Offensive security
PEASS-ng - Privilege Escalation Awesome Scripts Suite
https://github.com/carlospolop/PEASS-ng
@Engineer_Computer
PEASS-ng - Privilege Escalation Awesome Scripts Suite
https://github.com/carlospolop/PEASS-ng
@Engineer_Computer
GitHub
GitHub - peass-ng/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors) - peass-ng/PEASS-ng
tools
Red Team Tactics
Exploiting Windows’ vulnerabilities with HyperV:
A hacker’s swiss army knife
https://github.com/Xyrem/HyperDeceit
@Engineer_Computer
Red Team Tactics
Exploiting Windows’ vulnerabilities with HyperV:
A hacker’s swiss army knife
https://github.com/Xyrem/HyperDeceit
@Engineer_Computer
GitHub
GitHub - Xyrem/HyperDeceit: HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability…
HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate operating system tasks with ease. - Xyrem/HyperDeceit
tools
Malware analysis
Dumpulator - library for emulating memory dumps (useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing))
@Engineer_Computer
Malware analysis
Dumpulator - library for emulating memory dumps (useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing))
@Engineer_Computer
tools
Offensive security
1. KeeFarce Reborn - standalone DLL that exports databases in cleartext once injected in the KeePass process
https://github.com/d3lb3/KeeFarceReborn#make-keepass-inject-keefarce-reborn-as-a-plugin
]-> Extract Passphrase from Memory (CVE-2023-32784):
https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/credential-harvesting/keepass#abusing-the-keepass-plugin-cache
2. SSH-Harvester - Harvest passwords automatically from OpenSSH server
https://github.com/jm33-m0/SSH-Harvester
@Engineer_Computer
Offensive security
1. KeeFarce Reborn - standalone DLL that exports databases in cleartext once injected in the KeePass process
https://github.com/d3lb3/KeeFarceReborn#make-keepass-inject-keefarce-reborn-as-a-plugin
]-> Extract Passphrase from Memory (CVE-2023-32784):
https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/credential-harvesting/keepass#abusing-the-keepass-plugin-cache
2. SSH-Harvester - Harvest passwords automatically from OpenSSH server
https://github.com/jm33-m0/SSH-Harvester
@Engineer_Computer
GitHub
GitHub - d3lb3/KeeFarceReborn: A standalone DLL that exports databases in cleartext once injected in the KeePass process.
A standalone DLL that exports databases in cleartext once injected in the KeePass process. - d3lb3/KeeFarceReborn
👍1
PPLdump_Is_Dead_LongLive_PPLdump.pdf
2.3 MB
exploit
Black Hat Asia 2023:
"PPLdump Is Dead. Long Live PPLdump!"
]-> https://github.com/gabriellandau/PPLFault
]-> https://github.com/trustedsec/PPLFaultDumpBOF
@Engineer_Computer
Black Hat Asia 2023:
"PPLdump Is Dead. Long Live PPLdump!"
]-> https://github.com/gabriellandau/PPLFault
]-> https://github.com/trustedsec/PPLFaultDumpBOF
@Engineer_Computer
Dirty_Stream_Attack_Android.pdf
3 MB
WebApp Security
Black Hat Asia 2023:
"Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors"
@Engineer_Computer
Black Hat Asia 2023:
"Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors"
@Engineer_Computer
Machine_Learning_Security.pdf
10.1 MB
Tech book
Machine Learning Security Principles: Keep data, networks, users, and applications safe from prying eyes 2022
@Engineer_Computer
Machine Learning Security Principles: Keep data, networks, users, and applications safe from prying eyes 2022
@Engineer_Computer
ZDZ.pdf
274.9 KB
Whitepaper
Not-Too-Safe Boot: Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms", 2023
@Engineer_Computer
Not-Too-Safe Boot: Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms", 2023
@Engineer_Computer
تو پروسه آموزش و یاددادن همیشه کلی چیز برای یادگیری هست✌️🏻
دارم یه اپ Vue آسیب پذیر آماده میکنم برای آموزش XSS in Vue.js بعد متوجه شدم این XSS ای که از طریق javascript scheme تو attribute href رخ میده زمانی که اتریبیوت target برابر blank_ باشه دیگ آسیب پذیر نیست
مثالش تو عکس بالا
#AppSec #XSS #web_security
@Engineer_Computer
دارم یه اپ Vue آسیب پذیر آماده میکنم برای آموزش XSS in Vue.js بعد متوجه شدم این XSS ای که از طریق javascript scheme تو attribute href رخ میده زمانی که اتریبیوت target برابر blank_ باشه دیگ آسیب پذیر نیست
مثالش تو عکس بالا
#AppSec #XSS #web_security
@Engineer_Computer
👍1
⭕️Red team: Journey from RCE to have total control of Cloud Infrastructure
۱. ابتدا محقق با کشف یک RCE در وب اپ به docker container دسترسی گرفته
۲. سپس متوجه شده که در محیط restrict قرار داره و فقط microdnf نصب هست
۳. محقق متوجه میشه که به subnet های دیگه درون شبکه از طریق container دسترسی داره و از این طریق ip یه gitlab instance رو پیدا میکنه
۴. و بعد متوجه میشه که این instance به CVE-2021-22205 آسیب پذیر هست
۵. بعدش از طریق این CVE به Gitlab و دیتابیس اون دسترسی میگیره و بعد از طریق دسترسی admin استفاده میکنه تا یدونه ریپازیتوری و CI/CD pipeline بسازه برای pivot به Gitlab worker instance
۶. و در Gitlab worker node تونسته تعداد زیادی secret و API KEY و ... و همچنین kubeconfig فایل رو پیدا کنه
برای جزيیات بیشتر مقاله زیر رو بخونید
https://mr-r3bot.github.io/red/team/2023/05/22/From-RCE-to-owning-entire-cloud-infrastructure.html
#RedTeam #RCE #Pivot #DevSecOps
@Engineer_Computer
۱. ابتدا محقق با کشف یک RCE در وب اپ به docker container دسترسی گرفته
۲. سپس متوجه شده که در محیط restrict قرار داره و فقط microdnf نصب هست
۳. محقق متوجه میشه که به subnet های دیگه درون شبکه از طریق container دسترسی داره و از این طریق ip یه gitlab instance رو پیدا میکنه
۴. و بعد متوجه میشه که این instance به CVE-2021-22205 آسیب پذیر هست
۵. بعدش از طریق این CVE به Gitlab و دیتابیس اون دسترسی میگیره و بعد از طریق دسترسی admin استفاده میکنه تا یدونه ریپازیتوری و CI/CD pipeline بسازه برای pivot به Gitlab worker instance
۶. و در Gitlab worker node تونسته تعداد زیادی secret و API KEY و ... و همچنین kubeconfig فایل رو پیدا کنه
برای جزيیات بیشتر مقاله زیر رو بخونید
https://mr-r3bot.github.io/red/team/2023/05/22/From-RCE-to-owning-entire-cloud-infrastructure.html
#RedTeam #RCE #Pivot #DevSecOps
@Engineer_Computer
Quang Vo
Red team: Journey from RCE to have total control of cloud infrastructure
Journey from gaining RCE in a container to Cluster Admin and have completely control of company’s cloud infrastructure
👍1
YARA
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.
