Red Blue Team
#Red_Team S3cr3tDetect0rz is a Red Team tool that helps uncover sensitive information in websites using ACTIVE not PASSIVE Techniques for Superior Accuracy! https://github.com/blackhatethicalhacking/S3cr3tDetect0rz @BlueRedTeam
#Red_Team
A Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!
https://github.com/blackhatethicalhacking/SecretOpt1c
@BlueRedTeam
A Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!
https://github.com/blackhatethicalhacking/SecretOpt1c
@BlueRedTeam
GitHub
GitHub - blackhatethicalhacking/SecretOpt1c: SecretOpt1c is a Red Team tool that helps uncover sensitive information in websitesβ¦
SecretOpt1c is a Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy! - blackhatethicalhacking/SecretOpt1c
π1
#Cobalt_Strike
A collection of random small Aggressor snippets that don't warrant their own repo.
https://github.com/Octoberfest7/aggressor_snippets
@BlueRedTeam
A collection of random small Aggressor snippets that don't warrant their own repo.
https://github.com/Octoberfest7/aggressor_snippets
@BlueRedTeam
GitHub
GitHub - Octoberfest7/aggressor_snippets: A collection of random small Aggressor snippets that don't warrant their own repo
A collection of random small Aggressor snippets that don't warrant their own repo - Octoberfest7/aggressor_snippets
β€2
If you have a high skill in web penetration testing, send a message to join our team: description in DM.
@Kaveh_TM
@Kaveh_TM
π5π2
#Cobalt_Strike
Cobalt Strike user-defined reflective loader with av/edr evasion in mind.
https://github.com/mgeeky/ElusiveMice
@BlueRedTeam
Cobalt Strike user-defined reflective loader with av/edr evasion in mind.
https://github.com/mgeeky/ElusiveMice
@BlueRedTeam
GitHub
GitHub - mgeeky/ElusiveMice: Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind - mgeeky/ElusiveMice
π1
#Red_Team
A RedTeam Toolkit
ARTToolkit is an interactive cheat sheet, containing an useful list of offensive security tools and their respective commands/payloads, to be used in red teaming exercises.
https://github.com/arttoolkit/arttoolkit.github.io
Find the project at https://ARTToolkit.github.io
Created by Maurits Maas
This project was based on the creation of John Woodman and was inspired by GTFOBins and LOLBAS. I relied heavily on WADComs site template to make this one.
@BlueRedTeam
A RedTeam Toolkit
ARTToolkit is an interactive cheat sheet, containing an useful list of offensive security tools and their respective commands/payloads, to be used in red teaming exercises.
https://github.com/arttoolkit/arttoolkit.github.io
Find the project at https://ARTToolkit.github.io
Created by Maurits Maas
This project was based on the creation of John Woodman and was inspired by GTFOBins and LOLBAS. I relied heavily on WADComs site template to make this one.
@BlueRedTeam
GitHub
GitHub - arttoolkit/arttoolkit.github.io: A RedTeam Toolkit
A RedTeam Toolkit. Contribute to arttoolkit/arttoolkit.github.io development by creating an account on GitHub.
π2
#Red_Team
And many more. I created this repo to have an overview over my starred repos. I was not able to filter in categories before. Feel free to use it for yourself. I do not list Kali default tools as well as several testing tools which are state of the art.
https://gist.github.com/z0rs/e1c640e2892cb6737602fec5d5496480
@BlueRedTeam
And many more. I created this repo to have an overview over my starred repos. I was not able to filter in categories before. Feel free to use it for yourself. I do not list Kali default tools as well as several testing tools which are state of the art.
https://gist.github.com/z0rs/e1c640e2892cb6737602fec5d5496480
@BlueRedTeam
Gist
Red-Teaming-tool.md
GitHub Gist: instantly share code, notes, and snippets.
