#exploit
1. CVE-2021-35296:
PTCL Modem HG150-Ub - Authentication Bypass through response manipulation
https://github.com/afaq1337/CVE-2021-35296
2. CVE-2017-5816:
RCE in HP Intelligent Management Center (iMC) PLAT
https://oxagast.org/posts/CVE-2017-5816
@BlueRedTeam
1. CVE-2021-35296:
PTCL Modem HG150-Ub - Authentication Bypass through response manipulation
https://github.com/afaq1337/CVE-2021-35296
2. CVE-2017-5816:
RCE in HP Intelligent Management Center (iMC) PLAT
https://oxagast.org/posts/CVE-2017-5816
@BlueRedTeam
GitHub
GitHub - afaq1337/CVE-2021-35296: PoC of CVE-2021-35296 - PTCL Modem HG150-Ub
PoC of CVE-2021-35296 - PTCL Modem HG150-Ub. Contribute to afaq1337/CVE-2021-35296 development by creating an account on GitHub.
#Red_Team
Code for executing simulations used in the \"Training Intelligent Red Team Agents Via Deep Reinforcement Learning\" project
https://github.com/jaredalanis/Red-vs-Blue
@BlueRedTeam
Code for executing simulations used in the \"Training Intelligent Red Team Agents Via Deep Reinforcement Learning\" project
https://github.com/jaredalanis/Red-vs-Blue
@BlueRedTeam
GitHub
GitHub - jaredalanis/Red-vs-Blue: In this project, I will work on a Red Team vs. Blue Team scenario in which I will play the role…
In this project, I will work on a Red Team vs. Blue Team scenario in which I will play the role of both pentester and SOC analyst. As the Red Team, I will attack a vulnerable VM within my environme...
#Blue_Team
CyberSecurity Blue Team Resources
https://blueteamresources.blogspot.com/2022/01/osi-model.html
@BlueRedTeam
CyberSecurity Blue Team Resources
https://blueteamresources.blogspot.com/2022/01/osi-model.html
@BlueRedTeam
#Blue_Team
Backdoor detection for VMware view post Log4j exploitation (CVE-2021-44228)
https://github.com/mr-r3b00t/CVE-2021-44228
@BlueRedTeam
Backdoor detection for VMware view post Log4j exploitation (CVE-2021-44228)
https://github.com/mr-r3b00t/CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - mr-r3b00t/CVE-2021-44228: Backdoor detection for VMware view
Backdoor detection for VMware view. Contribute to mr-r3b00t/CVE-2021-44228 development by creating an account on GitHub.
#Red_Team
A collection of Python noscripts for Red Teaming or otherwise
https://github.com/kussic/offensive-noscripts
@BlueRedTeam
A collection of Python noscripts for Red Teaming or otherwise
https://github.com/kussic/offensive-noscripts
@BlueRedTeam
GitHub
GitHub - rivet1337/offensive-noscripts: A collection of Python noscripts for Red Teaming or otherwise
A collection of Python noscripts for Red Teaming or otherwise - GitHub - rivet1337/offensive-noscripts: A collection of Python noscripts for Red Teaming or otherwise
#exploit
1. CVE-2021-30937:
XNU: heap-use-after-free in inm_merge
https://bugs.chromium.org/p/project-zero/issues/detail?id=2224
2. PHP disable_functions bypass
https://github.com/mm0r1/exploits
@BlueRedTeam
1. CVE-2021-30937:
XNU: heap-use-after-free in inm_merge
https://bugs.chromium.org/p/project-zero/issues/detail?id=2224
2. PHP disable_functions bypass
https://github.com/mm0r1/exploits
@BlueRedTeam
GitHub
GitHub - mm0r1/exploits: Pwn stuff.
Pwn stuff. Contribute to mm0r1/exploits development by creating an account on GitHub.
👍1
#Red_Team
Red Team Templates For Obsidian.md
https://github.com/cwinfosec/redteam_obsidian_templates
@BlueRedTeam
Red Team Templates For Obsidian.md
https://github.com/cwinfosec/redteam_obsidian_templates
@BlueRedTeam
GitHub
GitHub - cwinfosec/redteam_obsidian_templates: Red Team Templates For Obsidian.md
Red Team Templates For Obsidian.md. Contribute to cwinfosec/redteam_obsidian_templates development by creating an account on GitHub.
