برای دوستانی که علاقه مند به یاد گیری تست نفوذ هستند و در سطح مقدماتی هستند :
( هدف این کانال یاد دادن تست نفوذ شبکه هست . )
@Unique_exploit
( هدف این کانال یاد دادن تست نفوذ شبکه هست . )
@Unique_exploit
#tools
#RedTeam
1. Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu
2. Cobalt Strike Aggressor Script that Performs
System/AV/EDR Recon
https://github.com/optiv/Registry-Recon
@BlueRedTeam
#RedTeam
1. Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu
2. Cobalt Strike Aggressor Script that Performs
System/AV/EDR Recon
https://github.com/optiv/Registry-Recon
@BlueRedTeam
GitHub
GitHub - kindtime/nosferatu: Windows NTLM Authentication Backdoor
Windows NTLM Authentication Backdoor. Contribute to kindtime/nosferatu development by creating an account on GitHub.
#exploit
1. CVE-2021-42321:
Exchange Post-Auth RCE
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
2. CVE-2021-22053:
Spring Cloud Netflix Hystrix Dashboard
template resolution vulnerability
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
@BlueRedTeam
1. CVE-2021-42321:
Exchange Post-Auth RCE
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
2. CVE-2021-22053:
Spring Cloud Netflix Hystrix Dashboard
template resolution vulnerability
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
@BlueRedTeam
Gist
PoC of CVE-2021-42321: pop mspaint.exe on the target
PoC of CVE-2021-42321: pop mspaint.exe on the target - CVE-2021-42321_poc.py
#BlueTeam
1. Command injection prevention for Python
https://semgrep.dev/docs/cheat-sheets/python-command-injection
2. Defender’s Mindset
https://medium.com/@johnlatwc/defenders-mindset-319854d10aaa
@BlueRedTeam
1. Command injection prevention for Python
https://semgrep.dev/docs/cheat-sheets/python-command-injection
2. Defender’s Mindset
https://medium.com/@johnlatwc/defenders-mindset-319854d10aaa
@BlueRedTeam
semgrep.dev
Command Injection in Python | Semgrep
Cheat sheet for the prevention of Command Injection vulnerabilities for Python.
#exploit
CVE-2021-41379:
Windows installer LPE 0day
https://github.com/klinix5/InstallerFileTakeOver
@BlueRedTeam
CVE-2021-41379:
Windows installer LPE 0day
https://github.com/klinix5/InstallerFileTakeOver
@BlueRedTeam
#Threat_Research
1. Unauthenticated RCE against CommVault Command Center
https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html
]-> PoC: https://srcincite.io/pocs/cve-2021-%7B34993,34996%7D.py.txt
2. A review of Microsoft Azure Sphere vulnerabilities
https://blog.talosintelligence.com/2021/11/a-review-of-azure-sphere.html?m=1
3. Exploiting the Qualcomm NPU (neural processing unit) kernel driver (CVE-2021-1940, CVE-2021-1968, CVE-2021-1969)
https://securitylab.github.com/research/qualcomm_npu
@BlueRedTeam
1. Unauthenticated RCE against CommVault Command Center
https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html
]-> PoC: https://srcincite.io/pocs/cve-2021-%7B34993,34996%7D.py.txt
2. A review of Microsoft Azure Sphere vulnerabilities
https://blog.talosintelligence.com/2021/11/a-review-of-azure-sphere.html?m=1
3. Exploiting the Qualcomm NPU (neural processing unit) kernel driver (CVE-2021-1940, CVE-2021-1968, CVE-2021-1969)
https://securitylab.github.com/research/qualcomm_npu
@BlueRedTeam
CVE-2021
Python 3 noscript to identify CVE-2021-26084 via network requests.
URL:https://github.com/quesodipesto/conflucheck
@BlueRedTeam
Python 3 noscript to identify CVE-2021-26084 via network requests.
URL:https://github.com/quesodipesto/conflucheck
@BlueRedTeam
GitHub
GitHub - quesodipesto/conflucheck: Python 3 noscript to identify CVE-2021-26084 via network requests.
Python 3 noscript to identify CVE-2021-26084 via network requests. - quesodipesto/conflucheck
Red Team
A collection of Python noscripts for Red Teaming or otherwise
URL:https://github.com/wethered/offensive-noscripts
@BlueRedTeam
A collection of Python noscripts for Red Teaming or otherwise
URL:https://github.com/wethered/offensive-noscripts
@BlueRedTeam
GitHub
GitHub - rivet1337/offensive-noscripts: A collection of Python noscripts for Red Teaming or otherwise
A collection of Python noscripts for Red Teaming or otherwise - GitHub - rivet1337/offensive-noscripts: A collection of Python noscripts for Red Teaming or otherwise
#exploit
CVE-2021-43557:
Apache APISIX: Path traversal in request_uri variable
https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable
]-> PoC:
https://github.com/xvnpw/k8s-CVE-2021-43557-poc
@BlueRedTeam
CVE-2021-43557:
Apache APISIX: Path traversal in request_uri variable
https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable
]-> PoC:
https://github.com/xvnpw/k8s-CVE-2021-43557-poc
@BlueRedTeam
xvnpw personal blog
CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable
In this article I will present my research on insecure usage of $request_uri variable in Apache APISIX ingress controller. My work end up in submit of security vulnerability, which was positively confirmed and got CVE-2021-43557. At the end of article I will…
#RedTeam
RCE with SSRF and File Write as an exploit chain
on Apache Guacamole
https://thinkloveshare.com/hacking/hacking_guacamole_to_trigger_avocado
@BlueRedTeam
RCE with SSRF and File Write as an exploit chain
on Apache Guacamole
https://thinkloveshare.com/hacking/hacking_guacamole_to_trigger_avocado
@BlueRedTeam
Thinkloveshare
RCE with SSRF and File Write as an exploit chain on Apache Guacamole
While doing research on various topics, I stood upon Guacamole, a software that can be used as a connection bastion or protocolar gateway. It has many original vulnerabilities that lead to a Remote Code Execution once chained. Let's begin, shall we?
