#BlueTeam
1. Code and yara rules to detect and analyze Cobalt Strike
https://github.com/Te-k/cobaltstrike
]-> https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit
2. APT-Hunter is Threat Hunting tool for windows event logs
https://github.com/ahmedkhlief/APT-Hunter
@BlueRedTeam
1. Code and yara rules to detect and analyze Cobalt Strike
https://github.com/Te-k/cobaltstrike
]-> https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit
2. APT-Hunter is Threat Hunting tool for windows event logs
https://github.com/ahmedkhlief/APT-Hunter
@BlueRedTeam
GitHub
GitHub - Te-k/cobaltstrike: Code and yara rules to detect and analyze Cobalt Strike
Code and yara rules to detect and analyze Cobalt Strike - Te-k/cobaltstrike
#exploit
CVE-2021-21234:
Spring Boot Actuator Logview Directory Traversal
https://pyn3rd.github.io/2021/10/25/CVE-2021-21234-Spring-Boot-Actuator-Logview-Directory-Traversal
@BlueRedTeam
CVE-2021-21234:
Spring Boot Actuator Logview Directory Traversal
https://pyn3rd.github.io/2021/10/25/CVE-2021-21234-Spring-Boot-Actuator-Logview-Directory-Traversal
@BlueRedTeam
Pyn3Rd
CVE-2021-21234 Spring Boot Actuator Logview Directory Traversal
AbstractPrior to spring-boot-actuator-logview 0.2.13, the securityCheck() method exists in LogViewEndpoint, but the securityCheck() method only filter the .. in fileName, ignoring the security check o
#ecploit
Micropatching Unpatched LPE in Mobile Device Management Service (CVE-2021-24084/0day)
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
@BlueRedTeam
Micropatching Unpatched LPE in Mobile Device Management Service (CVE-2021-24084/0day)
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
@BlueRedTeam
0Patch
Micropatching Unpatched Local Privilege Escalation in Mobile Device Management Service (CVE-2021-24084 / 0day)
by Mitja Kolsek, the 0patch Team Update 12/21/2021: Microsoft provided an official fix for this issue on December 14. Our associated mi...
#BlueTeam
Tracking a P2P network related to TA505
https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505
@BlueRedTeam
Tracking a P2P network related to TA505
https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505
@BlueRedTeam
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
#exploit #SSRF
1. CVE-2021-30625:
Google Chrome Blink setBaseAndExtent use after free vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1352
2. VMware vCenter 7.0.2 unauth Arbitrary File Read + SSRF + Reflected XSS
https://github.com/l0ggg/VMware_vCenter
@BlueRedTeam
1. CVE-2021-30625:
Google Chrome Blink setBaseAndExtent use after free vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1352
2. VMware vCenter 7.0.2 unauth Arbitrary File Read + SSRF + Reflected XSS
https://github.com/l0ggg/VMware_vCenter
@BlueRedTeam
GitHub
GitHub - l0ggg/VMware_vCenter: VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS - l0ggg/VMware_vCenter
CVE-2021
Plex media server local privilige escalation poc - CVE-2021-42835
https://github.com/netanelc305/PlEXcalaison
@BlueRedTeam
Plex media server local privilige escalation poc - CVE-2021-42835
https://github.com/netanelc305/PlEXcalaison
@BlueRedTeam
GitHub
GitHub - netanelc305/PlEXcalaison: Plex media server local privilige escalation poc - CVE-2021-42835
Plex media server local privilige escalation poc - CVE-2021-42835 - GitHub - netanelc305/PlEXcalaison: Plex media server local privilige escalation poc - CVE-2021-42835
CVE-2021
A vulnerability scanner that detects CVE-2021-21980 vulnerabilities.
https://github.com/Osyanina/westone-CVE-2021-21980-scanner
@BlueRedTeam
A vulnerability scanner that detects CVE-2021-21980 vulnerabilities.
https://github.com/Osyanina/westone-CVE-2021-21980-scanner
@BlueRedTeam
GitHub
GitHub - Osyanina/westone-CVE-2021-21980-scanner: A vulnerability scanner that detects CVE-2021-21980 vulnerabilities.
A vulnerability scanner that detects CVE-2021-21980 vulnerabilities. - Osyanina/westone-CVE-2021-21980-scanner
#exploit
CVE-2021-42325:
Froxlor Server Management Panel 0.10.28/0.10.29.x - RCE
https://www.exploit-db.com/exploits/50502
@BlueRedTeam
CVE-2021-42325:
Froxlor Server Management Panel 0.10.28/0.10.29.x - RCE
https://www.exploit-db.com/exploits/50502
@BlueRedTeam
Exploit Database
Froxlor 0.10.29.1 - SQL Injection (Authenticated)
Froxlor 0.10.29.1 - SQL Injection (Authenticated). CVE-2021-42325 . webapps exploit for PHP platform
#RedTeam
Red Teaming / Pentesting challenges for my Advent-Of-Code 2021.
https://github.com/fumamatar/Red-Team-Advent-of-Code
@BlueRedTeam
Red Teaming / Pentesting challenges for my Advent-Of-Code 2021.
https://github.com/fumamatar/Red-Team-Advent-of-Code
@BlueRedTeam
GitHub
GitHub - eversinc33/Red-Team-Advent-of-Code: Red Teaming / Pentesting challenges for my Advent-Of-Code 2021.