❤1
#Red_Team
Polymorphic code obfuscator for use in Red Team operations
https://github.com/maltek-labs/Malcode-Obfuscator
@BlueRedTeam
Polymorphic code obfuscator for use in Red Team operations
https://github.com/maltek-labs/Malcode-Obfuscator
@BlueRedTeam
GitHub
GitHub - maltek-labs/Malcode-Obfuscator: Polymorphic code obfuscator for use in Red Team operations
Polymorphic code obfuscator for use in Red Team operations - maltek-labs/Malcode-Obfuscator
#CVE-2021
Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.
https://github.com/puzzlepeaches/Log4jHorizon
@BlueRedTeam
Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.
https://github.com/puzzlepeaches/Log4jHorizon
@BlueRedTeam
GitHub
GitHub - puzzlepeaches/Log4jHorizon: Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.
Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. - puzzlepeaches/Log4jHorizon
#Red_Team
1. EDR Parallel-asis through Analysis
https://www.mdsec.co.uk/2022/01/edr-parallel-asis-through-analysis
2. Bypass IP source restrictions using HTTP headers
https://github.com/p0dalirius/ipsourcebypass
@BlueRedTeam
1. EDR Parallel-asis through Analysis
https://www.mdsec.co.uk/2022/01/edr-parallel-asis-through-analysis
2. Bypass IP source restrictions using HTTP headers
https://github.com/p0dalirius/ipsourcebypass
@BlueRedTeam
MDSec
EDR Parallel-asis through Analysis - MDSec
Introduction Post-exploitation tooling designed to operate within mature environments is frequently required to slip past endpoint detection and response (EDR) software running on the target. EDR frequently operate by hooking...
#Blue_Team
1. Recurring Active Directory Checks
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/recurring-active-directory-checks/ba-p/3047258
2. Cobalt Strike Sleep Mask Kit IOCs
https://github.com/p0dalirius/ipsourcebypass
@BlueRedTeam
1. Recurring Active Directory Checks
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/recurring-active-directory-checks/ba-p/3047258
2. Cobalt Strike Sleep Mask Kit IOCs
https://github.com/p0dalirius/ipsourcebypass
@BlueRedTeam
TECHCOMMUNITY.MICROSOFT.COM
Recurring Active Directory Checks
How to automatically do Active Directory health checks
#exploit
PHP 7.3-8.1 disable_functions bypass using string concatenation (PoC)
https://github.com/mm0r1/exploits/tree/master/php-concat-bypass
@BlueRedTeam
PHP 7.3-8.1 disable_functions bypass using string concatenation (PoC)
https://github.com/mm0r1/exploits/tree/master/php-concat-bypass
@BlueRedTeam
GitHub
exploits/php-concat-bypass at master · mm0r1/exploits
Pwn stuff. Contribute to mm0r1/exploits development by creating an account on GitHub.
#Threat_Research
Polygon Lack Of Balance Check Bugfix Postmortem
https://medium.com/immunefi/polygon-lack-of-balance-check-bugfix-postmortem-2-2m-bounty-64ec66c24c7d
@BlueRedTeam
Polygon Lack Of Balance Check Bugfix Postmortem
https://medium.com/immunefi/polygon-lack-of-balance-check-bugfix-postmortem-2-2m-bounty-64ec66c24c7d
@BlueRedTeam
Medium
Polygon Lack Of Balance Check Bugfix Postmortem — $2.2m Bounty
Whitehat Leon Spacewalker reported a critical vulnerability in Polygon on December 3.
