Privilege escalation (UAC bypass) in ChangePK
https://medium.com/@mattharr0ey/privilege-escalation-uac-bypass-in-changepk-c40b92818d1b
https://medium.com/@mattharr0ey/privilege-escalation-uac-bypass-in-changepk-c40b92818d1b
Medium
Privilege escalation (UAC bypass) in ChangePK
Introduction It’s been a long time since I decided to to be away from Twitter for a while for self-improvements reasons and finding…
Analyzing a trio of RCE bugs in Intel wireless adapters
https://www.thezdi.com/blog/2020/5/4/analyzing-a-trio-of-remote-code-execution-bugs-in-intel-wireless-adapters
https://www.thezdi.com/blog/2020/5/4/analyzing-a-trio-of-remote-code-execution-bugs-in-intel-wireless-adapters
Zero Day Initiative
Zero Day Initiative — Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters
Earlier this month, we published three memory corruption bugs ( ZDI-20-494 , ZDI-20-495 , and ZDI-20-496 - collectively referred to as CVE-2020-0558) affecting two Windows Wi-Fi drivers for various Intel dual-band wireless adapters. According to the vendor…
Bugs on the Windshield: Fuzzing the Windows Kernel
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/
Check Point Research
Bugs on the Windshield: Fuzzing the Windows Kernel - Check Point Research
Research By: Netanel Ben-Simon and Yoav Alon Background: In our previous research, we used WinAFL to fuzz user-space applications running on Windows, and found over 50 vulnerabilities in Adobe Reader and Microsoft Edge. For our next challenge, we decided…
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/outflanknl/RedELK
https://github.com/outflanknl/RedELK
GitHub
GitHub - outflanknl/RedELK: Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well…
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations. - outflanknl/RedELK
PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)
https://windows-internals.com/printdemon-cve-2020-1048/
https://windows-internals.com/printdemon-cve-2020-1048/
Using Intel PT for Vulnerability Triaging with IPTAnalyzer
https://darungrim.com/research/2020-05-07-UsingIntelPTForVulnerabilityTriagingWithIPTAnalyzer.html
https://darungrim.com/research/2020-05-07-UsingIntelPTForVulnerabilityTriagingWithIPTAnalyzer.html
HugeDomains
DaRunGrim.com is for sale | HugeDomains
Find a domain name today. We make it easy.
PlumHound - BloodHoundAD Report Engine for Security Teams
https://github.com/DefensiveOrigins/PlumHound
https://github.com/DefensiveOrigins/PlumHound
GitHub
DefensiveOrigins/PlumHound
Bloodhound for Blue and Purple Teams. Contribute to DefensiveOrigins/PlumHound development by creating an account on GitHub.
Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 spoofer/man-in-the-middle tool
https://github.com/Kevin-Robertson/InveighZero
https://github.com/Kevin-Robertson/InveighZero
GitHub
GitHub - Kevin-Robertson/InveighZero: .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers - Kevin-Robertson/InveighZero
Introducing Shuffle — an Open Source SOAR platform part 1
https://medium.com/security-operation-capybara/introducing-shuffle-an-open-source-soar-platform-part-1-58a529de7d12
https://medium.com/security-operation-capybara/introducing-shuffle-an-open-source-soar-platform-part-1-58a529de7d12
Medium
Introducing Shuffle — an Open Source SOAR platform part 1
There are two big issues blueteams everywhere have: alert fatigue and a lack of coders. Read on to see how Shuffle can help..
Batch Binary Analysis with IDA Pro 7.4 Automation
https://irq5.io/2020/05/25/batch-binary-analysis-with-ida-pro-7-4-automation/amp/
https://irq5.io/2020/05/25/batch-binary-analysis-with-ida-pro-7-4-automation/amp/
irq5.io
Batch Binary Analysis with IDA Pro 7.4 Automation
It is easy to script analysis steps with IDAPython, but now we want to automate this analysis over, let’s say, 10,000 files. I did a quick Google and I couldn’t find a guide on how to p…
Empire, Kaspersky & Obfuscation oh my!
https://www.offensiveops.io/tools/empire-kaspersky-obfuscation-oh-my/
https://www.offensiveops.io/tools/empire-kaspersky-obfuscation-oh-my/
TrickBot BazarLoader In-Depth
https://cybersecurity.att.com/blogs/labs-research/trickbot-bazarloader-in-depth
https://cybersecurity.att.com/blogs/labs-research/trickbot-bazarloader-in-depth
LevelBlue
LevelBlue Labs Research Blog: Cutting-Edge Cybersecurity Analysis
Explore cutting-edge cybersecurity research and analysis from LevelBlue Labs. Gain deep insights into emerging threats and innovative defenses
When Anti-Virus Engines Look Like Kernel Rootkits
https://volatility-labs.blogspot.com/2020/05/when-anti-virus-engines-look-like.html
https://volatility-labs.blogspot.com/2020/05/when-anti-virus-engines-look-like.html
Blogspot
When Anti-Virus Engines Look Like Kernel Rootkits
While analyzing real-world systems, memory analysts will often encounter anti-virus (AV) engines, EDRs, and similar products that, at first ...
Automating a RedELK deployment using Ansible
https://www.trustedsec.com/blog/automating-a-redelk-deployment-using-ansible/
https://www.trustedsec.com/blog/automating-a-redelk-deployment-using-ansible/
TrustedSec
Automating a RedELK Deployment Using Ansible
Automate your RedELK infrastructure deployment with Ansible, streamlining your red team operations and enhancing visibility with a scalable ELK stack,…
Deep Learning for Insider Threat Detection: Review, Challenges and Opportunities
https://arxiv.org/pdf/2005.12433.pdf
https://arxiv.org/pdf/2005.12433.pdf
Data Mining with Big Data in Intrusion Detection Systems: A Systematic Literature Review
https://arxiv.org/pdf/2005.12267.pdf
https://arxiv.org/pdf/2005.12267.pdf
Automate OctopusC2 RedTeam infrastructure deployment
https://shells.systems/automate-octopus-c2-redteam-infrastructure-deployment/
https://shells.systems/automate-octopus-c2-redteam-infrastructure-deployment/
Shells.Systems
Automate Octopus C2 RedTeam Infrastructure Deployment - Shells.Systems
Estimated Reading Time: 15 minutes Establishing a red team infrastructure for your operation is something you need to take care of every time, and you need to make sure it’s working without any obstacles before you begin your operation. Every time I start…