Red Teaming / Pentesting challenges for my Advent-Of-Code 2021. - eversinc33/Red-Team-Advent-of-Code
#BlueTeam
Detecting Anomalous TLS Certificates
with the Half-Space-Trees Algorithm
https://research.nccgroup.com/2021/12/02/encryption-does-not-equal-invisibility-detecting-anomalous-tls-certificates-with-the-half-space-trees-algorithm
@BlueRedTeam
Detecting Anomalous TLS Certificates
with the Half-Space-Trees Algorithm
https://research.nccgroup.com/2021/12/02/encryption-does-not-equal-invisibility-detecting-anomalous-tls-certificates-with-the-half-space-trees-algorithm
@BlueRedTeam
#RedTeam
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/Nerdarena2/Have-You-Been-An-Avenger-Fan-Or-An-X-Men-Fan-
@BlueRedTeam
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/Nerdarena2/Have-You-Been-An-Avenger-Fan-Or-An-X-Men-Fan-
@BlueRedTeam
CVE-2021
Python tool for exploiting CVE-2021-35616
https://github.com/Ofirhamam/OracleOTM
@BlueRedTeam
Python tool for exploiting CVE-2021-35616
https://github.com/Ofirhamam/OracleOTM
@BlueRedTeam
GitHub
GitHub - Ofirhamam/OracleOTM: Python tool for exploiting CVE-2021-35616
Python tool for exploiting CVE-2021-35616 . Contribute to Ofirhamam/OracleOTM development by creating an account on GitHub.
CVE-2021
CVE-2021-42008: Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
https://github.com/0xdevil/CVE-2021-42008
@BlueRedTeam
CVE-2021-42008: Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
https://github.com/0xdevil/CVE-2021-42008
@BlueRedTeam
GitHub
GitHub - 0xdevil/CVE-2021-42008: CVE-2021-42008: Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
CVE-2021-42008: Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver - 0xdevil/CVE-2021-42008
#RedTeam
Exploits Scripts and other tools that are useful during Penetration-Testing or Red Team engagement
https://github.com/elloa-uea/projeto-pratico-3-rna-pp3-team-equilibrium
@BlueRedTeam
Exploits Scripts and other tools that are useful during Penetration-Testing or Red Team engagement
https://github.com/elloa-uea/projeto-pratico-3-rna-pp3-team-equilibrium
@BlueRedTeam
GitHub
GitHub - elloa-uea/projeto-pratico-3-rna-pp3-team-equilibrium: Análise e predição do tipo de cobertura vegetal (Roosevelt National…
Análise e predição do tipo de cobertura vegetal (Roosevelt National Forest) utilizando redes neurais multicamadas - GitHub - elloa-uea/projeto-pratico-3-rna-pp3-team-equilibrium: Análise e prediçã...
#exploit
CVE-2021-42008:
Linux Kernel Vulnerability in NetApp Products
https://syst3mfailure.io/sixpack-slab-out-of-bounds
2. A simple python PoC to exploit CVE-2021-26814 and gain RCE on Wazuh Manager (v.4.0.0-4.0.3) through the API service
https://github.com/WickdDavid/CVE-2021-26814
@BlueRedTeam
CVE-2021-42008:
Linux Kernel Vulnerability in NetApp Products
https://syst3mfailure.io/sixpack-slab-out-of-bounds
2. A simple python PoC to exploit CVE-2021-26814 and gain RCE on Wazuh Manager (v.4.0.0-4.0.3) through the API service
https://github.com/WickdDavid/CVE-2021-26814
@BlueRedTeam
[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can lead to an overflow in the cooked_buf…
#BlueTeam
1. Protecting Windows protected processes
https://www.elastic.co/blog/protecting-windows-protected-processes
2. Detecting and blocking unknown KnownDlls
https://www.elastic.co/blog/detect-block-unknown-knowndlls-windows-acl-hardening-attacks-cache-poisoning-escalation
@BlueRedTeam
1. Protecting Windows protected processes
https://www.elastic.co/blog/protecting-windows-protected-processes
2. Detecting and blocking unknown KnownDlls
https://www.elastic.co/blog/detect-block-unknown-knowndlls-windows-acl-hardening-attacks-cache-poisoning-escalation
@BlueRedTeam
Elastic Blog
Protecting Windows protected processes
This blog is the first in a two-part series discussing a userland Windows exploit that enables attackers to perform highly privileged actions that typically require a kernel driver....
CVE-2021
Unauthenticated Sensitive Information Disclosure (CVE-2021–38314).
https://github.com/oxctdev/CVE-2021-38314
@BlueRedTeam
Unauthenticated Sensitive Information Disclosure (CVE-2021–38314).
https://github.com/oxctdev/CVE-2021-38314
@BlueRedTeam
GitHub
GitHub - orangmuda/CVE-2021-38314: Unauthenticated Sensitive Information Disclosure (CVE-2021–38314).
Unauthenticated Sensitive Information Disclosure (CVE-2021–38314). - orangmuda/CVE-2021-38314