#ad #rpc #ntlm #privesc

[ Coercer ]

atricle: https://github.com/p0dalirius/windows-coerced-authentication-methods
There is currently 15 known methods in 5 protocols.

tool: https://github.com/p0dalirius/Coercer
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.

🔒 TLSX

Collection of additional assets of a target CIDR/IP/HOST from TLS certificates.

Features:
— Fast And fully configurable TLS Connection
— Multiple Modes for TLS Connection
— Multiple TLS probes
— Auto TLS Fallback for older TLS version
— Pre Handshake TLS connection (early termination)
— Customizable Cipher / SNI / TLS selection
— TLS Misconfigurations
— HOST, IP, URL and CIDR input
— STD IN/OUT and TXT/JSON output

Example:

tlsx -u 209.133.79.0/24 -san -cn -silent -resp-only | dnsx -silent | httpx | nuclei

https://github.com/projectdiscovery/tlsx

#recon #tls #grabber #tools

🧦 Chisel Strike

A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.

https://github.com/m3rcer/Chisel-Strike

#cobaltstrike #socks #proxy #redteam

🎲 Abusing forgotten permissions on computer objects in Active Directory

The post is a dive into permissions that are set when you pre-create computer accounts the wrong way, why BloodHound missed those and how to abuse, fix, or monitor for this.

Resource:
🔗 https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/
🔗 https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/

#ad #permission #acl

Моя статья по пост-эксплуатации взломанного оборудования Cisco вышла в свет.

https://habr.com/ru/post/676942/

ᛝ

👀 PowerView.py

This is an alternative for the awesome original PowerView noscript. Most of the modules used in PowerView are available in this project.

https://github.com/aniqfakhrul/powerview.py

#ad #powerview #python #tools

🪲 Abuse Cloudflare Zerotrust for C2 channels

https://0xsp.com/offensive/red-ops-techniques/abuse-cloudflare-zerotrust-for-c2-channels/

#c2 #cloudflare #zerotrust #redteam

👨‍👩‍👦 Book Can Save A Life

I will be very happy if this book helps at least one person to gain knowledge and learn the science of cybersecurity. The book is mostly practice oriented. This book is dedicated to my wife, Laura, and my children, Yerzhan and Munira. Also, thanks to everyone who is helping me through these difficult times. The proceeds from the sale of this book will be used to treat Munira, who is currently battling for her life at a hospital in Istanbul, Turkey.

The book is divided into three logical chapters:

— Malware development tricks and techniques;
— AV evasion tricks;
— Persistence techniques.

This book costs $16 but you can pay as much as you want. All money will go to the treatment of her daughter.

https://cocomelonc.github.io/book/2022/07/16/mybook.html

Channel author's preface:
Dear cocomelonc (@abuyerzh) I wish you and your daughter health and well-being!

🔓 Unprotect

A project that is meant to provide Malware Analysts and Defenders with actionable insights and detection capabilities to shorten their response times. A catalog of over 200 tricks used by malware to bypass detection and protection tools. There are also rules for detecting these tricks.

https://unprotect.it/

#maldev #evasion #redteam #blueteam

💉 Apache Spark RCE (CVE-2022-33891)

Apache Spark could allow an attacker to execute arbitrary commands on the system, caused by improper input validation of code path in HttpSecurityFilter when ACSs are enabled. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.

PoC (Sleep 10):
http://localhost:8080/?doAs=`echo%20%22c2xlZXAgMTAK%22%20|%20base64%20-d%20|%20bash`

Exploits:
https://github.com/HuskyHacks/cve-2022-33891
https://github.com/W01fh4cker/cve-2022-33891
https://github.com/west-wind/CVE-2022-33891

Shodan Dorks:
http.favicon.hash:856048515

#apache #spark #rce #cve

🔍 OSINT Tools

Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT.

Remini:
The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result.
https://app.remini.ai/

Cleanup.Pictures:
One of the best online photo object removal tools I've ever seen.
https://cleanup.pictures/


#OSINT #IMINT #ImageAnalysis #tools

😈 [ mpgn_x64, mpgn ]

Me after writing ONE vulnerablity out of 10 for the pentest report

🐥 [ tweet ]

Жиза же ну

🐚 PSAsyncShell: Asynchronous Firewall Bypass

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell.

Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections.

🔗 Research:
https://darkbyte.net/psasyncshell-bypasseando-firewalls-con-una-shell-tcp-asincrona/

🔗 Source:
https://github.com/JoelGMSec/PSAsyncShell

#ad #powershell #reverse #shell

🔐 PPLDump

RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows.

https://github.com/last-byte/RIPPL

#ad #ppl #lsass #tools

📒 Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!

https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7

#ad #adcs #certypy #bloodhound

🛡 On Detection: Tactical to Functional

The goal of this series is to facilitate a conversation about the more technical aspects of attacks and how a deeper understanding at the more foundational levels helps to provide a batter base to build assumptions from.

🔗 Part 1: Discovering API Function Usage through Source Code Review
🔗 Part 2: Operations
🔗 Part 3: Expanding the Function Call Graph

#maldev #pinvoke #winapi #detection #blueteam #ttp

🔔 TamperingSyscalls

This is a 2 part novel project consisting of argument spoofing and syscall retrival which both abuse EH in order to subvert EDRs. This project consists of both of these projects in order to provide an alternative solution to direct syscalls.

Research:
🔗 https://fool.ish.wtf/2022/08/feeding-edrs-false-telemetry.html

Source:
🔗 https://github.com/rad9800/TamperingSyscalls

#edr #evasion #maldev #syscall #tampering

🦮 BlueHound

It is an open-source tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network
It is a fork of NeoDash, reimagined, to make it suitable for defensive security purposes.

Blog:
🔗 https://zeronetworks.com/blog/bluehound-community-driven-resilience/

Tool:
🔗 https://github.com/zeronetworks/BlueHound

#ad #sharphound #blueteam

💉ClipboardInject

Abusing the clipboard to inject code into remote processes

This PoC uses the clipboard to copy a payload into a remote process, eliminating the need for VirtualAllocEx/WriteProcessMemory

https://www.x86matthew.com/view_post?id=clipboard_inject

#maldev #injection #clipboard #redteam

🔑 Cobalt Strike Token Vault

This Beacon Object File (BOF) creates in-memory storage for stolen/duplicated Windows access tokens allow you to:

— Hot swap/re-use already stolen tokens without re-duplicating;
— Store tokens for later use in case of a person log out.

https://github.com/Henkru/cs-token-vault

#ad #tokens #c2 #cobalt #redteam