aesKrbKeyGen
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's
https://github.com/Tw1sm/AesKrbKeyGen
#ad #kerbeos #tgt #tools
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's
getTGT.py to obtain a TGT for the account, provided it is configured to support AES encryption.https://github.com/Tw1sm/AesKrbKeyGen
#ad #kerbeos #tgt #tools
GitHub
GitHub - Tw1sm/aesKrbKeyGen: Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3
Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3 - Tw1sm/aesKrbKeyGen
Finding Sensitive Files for BugBounty
—
—
/proc/self/cwd/index.php
— /proc/self/cwd/main.py
— /etc/motd
— /proc/net/udp
— /proc/net/arp
— /proc/self/environ
— /var/run/secrets/kubernetes.io/serviceaccount
— /proc/cmdline
— /proc/mounts
— /etc/motd
— /etc/mysql/my.cnf
— /proc/sched_debug
— /home/ user/.bash_history
— /home/user/.ssh/id_rsa
#sensitive #files #bugbounty #bugbountytips👍1
Custom Previews For Malicious Attachments
A phishing technique that allows attackers to create fake previews for their malicious attachment with Google Mail.
https://mrd0x.com/phishing-google-users-by-spoofing-previews/
#phishing #gmail #attachments
A phishing technique that allows attackers to create fake previews for their malicious attachment with Google Mail.
https://mrd0x.com/phishing-google-users-by-spoofing-previews/
#phishing #gmail #attachments
Anti-Spam Bypass
A script that helps you understand why your E-Mail ended up in Spam
https://github.com/mgeeky/decode-spam-headers
#phishing #anispam #bypass
A script that helps you understand why your E-Mail ended up in Spam
https://github.com/mgeeky/decode-spam-headers
#phishing #anispam #bypass
🔥1
Log4j — WAF and Patches Bypass Tricks
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
#log4j #waf #bypass #bugbounty
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
#log4j #waf #bypass #bugbounty
GitHub
GitHub - Puliczek/CVE-2021-44228-PoC-log4j-bypass-words: 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks - Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
This media is not supported in your browser
VIEW IN TELEGRAM
CRLF OneLiner
A simple Bash one liner with aim to automate CRLF vulnerability scanning. This is an extremely helpful and practical One liner for Bug Hunters, which helps you find CRLF missconfiguration in every possible method. Simply replace the links in subdomains.txt with the URL you want to target. This will help you scan for CRLF vulnerability without the need of an external tool. What you have to do is to copy-and-paste the commands into your terminal and finger crossed for any possible CRLF.
Bash OneLiner:
https://raw.githubusercontent.com/kleiton0x00/CRLF-one-liner/master/crlf_payloads.txt
#crlf #bash #oneliner #bugbounty
A simple Bash one liner with aim to automate CRLF vulnerability scanning. This is an extremely helpful and practical One liner for Bug Hunters, which helps you find CRLF missconfiguration in every possible method. Simply replace the links in subdomains.txt with the URL you want to target. This will help you scan for CRLF vulnerability without the need of an external tool. What you have to do is to copy-and-paste the commands into your terminal and finger crossed for any possible CRLF.
Bash OneLiner:
input='CRLF-one-liner/subdomains.txt';while IFS= read -r targets; do cat CRLF-one-liner/crlf_payloads.txt |xargs -I % sh -c "curl -vs --max-time 9 $targets/% 2>&1 |grep -q '< Set-Cookie: ?crlf'&& echo $targets '[+] is vulnerable with payload: '%>>crlf_results.txt||echo '[-] Not vulnerable: '$targets";done<$input
crlf_payloads.txt: https://raw.githubusercontent.com/kleiton0x00/CRLF-one-liner/master/crlf_payloads.txt
#crlf #bash #oneliner #bugbounty
👍1
Create a Hidden Account in Windows
A tool for creating hidden accounts using the registry.
In addition to adding hidden accounts, the tool also adds functions to check hidden accounts and delete hidden accounts, so that both the red team and the blue team can use this tool.
https://github.com/wgpsec/CreateHiddenAccount
#ad #windows #hidden #account
A tool for creating hidden accounts using the registry.
In addition to adding hidden accounts, the tool also adds functions to check hidden accounts and delete hidden accounts, so that both the red team and the blue team can use this tool.
