OpenEDR is free and open source platform allows you to analyze what’s happening across your entire environment at base-security-event level.
https://github.com/ComodoSecurity/openedr
https://github.com/ComodoSecurity/openedr
GitHub
GitHub - ComodoSecurity/openedr: Open EDR public repository
Open EDR public repository. Contribute to ComodoSecurity/openedr development by creating an account on GitHub.
How the MVSC Compiler Generates XFG Function Prototype Hashes
https://blog.quarkslab.com/how-the-mvsc-compiler-generates-xfg-function-prototype-hashes.html
https://blog.quarkslab.com/how-the-mvsc-compiler-generates-xfg-function-prototype-hashes.html
Quarkslab
How the MVSC Compiler Generates XFG Function Prototype Hashes
Windows RpcEptMapper service insecure Registry permissions EoP
https://itm4n.github.io/windows-registry-rpceptmapper-eop/
https://itm4n.github.io/windows-registry-rpceptmapper-eop/
itm4n’s blog
Windows RpcEptMapper Service Insecure Registry Permissions EoP
If you follow me on Twitter, you probably know that I developed my own Windows privilege escalation enumeration script - PrivescCheck - which is a sort of updated and extended version of the famous PowerUp. If you have ever run this script on Windows 7 or…
Smuggling an (Un)exploitable XSS
https://www.rcesecurity.com/2020/11/Smuggling-an-un-exploitable-xss/
https://www.rcesecurity.com/2020/11/Smuggling-an-un-exploitable-xss/
Hypervisor Vulnerability Research: State of the Art (with a deep focus on Hyper-V & ESXi)
https://alisa.sh/slides/HypervisorVulnerabilityResearch2020.pdf
https://alisa.sh/slides/HypervisorVulnerabilityResearch2020.pdf
BloodHound 4.0: Azure extension
https://www.youtube.com/watch?v=gAConW5P5uU
https://posts.specterops.io/introducing-bloodhound-4-0-the-azure-update-9b2b26c5e350
https://www.youtube.com/watch?v=gAConW5P5uU
https://posts.specterops.io/introducing-bloodhound-4-0-the-azure-update-9b2b26c5e350
YouTube
Six Degrees of Global Admin – Andy Robbins & Rohan Vazarkar (SO-CON 2020)
In 2016 we released BloodHound, which helps attackers and defenders alike identify and execute or eliminate attack paths in Active Directory. Since then, BloodHound's collection and analysis capabilities have been limited to Active Directory and domain-joined…
A modular Jupyter notebook to automate / parse your recon to excel including:
- Subdomain Enumeration
- Cloud Enumeration
- GitHub Enumeration
- Shodan and Probing
- + more
https://github.com/obheda12/JupyterPen
- Subdomain Enumeration
- Cloud Enumeration
- GitHub Enumeration
- Shodan and Probing
- + more
https://github.com/obheda12/JupyterPen
GitHub
GitHub - obheda12/JupyterPen: A Repository dedicated to creating modular and automated penetration testing frameworks utilizing…
A Repository dedicated to creating modular and automated penetration testing frameworks utilizing Jupyter Notebooks - GitHub - obheda12/JupyterPen: A Repository dedicated to creating modular and au...
HyperDbg debugger is an open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing and reversing.
https://github.com/HyperDbg/HyperDbg
https://github.com/HyperDbg/HyperDbg
GitHub
GitHub - HyperDbg/HyperDbg: State-of-the-art native debugging tools
State-of-the-art native debugging tools. Contribute to HyperDbg/HyperDbg development by creating an account on GitHub.
Using Nim language for offensive operations
https://github.com/byt3bl33d3r/OffensiveNim
https://secbytes.net/Implant-Roulette-Part-1:-Nimplant
https://github.com/byt3bl33d3r/OffensiveNim
https://secbytes.net/Implant-Roulette-Part-1:-Nimplant
GitHub
GitHub - byt3bl33d3r/OffensiveNim: My experiments in weaponizing Nim (https://nim-lang.org/)
My experiments in weaponizing Nim (https://nim-lang.org/) - byt3bl33d3r/OffensiveNim
ImageMagick - Shell injection via PDF password
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
Blogspot
ImageMagick - Shell injection via PDF password
"Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) includ...
Cross-site Scripting via WHOIS and DNS Records
https://medium.com/tenable-techblog/cross-site-scripting-via-whois-and-dns-records-a25c33667fff
https://medium.com/tenable-techblog/cross-site-scripting-via-whois-and-dns-records-a25c33667fff
Medium
Cross-site Scripting via WHOIS and DNS Records
On a whim, I tossed this into the address field of the registrant data of a domain so it’d appear in whois records…
Lateral movement via MSSQL: a tale of CLR and socket reuse
https://www.blackarrow.net/mssqlproxy-pivoting-clr/
https://www.blackarrow.net/mssqlproxy-pivoting-clr/
Tarlogic Security
Lateral movement via MSSQL: a tale of CLR and socket reuse
Technical details about how to pivot through a Microsoft SQL Server . Using mssql as a proxy for lateral movement
How to run Windows 10 on ARM in Qemu with Hypervisor.framework patches on Apple Silicon Mac
https://gist.github.com/niw/e4313b9c14e968764a52375da41b4278#file-readme-md
https://gist.github.com/niw/e4313b9c14e968764a52375da41b4278#file-readme-md
Gist
How to run Windows 10 on ARM or Ubuntu for ARM64 in QEMU on Apple Silicon Mac
How to run Windows 10 on ARM or Ubuntu for ARM64 in QEMU on Apple Silicon Mac - README.en.md
Forwarded from r0 Crew (Channel)
Big Match: matching open source code in binaries for fun and profit https://rev.ng/blog/big-match/post.html #reverse #dukeBarman
Forwarded from r0 Crew (Channel)
PTM - Page Table Manipulation From Usermode https://back.engineering/01/12/2020/ #exploitation #windows
Private Group Of Back Engineers
PTM - Page Table Manipulation From Usermode
PTM is a Windows 10 C++ library that allows a programmer to manipulate all memory, physical, and virtual from user-mode. The project inherits an interface from VDM allowing the use of a physical memory read-write primitive to fuel this project. VDM is used…
Announcing the Atheris Python Fuzzer
https://opensource.googleblog.com/2020/12/announcing-atheris-python-fuzzer.html
https://opensource.googleblog.com/2020/12/announcing-atheris-python-fuzzer.html
Google Open Source Blog
Announcing the Atheris Python Fuzzer
Google has found thousands of security vulnerabilities and other bugs using Fuzzing. Now we are introducing the Atheris fuzzing engine.