🔗https://lnkd.in/dXm__xvA
🔗https://lnkd.in/dvZ5UbP9
-----------------------------------------
2. LOKI
LOKI is a free open-source IOC (Indicator of Compromise) scanner created/written by Florian Roth.
🔗https://lnkd.in/dvMEMKKu
🔗https://lnkd.in/duJNimDp
-----------------------------------------
3. THOR
THOR Lite is Florian's newest multi-platform IOC AND YARA scanner. There are precompiled versions for Windows, Linux, and macOS. A nice feature with THOR Lite is its scan throttling to limit exhausting CPU resources.
🔗https://lnkd.in/d9yHH_ae
-----------------------------------------
4. FENRIR
Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise (IOCs): Hashes, File Names, Strings, C2 Server and Hot Time Frame
🔗https://lnkd.in/d2dPWiXK
-----------------------------------------
5. YAYA
YAYA is a new open-source too
@Engineer_Computer
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.
🔗https://lnkd.in/dXm__xvA
🔗https://lnkd.in/dvZ5UbP9
-----------------------------------------
2. LOKI
LOKI is a free open-source IOC (Indicator of Compromise) scanner created/written by Florian Roth.
🔗https://lnkd.in/dvMEMKKu
🔗https://lnkd.in/duJNimDp
-----------------------------------------
3. THOR
THOR Lite is Florian's newest multi-platform IOC AND YARA scanner. There are precompiled versions for Windows, Linux, and macOS. A nice feature with THOR Lite is its scan throttling to limit exhausting CPU resources.
🔗https://lnkd.in/d9yHH_ae
-----------------------------------------
4. FENRIR
Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise (IOCs): Hashes, File Names, Strings, C2 Server and Hot Time Frame
🔗https://lnkd.in/d2dPWiXK
-----------------------------------------
5. YAYA
YAYA is a new open-source too
@Engineer_Computer
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
tools
Threat_Research
Crawlector - threat hunting framework designed for scanning websites for malicious objects
https://github.com/MFMokbel/Crawlector
@Engineer_Computer
Threat_Research
Crawlector - threat hunting framework designed for scanning websites for malicious objects
https://github.com/MFMokbel/Crawlector
@Engineer_Computer
GitHub
GitHub - MFMokbel/Crawlector: Crawlector is a threat hunting framework designed for scanning websites for malicious objects.
Crawlector is a threat hunting framework designed for scanning websites for malicious objects. - MFMokbel/Crawlector
Cloud Security
Say Goodbye to Bad Passwords: How Azure Active Directory Password Protection can save the day
https://improsec.com/tech-blog/say-goodbye-to-bad-passwords-how-azure-active-directory-password-protection-can-save-the-day
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.03.06
@Engineer_Computer
Say Goodbye to Bad Passwords: How Azure Active Directory Password Protection can save the day
https://improsec.com/tech-blog/say-goodbye-to-bad-passwords-how-azure-active-directory-password-protection-can-save-the-day
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.03.06
@Engineer_Computer
itm8.dk
Skal vi skabe nutidens og fremtidens IT sammen? itm8
Hvad er en itm8? Vi er præcis, hvad navnet siger: Din m8* (*mate), der er ekspert i IT. Vi er din partner til 360 graders IT.
exploit_engineering_linux_kernel (1).pdf
7.3 MB
Offensive security
Exploit Engineering - Attacking the Linux kernel", 2023
]-> https://github.com/nccgroup/libslub
@Engineer_Computer
Exploit Engineering - Attacking the Linux kernel", 2023
]-> https://github.com/nccgroup/libslub
@Engineer_Computer
👍2
SWaTEval.pdf
346 KB
Fuzzing
WebApp Security
SWaTEval: An Evaluation Framework for Stateful Web Application Testing 2023.
]-> Repo: https://github.com/SWaTEval
@Engineer_Computer
WebApp Security
SWaTEval: An Evaluation Framework for Stateful Web Application Testing 2023.
]-> Repo: https://github.com/SWaTEval
@Engineer_Computer
👍2