https://github.com/wgpsec/CreateHiddenAccount
#ad #windows #hidden #account
👍2
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
https://github.com/hlldz/RefleXXion
#edr #evasion #cpp #redteam
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
https://github.com/hlldz/RefleXXion
#edr #evasion #cpp #redteam
SonicWall SMA-100 Unauth RCE
Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versions 10.2.1.x. The exploit, as written, will open up a telnet bind shell on port 1270. An attacker that connects to the shell will achieve execution as
Research:
https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038/rapid7-analysis
Exploit:
https://github.com/jbaines-r7/badblood
#sonicwall #exploit #rce #cve
Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versions 10.2.1.x. The exploit, as written, will open up a telnet bind shell on port 1270. An attacker that connects to the shell will achieve execution as
nobody.Research:
https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038/rapid7-analysis
Exploit:
https://github.com/jbaines-r7/badblood
#sonicwall #exploit #rce #cve
AttackerKB
CVE-2021-20038 | AttackerKB
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to po…
This media is not supported in your browser
VIEW IN TELEGRAM
Linux Root PrivEsc and Escaping Containers (CVE-2022-0185)
Research:
https://www.willsroot.io/2022/01/cve-2022-0185.html
Exploit:
https://github.com/Crusaders-of-Rust/CVE-2022-0185
#linux #kernel #lpe #escape #container #0day
Research:
https://www.willsroot.io/2022/01/cve-2022-0185.html
Exploit:
https://github.com/Crusaders-of-Rust/CVE-2022-0185
#linux #kernel #lpe #escape #container #0day
PwnKit: Local Privilege Escalation Vulnerability in Polkit’s Pkexec (CVE-2021-4034)
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
Research:
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
PoC:
https://github.com/arthepsy/CVE-2021-4034
Exploit:
https://github.com/berdav/CVE-2021-4034
#linux #lpe #polkit #cve
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
Research:
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
PoC:
https://github.com/arthepsy/CVE-2021-4034
Exploit:
https://github.com/berdav/CVE-2021-4034
#linux #lpe #polkit #cve
👍1
Cobalt Strike, a Defender’s Guide
In this research, exposes adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools use to execute mission objectives. In most of cases, the threat actors utilizing Cobalt Strike. Therefore, defenders should know how to detect Cobalt Strike in various stages of its execution. The primary purpose of this articles is to expose the most common techniques from the intrusions track and provide detections. Having said that, not all of Cobalt Strike’s features will be discussed.
# https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
# https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
#cobaltstrike #research #blueteam
In this research, exposes adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools use to execute mission objectives. In most of cases, the threat actors utilizing Cobalt Strike. Therefore, defenders should know how to detect Cobalt Strike in various stages of its execution. The primary purpose of this articles is to expose the most common techniques from the intrusions track and provide detections. Having said that, not all of Cobalt Strike’s features will be discussed.
# https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
# https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
#cobaltstrike #research #blueteam
List of Vulnerable Functions for Different Languages
This list contains signatures for potentially vulnerable functions for numerous languages in a format suitable for use.
https://rules.sonarsource.com/
https://github.com/wireghoul/graudit
#appsec #vulnerable #function #source
This list contains signatures for potentially vulnerable functions for numerous languages in a format suitable for use.
https://rules.sonarsource.com/
https://github.com/wireghoul/graudit
#appsec #vulnerable #function #source
🔥4
FunctionStomping
This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stomping and has some similarities.The big advantage of this technique is that it isn't overwritting an entire module or PE, just one function and the target process can still use any other function from the target module.
https://github.com/Idov31/FunctionStomping
#edr #evasion #stomping #maldev #cpp
This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stomping and has some similarities.The big advantage of this technique is that it isn't overwritting an entire module or PE, just one function and the target process can still use any other function from the target module.
https://github.com/Idov31/FunctionStomping
#edr #evasion #stomping #maldev #cpp
This media is not supported in your browser
VIEW IN TELEGRAM
Windows Win32k — Local Privilege Escalation (CVE-2022-21882)
https://github.com/KaLendsi/CVE-2022-21882
#windows #lpe #cve
https://github.com/KaLendsi/CVE-2022-21882
#windows #lpe #cve
Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign
StellarParticle, an adversary campaign associated with COZY BEAR, was active throughout 2021 leveraging novel tactics and techniques in supply chain attacks observed by CrowdStrike incident responders
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
#threatintel #dfir #blueteam #malware
StellarParticle, an adversary campaign associated with COZY BEAR, was active throughout 2021 leveraging novel tactics and techniques in supply chain attacks observed by CrowdStrike incident responders
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
#threatintel #dfir #blueteam #malware
Converting C# Tools to PowerShell
In this post, we will be looking at how we can make our own PowerSharpPack by learning how to convert ANY C# tool into a PowerShell script ourselves. This is useful in cases where we want to modify a specific tool’s default behavior, use a tool that hasn’t already been converted for us, or use a custom tool that we develop ourselves.
https://icyguider.github.io/2022/01/03/Convert-CSharp-Tools-To-PowerShell.html
In this post, we will be looking at how we can make our own PowerSharpPack by learning how to convert ANY C# tool into a PowerShell script ourselves. This is useful in cases where we want to modify a specific tool’s default behavior, use a tool that hasn’t already been converted for us, or use a custom tool that we develop ourselves.
https://icyguider.github.io/2022/01/03/Convert-CSharp-Tools-To-PowerShell.html
👍2
This media is not supported in your browser
VIEW IN TELEGRAM
SysWhispers is dead, long live SysWhispers!
In a journey around the fantastic tool SysWhispers, cover some of the strategies that can be adopted to detect it, both statically and dynamically.
https://klezvirus.github.io/RedTeaming/AV_Evasion/NoSysWhisper/
#edr #evasion #syscall #redteam #blueteam
In a journey around the fantastic tool SysWhispers, cover some of the strategies that can be adopted to detect it, both statically and dynamically.
https://klezvirus.github.io/RedTeaming/AV_Evasion/NoSysWhisper/
#edr #evasion #syscall #redteam #blueteam
👍1