π5
#C2
Open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.
https://github.com/BishopFox/sliver
@BlueRedTeam
Open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.
https://github.com/BishopFox/sliver
@BlueRedTeam
GitHub
GitHub - BishopFox/sliver: Adversary Emulation Framework
Adversary Emulation Framework. Contribute to BishopFox/sliver development by creating an account on GitHub.
π1
𧩠اگر Ψ―ΩΨ¨Ψ§Ω ΫΪ© Ω
Ϊ©Ψ§Ω Ψ¨Ψ±Ψ§Ϋ Ω
ΩΨ§Ψ¨ΨΉ CTF ΩΨ³ΨͺΫΨ― Ω
ΫΨͺΩΨ§ΩΫΨ― Ψ§Ψ² Ϊ©Ψ§ΩΨ§Ω Ω
Ψ§ Ψ§Ψ³ΨͺΩΨ§Ψ―Ω Ϊ©ΩΫΨ― .
ΩΎΨ³Ψͺ ΩΨ§ Ψ¨Ω Ψ―Ω Ψ²Ψ¨Ψ§Ω Persian & English Ω Ϋ Ψ¨Ψ§Ψ΄Ψ― .
@PfkCTF
ΩΎΨ³Ψͺ ΩΨ§ Ψ¨Ω Ψ―Ω Ψ²Ψ¨Ψ§Ω Persian & English Ω Ϋ Ψ¨Ψ§Ψ΄Ψ― .
𧩠If you are looking for a place for CTF resources, you can use our channel.The posts are in Persian and English.@PfkCTF
π11π2
π¨ A new research report has revealed that the notorious Clop ransomware group has likely been silently exploiting the recently disclosed critical MOVEit Transfer application vulnerability (CVE-2023-34362) since 2021.
Details: https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html
Details: https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html
π1
Thruk Monitoring Web Interface 3.06 - Path Traversal exploit.
https://sploitus.com/exploit?id=EDB-ID:51509
https://sploitus.com/exploit?id=EDB-ID:51509
Sploitus
π Exploit for Thruk Monitoring Web Interface 3.06 - Path Traversal CVE-2023-34096
Exploit for Thruk Monitoring Web Interface 3.06 - Path Traversal CVE-2023-34096 | Sploitus | Exploit & Hacktool Search Engine
π1
Exploit for SQL Injection in Osgeo Geoserver exploit
https://sploitus.com/exploit?id=1E160E89-84F9-5C59-8AD3-AA10716AD031
https://sploitus.com/exploit?id=1E160E89-84F9-5C59-8AD3-AA10716AD031
Sploitus
π Exploit for SQL Injection in Osgeo Geoserver CVE-2023-25157
Exploit for SQL Injection in Osgeo Geoserver CVE-2023-25157 | Sploitus | Exploit & Hacktool Search Engine
π2
the Deepfake Offensive Toolkit
dot (aka Deepfake Offensive Toolkit) makes real-time, controllable deepfakes ready for virtual cameras injection. identity verification and video conferencing systems, for the use by security analysts, Red Team members, and biometrics researchers.
https://github.com/sensity-ai/dot
#Red_Team
dot (aka Deepfake Offensive Toolkit) makes real-time, controllable deepfakes ready for virtual cameras injection. identity verification and video conferencing systems, for the use by security analysts, Red Team members, and biometrics researchers.
https://github.com/sensity-ai/dot
#Red_Team
GitHub
GitHub - sensity-ai/dot: The Deepfake Offensive Toolkit
The Deepfake Offensive Toolkit. Contribute to sensity-ai/dot development by creating an account on GitHub.
#Red_Team
CVE-2023-34362: MOVEit Transfer Unauthenticated RCE
https://github.com/sfewer-r7/CVE-2023-34362
CVE-2023-34362: MOVEit Transfer Unauthenticated RCE
https://github.com/sfewer-r7/CVE-2023-34362
GitHub
GitHub - sfewer-r7/CVE-2023-34362: CVE-2023-34362: MOVEit Transfer Unauthenticated RCE
CVE-2023-34362: MOVEit Transfer Unauthenticated RCE - sfewer-r7/CVE-2023-34362
π1
"Above"
Network Vulnerability Scanner
fully autonomous and works in passive mode, creating no noise on the air.