منابع تست نفوذ شبکه و امنیت شبکه :
@NetPentester
Network penetration testing resources and network security :
@NetPentesters
@NetPentester
Network penetration testing resources and network security :
@NetPentesters
#RedTeam
Download Linux & Windows Binaries/Scripts used for Red Teaming & Pentesting
https://github.com/mashm3ll0w/pentest-tool
@BlueRedTeam
Download Linux & Windows Binaries/Scripts used for Red Teaming & Pentesting
https://github.com/mashm3ll0w/pentest-tool
@BlueRedTeam
#RedTeam
Red Teaming Tactics and Techniques
https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques
@BlueRedTeam
Red Teaming Tactics and Techniques
https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques
@BlueRedTeam
GitHub
GitHub - mantvydasb/RedTeaming-Tactics-and-Techniques: Red Teaming Tactics and Techniques
Red Teaming Tactics and Techniques. Contribute to mantvydasb/RedTeaming-Tactics-and-Techniques development by creating an account on GitHub.
#RedTeam
Penetration Testing, Red Teaming, Bug Bounty, CTF Write-ups
https://github.com/4t0ys3d/4t0ys3d.github.io
@BlueRedTeam
Penetration Testing, Red Teaming, Bug Bounty, CTF Write-ups
https://github.com/4t0ys3d/4t0ys3d.github.io
@BlueRedTeam
GitHub
GitHub - 4t0ys3d/4t0ys3d.github.io: Penetration Testing, Red Teaming, Bug Bounty, CTF Write-ups
Penetration Testing, Red Teaming, Bug Bounty, CTF Write-ups - 4t0ys3d/4t0ys3d.github.io
#Threat_Research
1. Looking for vulnerabilities in MediaTek audio DSP
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp
// CVE-2021-0661, CVE-2021-0662, CVE-2021-0663
2. Hunting for Vulnerabilities in VirtualBox Network Offloads
https://www.sentinelone.com/labs/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads
// CVE-2021-2145, CVE-2021-2310, CVE-2021-2442
@BlueRedTeam
1. Looking for vulnerabilities in MediaTek audio DSP
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp
// CVE-2021-0661, CVE-2021-0662, CVE-2021-0663
2. Hunting for Vulnerabilities in VirtualBox Network Offloads
https://www.sentinelone.com/labs/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads
// CVE-2021-2145, CVE-2021-2310, CVE-2021-2442
@BlueRedTeam
Check Point Research
Looking for vulnerabilities in MediaTek audio DSP - Check Point Research
Research By: Slava Makkaveev Introduction Taiwan’s MediaTek has been the global smartphone chip leader since Q3 2020. MediaTek Systems on a chip (SoCs) are embedded in approximately 37% of all smartphones and IoT devices in the world, including high-end phones…
#RedTeam
1. Finding XSS on .apple.com and building a proof of concept to leak your PII information
https://zseano.medium.com/finding-xss-on-apple-com-and-building-a-proof-of-concept-to-leak-your-pii-information-d7bc93cff2df
2. Using CVE-2021-40531 for RCE with Sketch
https://jonpalmisc.com/2021/11/22/cve-2021-40531
@BlueRedTeam
1. Finding XSS on .apple.com and building a proof of concept to leak your PII information
https://zseano.medium.com/finding-xss-on-apple-com-and-building-a-proof-of-concept-to-leak-your-pii-information-d7bc93cff2df
2. Using CVE-2021-40531 for RCE with Sketch
https://jonpalmisc.com/2021/11/22/cve-2021-40531
@BlueRedTeam
Medium
Finding XSS on .apple.com and building a proof of concept to leak your PII information
Back in February of this year I hacked with members of BugBountyHunter.com on a public bug bounty program and we chose Apple as our target…
CVE-2021
Local PoC exploit for CVE-2021-43267 (Linux TIPC)
https://github.com/ohnonoyesyes/CVE-2021-43267
@BlueRedTeam
Local PoC exploit for CVE-2021-43267 (Linux TIPC)
https://github.com/ohnonoyesyes/CVE-2021-43267
@BlueRedTeam