#Red_Team
Red Team Field Manual tips and tricks automated via noscripts for fast and easy access during CTF events.
https://github.com/adm20-dev/rtfm-noscripts
@BlueRedTeam
Red Team Field Manual tips and tricks automated via noscripts for fast and easy access during CTF events.
https://github.com/adm20-dev/rtfm-noscripts
@BlueRedTeam
#exploit
1. Unpacking CVE-2021-40444:
A Deep Technical Analysis of an Office RCE Exploit
https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce
2. CVE-2021-38000:
Chrome Intents Logic Flaw
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-38000.html
@BlueRedTeam
1. Unpacking CVE-2021-40444:
A Deep Technical Analysis of an Office RCE Exploit
https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce
2. CVE-2021-38000:
Chrome Intents Logic Flaw
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-38000.html
@BlueRedTeam
Bill Demirkapi's Blog
Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
In the middle of August 2021, a special Word document was uploaded to VirusTotal by a user from Argentina. Although it was only detected by a single antivirus engine at the time, this sample turned out to be exploiting a zero day vulnerability in Microsoft…
#Red_Team
A cheat sheet that contains advanced queries for SQL Injection of all types
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
@BlueRedTeam
A cheat sheet that contains advanced queries for SQL Injection of all types
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
@BlueRedTeam
GitHub
GitHub - kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.
A cheat sheet that contains advanced queries for SQL Injection of all types. - kleiton0x00/Advanced-SQL-Injection-Cheatsheet
#Blue_Team
1. Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
https://unit42.paloaltonetworks.com/strategically-aged-domain-detection
2. Windows Process Listing using NTQuerySystemInformation
https://tbhaxor.com/windows-process-listing-using-ntquerysysteminformation
@BlueRedTeam
1. Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
https://unit42.paloaltonetworks.com/strategically-aged-domain-detection
2. Windows Process Listing using NTQuerySystemInformation
https://tbhaxor.com/windows-process-listing-using-ntquerysysteminformation
@BlueRedTeam
Unit 42
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
Strategically aged domain detection can capture domains registered by advanced persistent threats or likely to be used for network abuses.
#Blue_Team
An "Attack Path" Mapping Approach to CVEs 2021-42287 and 2021-42278
https://www.trustedsec.com/blog/an-attack-path-mapping-approach-to-cves-2021-42287-and-2021-42278
@BlueRedTeam
An "Attack Path" Mapping Approach to CVEs 2021-42287 and 2021-42278
https://www.trustedsec.com/blog/an-attack-path-mapping-approach-to-cves-2021-42287-and-2021-42278
@BlueRedTeam
TrustedSec
An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278
Figure 1 - CVE 2021-42287 and 2021-42278 Attack Path 1 Diagram While each detection strives for high fidelity and may be able stand on its own accord,…
🔥1
#Red_Team
1. Domain Escalation - sAMAccountName Spoofing
https://pentestlab.blog/2022/01/10/domain-escalation-samaccountname-spoofing
2. Loading dbk64.sys and grabbing a handle to it
https://github.com/ioncodes/ceload
3. O365 - Bypass Malicious Link Analysis
<a href="phishing link">click</a> ==> junk
<a href="" href="phishing link">click</a> ==> inbox
// If you compose an email using the "Reply" function on O365 which has a link, intercept the request and add an extra empty href attribute then O365 won't scan the link anymore
@BlueRedTeam
1. Domain Escalation - sAMAccountName Spoofing
https://pentestlab.blog/2022/01/10/domain-escalation-samaccountname-spoofing
2. Loading dbk64.sys and grabbing a handle to it
https://github.com/ioncodes/ceload
3. O365 - Bypass Malicious Link Analysis
<a href="phishing link">click</a> ==> junk
<a href="" href="phishing link">click</a> ==> inbox
// If you compose an email using the "Reply" function on O365 which has a link, intercept the request and add an extra empty href attribute then O365 won't scan the link anymore
@BlueRedTeam
Penetration Testing Lab
Domain Escalation – sAMAccountName Spoofing
Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack of security controls and hardening that wou…
👍1
#tools
#Blue_Team
1. SysmonSimulator: Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules
https://github.com/ScarredMonk/SysmonSimulator
2. DefenderDetectionhistoryParser: A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables
https://github.com/jklepsercyber/defender-detectionhistory-parser
@BlueRedTeam
#Blue_Team
1. SysmonSimulator: Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules
https://github.com/ScarredMonk/SysmonSimulator
2. DefenderDetectionhistoryParser: A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables
https://github.com/jklepsercyber/defender-detectionhistory-parser
@BlueRedTeam
GitHub
GitHub - ScarredMonk/SysmonSimulator: Sysmon event simulation utility which can be used to simulate the attacks to generate the…
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams. - ScarredMonk/SysmonS...
👍2