative account to NT AUTHORITY\SYSTEM.
https://github.com/FULLSHADE/Auto-Elevate
#uac #bypass #windows #tools
This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method #41 (ICMLuaUtil UAC bypass) from hfiref0x's UACME utility, this utility can auto-elevate a low privileged Administrative account to NT AUTHORITY\SYSTEM.
https://github.com/FULLSHADE/Auto-Elevate
#uac #bypass #windows #tools
Native Function Static Map
A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
# https://u5ksv.csb.app/
# https://github.com/EspressoCake/NativeFunctionStaticMap
#mapping #pinvoke #winapi #maldev
A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
# https://u5ksv.csb.app/
# https://github.com/EspressoCake/NativeFunctionStaticMap
#mapping #pinvoke #winapi #maldev
Alternative Process Injection
Process injection is a well-known defense evasion technique that has been used for decades to execute malicious code in a legitimate process. Until now, it is still a common technique used by hackers/red teamers.
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
#process #injection #maldev
Process injection is a well-known defense evasion technique that has been used for decades to execute malicious code in a legitimate process. Until now, it is still a common technique used by hackers/red teamers.
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
#process #injection #maldev
Bug Bounty Tip — Log4j Vulnerability Cheatsheet
— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)
#log4j #cheatsheet #bugbounty
— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)
#log4j #cheatsheet #bugbounty
❤1
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.
https://github.com/j3ssie/Osmedeus
#osint #vulnerability #scanner #bugbounty
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.
https://github.com/j3ssie/Osmedeus
#osint #vulnerability #scanner #bugbounty
moonwalk
moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell.
https://github.com/mufeedvh/moonwalk
#unix #log #clearing #redteam
moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell.
https://github.com/mufeedvh/moonwalk
#unix #log #clearing #redteam
CloudSploit
CloudSploit's remediation guides are intended to be an open-source resource for improving cloud security. Many cloud IaaS providers like AWS, Azure, and Google Cloud have a shared responsibility model. They provide the physical and architectural security, along with tools to properly secure the services they offer, but it is up to the user to configure those settings properly.
https://github.com/aquasecurity/cloud-security-remediation-guides
#cloud #security #remediation #blueteam
CloudSploit's remediation guides are intended to be an open-source resource for improving cloud security. Many cloud IaaS providers like AWS, Azure, and Google Cloud have a shared responsibility model. They provide the physical and architectural security, along with tools to properly secure the services they offer, but it is up to the user to configure those settings properly.
https://github.com/aquasecurity/cloud-security-remediation-guides
#cloud #security #remediation #blueteam
GitHub
GitHub - aquasecurity/cloud-security-remediation-guides: Security Remediation Guides
Security Remediation Guides. Contribute to aquasecurity/cloud-security-remediation-guides development by creating an account on GitHub.
RogueAssemblyHunter
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
https://github.com/bohops/RogueAssemblyHunter
#dotnet #blueteam #threadhunting
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
https://github.com/bohops/RogueAssemblyHunter
#dotnet #blueteam #threadhunting
GitHub
GitHub - bohops/RogueAssemblyHunter: Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running…
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. - bohops/RogueAssemblyHunter
This media is not supported in your browser
VIEW IN TELEGRAM
Invoke-WinSATBypass
This script will create a mock directory of "
It will after try to download a DLL called
https://github.com/b4keSn4ke/Invoke-WinSATBypass
#uac #bypass #winsat #tools
This script will create a mock directory of "
C:\Windows\System32" and copy a legitimate application of Windows (WinSAT.exe) into it.It will after try to download a DLL called
version.dll, which is loaded by default by WinSAT.exe, in order to perform a UAC Bypass by doing some DLL Hijacking.https://github.com/b4keSn4ke/Invoke-WinSATBypass
#uac #bypass #winsat #tools
ADCS: Playing with ESC4
Enumeration and abuse of Linux-based ADCS ESC4
Research:
https://www.fortalicesolutions.com/posts/adcs-playing-with-esc4
Source:
https://github.com/fortalice/modifyCertTemplate
#adcs #abuse #pentest #tools
Enumeration and abuse of Linux-based ADCS ESC4
Research:
https://www.fortalicesolutions.com/posts/adcs-playing-with-esc4
Source:
https://github.com/fortalice/modifyCertTemplate
#adcs #abuse #pentest #tools
Fortalicesolutions
ADCS: Playing with ESC4
Let's start off with template enumeration - my go-to tool for this from Kali is [certi.py](https://github.com/zer1t0/certi), which has a `list` command for enumeration. Sorting through the output for potential misconfigurations and escalation paths, I found…
Windows 10 Hardening
The project started as a simple hardening list for Windows 10. After some time, HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10
https://github.com/0x6d69636b/windows_hardening/
#blueteam #windows #hardening #benchmarks
The project started as a simple hardening list for Windows 10. After some time, HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10
https://github.com/0x6d69636b/windows_hardening/
#blueteam #windows #hardening #benchmarks
GitHub
GitHub - 0x6d69636b/windows_hardening: HardeningKitty and Windows Hardening Settings
HardeningKitty and Windows Hardening Settings. Contribute to 0x6d69636b/windows_hardening development by creating an account on GitHub.
APT
Grafana — Unauthorized Arbitrary Read File The latest Grafana unpatched 0Day LFI is now being actively exploited, it affects only Grafana 8.0+ Dorks: Shodan: title:"Grafana" Fofa.so: app="Grafana" ZoomEye: grafana PoC https://example.com/public/plugins/grafana…
A (not so deep) Dive into Grafana CVE-2021-43798
This post will cover some details behind the recent Grafana vulnerability (CVE-2021-43798), which is a directory traversal bug allowing unauthenticated attackers to read files on the target server filesystem. This post will also discuss some real world scenario and attack surface of the Grafana.
https://nusgreyhats.org/posts/writeups/a-not-so-deep-dive-in-to-grafana-cve-2021-43798/
#grafana #lfi #cve
This post will cover some details behind the recent Grafana vulnerability (CVE-2021-43798), which is a directory traversal bug allowing unauthenticated attackers to read files on the target server filesystem. This post will also discuss some real world scenario and attack surface of the Grafana.
https://nusgreyhats.org/posts/writeups/a-not-so-deep-dive-in-to-grafana-cve-2021-43798/
#grafana #lfi #cve
NUS Greyhats
A (not so deep) Dive into Grafana CVE-2021-43798
Tired of log4shell? take some rest then