#CVE-2021
#Log4j
Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability)
https://github.com/ankur-katiyar/log4j-docker
@BlueRedTeam
#Log4j
Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability)
https://github.com/ankur-katiyar/log4j-docker
@BlueRedTeam
GitHub
GitHub - ankur-katiyar/log4j-docker: Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability)
Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability) - GitHub - ankur-katiyar/log4j-docker: Docker images and k8s YAMLs for Log4j Vulnerability POC (Log...
#CVE-2021
#log4j
This project will help to test the Log4j CVE-2021-44228 vulnerability.
https://github.com/immunityinc/Log4j-JNDIServer
@BlueRedTeam
#log4j
This project will help to test the Log4j CVE-2021-44228 vulnerability.
https://github.com/immunityinc/Log4j-JNDIServer
@BlueRedTeam
GitHub
GitHub - immunityinc/Log4j-JNDIServer: This project will help to test the Log4j CVE-2021-44228 vulnerability.
This project will help to test the Log4j CVE-2021-44228 vulnerability. - GitHub - immunityinc/Log4j-JNDIServer: This project will help to test the Log4j CVE-2021-44228 vulnerability.
#CVE-2021
#Log4Shell
Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)
https://github.com/guerzon/log4shell
@BlueRedTeam
#Log4Shell
Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)
https://github.com/guerzon/log4shell
@BlueRedTeam
#CVE-2021
#Log4j
A simple noscript to remove Log4J JndiLookup.class from jars in a given directory, to temporarily protect from CVE-2021-45046 and CVE-2021-44228.
https://github.com/lukepasek/log4jjndilookupremove
@BlueRedTeam
#Log4j
A simple noscript to remove Log4J JndiLookup.class from jars in a given directory, to temporarily protect from CVE-2021-45046 and CVE-2021-44228.
https://github.com/lukepasek/log4jjndilookupremove
@BlueRedTeam
GitHub
GitHub - lukepasek/log4jjndilookupremove: A simple noscript to remove Log4J JndiLookup.class from jars in a given directory, to temporarily…
A simple noscript to remove Log4J JndiLookup.class from jars in a given directory, to temporarily protect from CVE-2021-45046 and CVE-2021-44228. - GitHub - lukepasek/log4jjndilookupremove: A simple ...
#CVE-2021
#Log4j
A vulnerable device scanner for CVE-2021-44228 (Log4j)
https://github.com/sblmnl/Scan4j
@BlueRedTeam
#Log4j
A vulnerable device scanner for CVE-2021-44228 (Log4j)
https://github.com/sblmnl/Scan4j
@BlueRedTeam
#CVE-2021
#Log4j
can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046
https://github.com/DANSI/PowerShell-Log4J-Scanner
@BlueRedTeam
#Log4j
can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046
https://github.com/DANSI/PowerShell-Log4J-Scanner
@BlueRedTeam
GitHub
GitHub - DANSI/PowerShell-Log4J-Scanner: can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046
can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046 - DANSI/PowerShell-Log4J-Scanner
#CVE-2021
#Log4j
CVE-2021-4438 LOG4J - Remote excution
https://github.com/longnguyen-2k/log4j
@BlueRedTeam
#Log4j
CVE-2021-4438 LOG4J - Remote excution
https://github.com/longnguyen-2k/log4j
@BlueRedTeam
#Blue_Team
#Log4Shell
Nmap NSE noscripts to check against log4shell/LogJam vulnerabilities (CVE-2021-44228)
https://github.com/Diverto/nse-log4shell
@BlueRedTeam
#Log4Shell
Nmap NSE noscripts to check against log4shell/LogJam vulnerabilities (CVE-2021-44228)
https://github.com/Diverto/nse-log4shell
@BlueRedTeam
GitHub
GitHub - Diverto/nse-log4shell: Nmap NSE noscripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
Nmap NSE noscripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228) - Diverto/nse-log4shell
#Red_Team
1. Price Manipulation Bypass Using Integer Overflow Method
https://marxchryz.medium.com/price-manipulation-bypass-using-integer-overflow-method-36ff23ebe91d
2. Bypassing Box’s Time-based One-Time Password MFA
https://www.varonis.com/blog/box-mfa-bypass-totp
@BlueRedTeam
1. Price Manipulation Bypass Using Integer Overflow Method
https://marxchryz.medium.com/price-manipulation-bypass-using-integer-overflow-method-36ff23ebe91d
2. Bypassing Box’s Time-based One-Time Password MFA
https://www.varonis.com/blog/box-mfa-bypass-totp
@BlueRedTeam
Medium
Price Manipulation Bypass Using Integer Overflow Method
Hello everyone, I am Marx Chryz and I do bug bounty hunting for about a year now. It’s also been two and a half years since I started doing…
#CVE-2021
#Log4j
Simple Python 3 noscript to detect the \"Log4j\" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
https://github.com/kal1gh0st/MyLog4Shell
@BlueRedTeam
#Log4j
Simple Python 3 noscript to detect the \"Log4j\" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
https://github.com/kal1gh0st/MyLog4Shell
@BlueRedTeam
GitHub
GitHub - kal1gh0st/MyLog4Shell: Simple Python 3 noscript to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a…
Simple Python 3 noscript to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading - GitHub - kal1gh0st/MyLog4Shell: Simple Python 3 s...
