Abusing Teams client protocol to bypass Teams security policies
https://o365blog.com/post/teams-policies/
https://o365blog.com/post/teams-policies/
Aadinternals
Abusing Teams client protocol to bypass Teams security policies
Administrators can use teams policies for controlling what users can do in Microsoft Teams.
In this blog, I’ll show that these policies are applied only in client and thus can be easily bypassed.
In this blog, I’ll show that these policies are applied only in client and thus can be easily bypassed.
Forwarded from Noise Security Bit (AM)
EoP 0-day exploited in the wild: Windows Kernel Cryptography Driver cng.sys pool-based buffer overflow in IOCTL 0x390400
PoC: https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=472684
Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
PoC: https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=472684
Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
UAC bypasses from COMAutoApprovalList
https://swapcontext.blogspot.com/2020/11/uac-bypasses-from-comautoapprovallist.html
https://swapcontext.blogspot.com/2020/11/uac-bypasses-from-comautoapprovallist.html
Blogspot
UAC bypasses from COMAutoApprovalList
Intro (This post is made with permission of Arush Agarampur - an original author of all methods described below). Here and below we assu...
OpenEDR is free and open source platform allows you to analyze what’s happening across your entire environment at base-security-event level.
https://github.com/ComodoSecurity/openedr
https://github.com/ComodoSecurity/openedr
GitHub
GitHub - ComodoSecurity/openedr: Open EDR public repository
Open EDR public repository. Contribute to ComodoSecurity/openedr development by creating an account on GitHub.
How the MVSC Compiler Generates XFG Function Prototype Hashes
https://blog.quarkslab.com/how-the-mvsc-compiler-generates-xfg-function-prototype-hashes.html
https://blog.quarkslab.com/how-the-mvsc-compiler-generates-xfg-function-prototype-hashes.html
Quarkslab
How the MVSC Compiler Generates XFG Function Prototype Hashes
Windows RpcEptMapper service insecure Registry permissions EoP
https://itm4n.github.io/windows-registry-rpceptmapper-eop/
https://itm4n.github.io/windows-registry-rpceptmapper-eop/
itm4n’s blog
Windows RpcEptMapper Service Insecure Registry Permissions EoP
If you follow me on Twitter, you probably know that I developed my own Windows privilege escalation enumeration script - PrivescCheck - which is a sort of updated and extended version of the famous PowerUp. If you have ever run this script on Windows 7 or…
Smuggling an (Un)exploitable XSS
https://www.rcesecurity.com/2020/11/Smuggling-an-un-exploitable-xss/
https://www.rcesecurity.com/2020/11/Smuggling-an-un-exploitable-xss/
Hypervisor Vulnerability Research: State of the Art (with a deep focus on Hyper-V & ESXi)
https://alisa.sh/slides/HypervisorVulnerabilityResearch2020.pdf
https://alisa.sh/slides/HypervisorVulnerabilityResearch2020.pdf
BloodHound 4.0: Azure extension
https://www.youtube.com/watch?v=gAConW5P5uU
https://posts.specterops.io/introducing-bloodhound-4-0-the-azure-update-9b2b26c5e350
https://www.youtube.com/watch?v=gAConW5P5uU
https://posts.specterops.io/introducing-bloodhound-4-0-the-azure-update-9b2b26c5e350
YouTube
Six Degrees of Global Admin – Andy Robbins & Rohan Vazarkar (SO-CON 2020)
In 2016 we released BloodHound, which helps attackers and defenders alike identify and execute or eliminate attack paths in Active Directory. Since then, BloodHound's collection and analysis capabilities have been limited to Active Directory and domain-joined…
A modular Jupyter notebook to automate / parse your recon to excel including:
- Subdomain Enumeration
- Cloud Enumeration
- GitHub Enumeration
- Shodan and Probing
- + more
https://github.com/obheda12/JupyterPen
- Subdomain Enumeration
- Cloud Enumeration
- GitHub Enumeration
- Shodan and Probing
- + more
https://github.com/obheda12/JupyterPen
GitHub
GitHub - obheda12/JupyterPen: A Repository dedicated to creating modular and automated penetration testing frameworks utilizing…
A Repository dedicated to creating modular and automated penetration testing frameworks utilizing Jupyter Notebooks - GitHub - obheda12/JupyterPen: A Repository dedicated to creating modular and au...
HyperDbg debugger is an open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing and reversing.
https://github.com/HyperDbg/HyperDbg
https://github.com/HyperDbg/HyperDbg
GitHub
GitHub - HyperDbg/HyperDbg: State-of-the-art native debugging tools
State-of-the-art native debugging tools. Contribute to HyperDbg/HyperDbg development by creating an account on GitHub.
Using Nim language for offensive operations
https://github.com/byt3bl33d3r/OffensiveNim
https://secbytes.net/Implant-Roulette-Part-1:-Nimplant
https://github.com/byt3bl33d3r/OffensiveNim
https://secbytes.net/Implant-Roulette-Part-1:-Nimplant
GitHub
GitHub - byt3bl33d3r/OffensiveNim: My experiments in weaponizing Nim (https://nim-lang.org/)
My experiments in weaponizing Nim (https://nim-lang.org/) - byt3bl33d3r/OffensiveNim
ImageMagick - Shell injection via PDF password
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
Blogspot
ImageMagick - Shell injection via PDF password
"Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) includ...
Cross-site Scripting via WHOIS and DNS Records
https://medium.com/tenable-techblog/cross-site-scripting-via-whois-and-dns-records-a25c33667fff
https://medium.com/tenable-techblog/cross-site-scripting-via-whois-and-dns-records-a25c33667fff
Medium
Cross-site Scripting via WHOIS and DNS Records
On a whim, I tossed this into the address field of the registrant data of a domain so it’d appear in whois records…