Audio Unit Plug-ins. Legitimate Un-signed Code Execution
https://posts.specterops.io/audio-unit-plug-ins-896d3434a882
https://posts.specterops.io/audio-unit-plug-ins-896d3434a882
Medium
Audio Unit Plug-ins
Legitimate Un-signed Code Execution
Introducing Winbindex - the Windows Binaries Index
https://m417z.com/Introducing-Winbindex-the-Windows-Binaries-Index/
https://m417z.com/Introducing-Winbindex-the-Windows-Binaries-Index/
M417Z
Introducing Winbindex - the Windows Binaries Index
I indexed all Windows files which appear in Windows update packages, and created a website which allows to quickly view information about the files and download some of them from Microsoft servers. The files that can be downloaded are executable files (currently…
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Check Point Research
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are…
BYPASSING SYMANTEC ENDPOINT PROTECTION FOR FUN & PROFIT (DEFENSE EVASION)
https://cognosec.com/bypassing-symantec-endpoint-protection-for-fun-profit-defense-evasion/
https://cognosec.com/bypassing-symantec-endpoint-protection-for-fun-profit-defense-evasion/
SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet (CVE-2020-1147)
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Hunting for bugs in VirtualBox
https://blog.paulch.ru/2020-07-26-hunting-for-bugs-in-virtualbox-first-take.html
https://blog.paulch.ru/2020-07-26-hunting-for-bugs-in-virtualbox-first-take.html
Applied Purple Teaming Threat Optics Lab - Azure Terraform
https://github.com/DefensiveOrigins/APT-Lab-Terraform
https://github.com/DefensiveOrigins/APT-Lab-Terraform
GitHub
GitHub - DefensiveOrigins/APT-Lab-Terraform: Purple Teaming Attack & Hunt Lab - Terraform
Purple Teaming Attack & Hunt Lab - Terraform. Contribute to DefensiveOrigins/APT-Lab-Terraform development by creating an account on GitHub.
CVE-2020-11518 Unauthenticated RCE in ADSelfService Plus
https://honoki.net/2020/08/10/cve-2020-11518-how-i-bruteforced-my-way-into-your-active-directory/
https://honoki.net/2020/08/10/cve-2020-11518-how-i-bruteforced-my-way-into-your-active-directory/
Noctilucent, tool for Domain Fronting using TLS 1.3
https://github.com/SixGenInc/Noctilucent
DEF CON Safe Mode Talk:
https://youtu.be/TDg092qe50g
https://github.com/SixGenInc/Noctilucent
DEF CON Safe Mode Talk:
https://youtu.be/TDg092qe50g
GitHub
GitHub - SixGenInc/Noctilucent: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise
Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise - SixGenInc/Noctilucent
CVE-2020-1048, CVE-2020-1337. Bugs in Windows Print Spooler
https://github.com/SafeBreach-Labs/Spooler
DEF CON Safe Mode Talk by SafeBreach Labs:
https://youtu.be/RvABLQpiZks
https://github.com/SafeBreach-Labs/Spooler
DEF CON Safe Mode Talk by SafeBreach Labs:
https://youtu.be/RvABLQpiZks
GitHub
SafeBreach-Labs/Spooler
Contribute to SafeBreach-Labs/Spooler development by creating an account on GitHub.
Windows Print Spooler patch bypass re-enables persistent backdoor
https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor
https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor
Zero Day Initiative
Zero Day Initiative — Windows Print Spooler Patch Bypass Re-Enables Persistent Backdoor
In May 2020, Microsoft patched CVE-2020-1048 , a critical privilege escalation bug in Windows. Through this vulnerability, an attacker with the ability to execute low-privileged code on a Windows machine can easily establish a persistent backdoor, allowing…
Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
Medium
Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins
This is a detailed overview of the bugs found while reviewing the source code of WordPress plugins. I cover 3 reported vulnerabilities…
PowerSharpPack. Many usefull offensive CSharp Projects wraped into Powershell
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
GitHub
GitHub - S3cur3Th1sSh1t/PowerSharpPack
Contribute to S3cur3Th1sSh1t/PowerSharpPack development by creating an account on GitHub.
FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking
https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/
https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/
MDSec
FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking - MDSec
Introduction During red team engagements, it is not uncommon to encounter Endpoint Defence & Response (EDR) / Prevention (EDP) products that implement user-land hooks to gain insight in to a...
👍1
Death from Above: Lateral Movement from Azure to On-Prem AD
https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d
https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d
Medium
Death from Above: Lateral Movement from Azure to On-Prem AD
I’ve been looking into Azure attack primitives over the past couple of months to gain a better understanding of how the system works, what…
Introduction to Windows tokens for security practitioners
https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners
https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners
Elastic Blog
Introduction to Windows tokens for security practitioners
Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals. In this blog post, we demystify h...