#Log4j
#CVE-2021
Log4j_dos_CVE-2021-45105
https://github.com/cckuailong/Log4j_dos_CVE-2021-45105
@BlueRedTeam
#CVE-2021
Log4j_dos_CVE-2021-45105
https://github.com/cckuailong/Log4j_dos_CVE-2021-45105
@BlueRedTeam
GitHub
GitHub - cckuailong/Log4j_dos_CVE-2021-45105: Log4j_dos_CVE-2021-45105
Log4j_dos_CVE-2021-45105. Contribute to cckuailong/Log4j_dos_CVE-2021-45105 development by creating an account on GitHub.
#exploit
1. Android: apps have VM_MAYWRITE access to shared zygote JIT mapping
https://bugs.chromium.org/p/project-zero/issues/detail?id=2227
2. CVE-2021-45105:
Log4j2 DOS
https://github.com/cckuailong/Log4j_dos_CVE-2021-45105
@BlueRedTeam
1. Android: apps have VM_MAYWRITE access to shared zygote JIT mapping
https://bugs.chromium.org/p/project-zero/issues/detail?id=2227
2. CVE-2021-45105:
Log4j2 DOS
https://github.com/cckuailong/Log4j_dos_CVE-2021-45105
@BlueRedTeam
GitHub
GitHub - cckuailong/Log4j_dos_CVE-2021-45105: Log4j_dos_CVE-2021-45105
Log4j_dos_CVE-2021-45105. Contribute to cckuailong/Log4j_dos_CVE-2021-45105 development by creating an account on GitHub.
#Red_Team
1. Alternative Process Injection
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
2. HTTP Parameter Pollution
https://medium.com/geekculture/http-parameter-pollution-981af7894c6e
@BlueRedTeam
1. Alternative Process Injection
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
2. HTTP Parameter Pollution
https://medium.com/geekculture/http-parameter-pollution-981af7894c6e
@BlueRedTeam
Netero1010-Securitylab
Alternative Process Injection | Netero1010 Security Lab
21 December 2021
#Red_Team
In this project, I acted as both Red Team and Blue Team, alternately, and examined the Kibana log files that were created by my Red Team actions.
https://github.com/Symantha/Project_2-RedTeam-vs-BlueTeam
@BlueRedTeam
In this project, I acted as both Red Team and Blue Team, alternately, and examined the Kibana log files that were created by my Red Team actions.
https://github.com/Symantha/Project_2-RedTeam-vs-BlueTeam
@BlueRedTeam
GitHub
GitHub - Symantha/Project_2-RedTeam-vs-BlueTeam: In this project, I acted as both Red Team and Blue Team, alternately, and examined…
In this project, I acted as both Red Team and Blue Team, alternately, and examined the Kibana log files that were created by my Red Team actions. - GitHub - Symantha/Project_2-RedTeam-vs-BlueTeam: ...
#CVE-2021
#Log4Shell
Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances, including embedded (jar/war/zip) packaged ones.
https://github.com/HynekPetrak/log4shell_finder
@BlueRedTeam
#Log4Shell
Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances, including embedded (jar/war/zip) packaged ones.
https://github.com/HynekPetrak/log4shell_finder
@BlueRedTeam
GitHub
GitHub - HynekPetrak/log4shell-finder: Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable…
Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excel...
#CVE-2021
#log4j
Vulerability analysis, patch management and exploitation tool CVE-2021-44228 / CVE-2021-45046 / CVE-2021-4104
https://github.com/TheInterception/Log4J-Simulation-Tool
@BlueRedTeam
#log4j
Vulerability analysis, patch management and exploitation tool CVE-2021-44228 / CVE-2021-45046 / CVE-2021-4104
https://github.com/TheInterception/Log4J-Simulation-Tool
@BlueRedTeam
GitHub
GitHub - TheInterception/Log4J-Simulation-Tool: Vulnerability analysis, patch management and exploitation tool forCVE-2021-44228…
Vulnerability analysis, patch management and exploitation tool forCVE-2021-44228 / CVE-2021-45046 / CVE-2021-4104 - TheInterception/Log4J-Simulation-Tool
#Red_Team
1. Primary Access Token Manipulation
https://www.ired.team/offensive-security/privilege-escalation/t1134-access-token-manipulation
2. Cover tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps
https://github.com/mufeedvh/moonwalk
@BlueRedTeam
1. Primary Access Token Manipulation
https://www.ired.team/offensive-security/privilege-escalation/t1134-access-token-manipulation
2. Cover tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps
https://github.com/mufeedvh/moonwalk
@BlueRedTeam
www.ired.team
Primary Access Token Manipulation | Red Team Notes
Defense Evasion, Privilege Escalation by stealing an re-using security access tokens.
#exploit
1. Microsoft Office Word MSHTML RCE
https://github.com/34zY/Microsoft-Office-Word-MSHTML-Remote-Code-Execution-Exploit
2. HSMX Internet Gateway Vulnerability Exploitation including RCE - a guest Wi-Fi system used in hundreds of hotels
https://web.archive.org/web/20211123141312/http://etizazmohsin.com/hsmx.html
@BlueRedTeam
1. Microsoft Office Word MSHTML RCE
https://github.com/34zY/Microsoft-Office-Word-MSHTML-Remote-Code-Execution-Exploit
2. HSMX Internet Gateway Vulnerability Exploitation including RCE - a guest Wi-Fi system used in hundreds of hotels
https://web.archive.org/web/20211123141312/http://etizazmohsin.com/hsmx.html
@BlueRedTeam
GitHub
GitHub - 34zY/Microsoft-Office-Word-MSHTML-Remote-Code-Execution-Exploit: CVE-2021-40444
CVE-2021-40444. Contribute to 34zY/Microsoft-Office-Word-MSHTML-Remote-Code-Execution-Exploit development by creating an account on GitHub.