It supports 18 protocols:
MACSec
DTP
EDP
CDP
LLDP
MNDP
OSPF
EIGRP
VRRP
HSRP
ESRP
GLBP
STP
PVST
LLMNR
NBT-NS
MDNS
DHCPv6
https://github.com/c4s73r/Above
#Red_Team
Network Vulnerability Scanner
fully autonomous and works in passive mode, creating no noise on the air.
It supports 18 protocols:
MACSec
DTP
EDP
CDP
LLDP
MNDP
OSPF
EIGRP
VRRP
HSRP
ESRP
GLBP
STP
PVST
LLMNR
NBT-NS
MDNS
DHCPv6
https://github.com/c4s73r/Above
#Red_Team
GitHub
GitHub - casterbyte/Above: Network Security Sniffer
Network Security Sniffer. Contribute to casterbyte/Above development by creating an account on GitHub.
β€8π4
Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS) exploit
https://sploitus.com/exploit?id=EDB-ID:51529
Jobpilot v2.61 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38800
The Shop v2.5 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38798
WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit exploit
https://sploitus.com/exploit?id=1337DAY-ID-38804
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS) exploit
https://sploitus.com/exploit?id=EDB-ID:51530
WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password exploit
https://sploitus.com/exploit?id=EDB-ID:51531
Groomify v1.0 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38799
Diafan CMS 6.0 - Reflected Cross-Site Scripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38801
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38803
The Shop v2.5 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51525
Student Study Center Management System v1.0 - Stored Cross-Site Scripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38802
Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS) exploit
https://sploitus.com/exploit?id=EDB-ID:51528
Groomify v1.0 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51526
Jobpilot v2.61 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51527
Exploit for Improper Privilege Management in Wpdeveloper Reviewx exploit
https://sploitus.com/exploit?id=26859AB8-2F07-5DDE-BCF9-43BC1B71A140
https://sploitus.com/exploit?id=EDB-ID:51529
Jobpilot v2.61 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38800
The Shop v2.5 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38798
WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit exploit
https://sploitus.com/exploit?id=1337DAY-ID-38804
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS) exploit
https://sploitus.com/exploit?id=EDB-ID:51530
WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password exploit
https://sploitus.com/exploit?id=EDB-ID:51531
Groomify v1.0 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38799
Diafan CMS 6.0 - Reflected Cross-Site Scripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38801
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38803
The Shop v2.5 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51525
Student Study Center Management System v1.0 - Stored Cross-Site Scripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38802
Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS) exploit
https://sploitus.com/exploit?id=EDB-ID:51528
Groomify v1.0 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51526
Jobpilot v2.61 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51527
Exploit for Improper Privilege Management in Wpdeveloper Reviewx exploit
https://sploitus.com/exploit?id=26859AB8-2F07-5DDE-BCF9-43BC1B71A140
Sploitus
π Exploit for Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
Exploit for Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS) | Sploitus | Exploit & Hacktool Search Engine
β€3π3
Credential Dumping β Active Directory Reversible Encryption
Introduction According to MITRE, an adversary may abuse Active Directory authentication encryption properties to gain access to credentials on Windows systems. The AllowReversiblePasswordEncryption property specifies
ββββββββββββββββββ-
https://www.hackingarticles.in/credential-dumping-active-directory-reversible-encryption/
Introduction According to MITRE, an adversary may abuse Active Directory authentication encryption properties to gain access to credentials on Windows systems. The AllowReversiblePasswordEncryption property specifies
ββββββββββββββββββ-
https://www.hackingarticles.in/credential-dumping-active-directory-reversible-encryption/
β€2