#APT #Log4j
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit (CharmPower)
https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit
@BlueRedTeam
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit (CharmPower)
https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit
@BlueRedTeam
Check Point Research
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit - Check Point Research
Introduction With the emergence of the Log4j security vulnerability, we’ve already seen multiple threat actors, mostly financially motivated, immediately add it to their exploitation arsenal. It comes as no surprise that some nation-sponsored actors also…
#Blue_Team
1. Abusing MS Office Using Malicious Web Archive Files
https://www.netskope.com/blog/abusing-microsoft-office-using-malicious-web-archive-files
2. A Quick CVE-2022-21907 FAQ
https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234
@BlueRedTeam
1. Abusing MS Office Using Malicious Web Archive Files
https://www.netskope.com/blog/abusing-microsoft-office-using-malicious-web-archive-files
2. A Quick CVE-2022-21907 FAQ
https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234
@BlueRedTeam
Netskope
Abusing Microsoft Office Using Malicious Web Archive Files
Summary In November of 2021, we described several techniques used by attackers to deliver malware through infected Microsoft Office files. In addition to
#CVE-2021
CVE-2021-46075 - A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.
https://github.com/plsanu/CVE-2021-46075
@BlueRedTeam
CVE-2021-46075 - A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.
https://github.com/plsanu/CVE-2021-46075
@BlueRedTeam
GitHub
GitHub - plsanu/CVE-2021-46075: CVE-2021-46075 - A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service…
CVE-2021-46075 - A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations....
#CVE-2021
CVE-2021-46076 - Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.
https://github.com/plsanu/CVE-2021-46076
@BlueRedTeam
CVE-2021-46076 - Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.
https://github.com/plsanu/CVE-2021-46076
@BlueRedTeam
GitHub
GitHub - plsanu/CVE-2021-46076: CVE-2021-46076 - Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload.…
CVE-2021-46076 - Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. -...
#Red_Team
Nim variant of MDSec's Parallel Syscalls EDR hook bypass
https://github.com/frkngksl/ParallelNimcalls
@BlueRedTeam
Nim variant of MDSec's Parallel Syscalls EDR hook bypass
https://github.com/frkngksl/ParallelNimcalls
@BlueRedTeam
GitHub
GitHub - frkngksl/ParallelNimcalls: Nim version of MDSec's Parallel Syscall PoC
Nim version of MDSec's Parallel Syscall PoC. Contribute to frkngksl/ParallelNimcalls development by creating an account on GitHub.
#Blue_Team
1. Identifying beaconing malware using Elastic
https://www.elastic.co/blog/identifying-beaconing-malware-using-elastic#
2. Suspicious named pipe events - 0xFF1B
https://medium.com/falconforce/falconfriday-suspicious-named-pipe-events-0xff1b-fe475d7ebd8
@BlueRedTeam
1. Identifying beaconing malware using Elastic
https://www.elastic.co/blog/identifying-beaconing-malware-using-elastic#
2. Suspicious named pipe events - 0xFF1B
https://medium.com/falconforce/falconfriday-suspicious-named-pipe-events-0xff1b-fe475d7ebd8
@BlueRedTeam
www.elastic.co
Identifying beaconing malware using Elastic — Elastic Security Labs
In this blog, we walk users through identifying beaconing malware in their environment using our beaconing identification framework.
👍2
#Red_Team
Alias identity manager for Red Teams, OSINT collectors, journalists, and privacy-conscious people
https://github.com/mattreduce/sockdrawer
@BlueRedTeam
Alias identity manager for Red Teams, OSINT collectors, journalists, and privacy-conscious people
https://github.com/mattreduce/sockdrawer
@BlueRedTeam
GitHub
GitHub - srcmtd/sockdrawer: Alias identity manager for Red Teams, OSINT collectors, journalists, and privacy-conscious people
Alias identity manager for Red Teams, OSINT collectors, journalists, and privacy-conscious people - srcmtd/sockdrawer
🔥1
DarkSide - Tool Information Gathering & social engineering.
https://github.com/ultrasecurity/DarkSide
@BlueRedTeam
https://github.com/ultrasecurity/DarkSide
@BlueRedTeam
GitHub
GitHub - ultrasecurity/DarkSide: Tool Information Gathering & social engineering Write By [Python,JS,PHP]
Tool Information Gathering & social engineering Write By [Python,JS,PHP] - GitHub - ultrasecurity/DarkSide: Tool Information Gathering & social engineering Write By [Python,JS,PHP]
🔥1
#Red_Team
Flexible C2 framework for Nation State Simulations in Red Team Assessments.
https://github.com/aidden-laoch/sabre
@BlueRedTeam
Flexible C2 framework for Nation State Simulations in Red Team Assessments.
https://github.com/aidden-laoch/sabre
@BlueRedTeam
🔥1
#Red_Team
BreadMan Module Stomping & API Unhooking Using Native APIs
https://medium.com/@Breadman602/breadman-module-stomping-api-unhooking-using-native-apis-b10df89cc0a2
@BlueRedTeam
BreadMan Module Stomping & API Unhooking Using Native APIs
https://medium.com/@Breadman602/breadman-module-stomping-api-unhooking-using-native-apis-b10df89cc0a2
@BlueRedTeam
Medium
BreadMan Module Stomping & API Unhooking Using Native APIs
Introduction
#Blue_Team
1. This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired
https://github.com/mauricelambert/CVE-2022-21907
2. Hardening HashiCorp Vault
https://github.com/hashicorp/vault-selinux-policies
@BlueRedTeam
1. This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired
https://github.com/mauricelambert/CVE-2022-21907
2. Hardening HashiCorp Vault
https://github.com/hashicorp/vault-selinux-policies
@BlueRedTeam
GitHub
GitHub - mauricelambert/CVE-2022-21907: CVE-2022-21907: detection, protection, exploitation and demonstration. Exploitation: Powershell…
CVE-2022-21907: detection, protection, exploitation and demonstration. Exploitation: Powershell, Python, Ruby, NMAP and Metasploit. Detection and protection: Powershell. Demonstration: Youtube. - m...
🔥1
#Red_Team
I'm putting together my class notes, practice results, and other information I accumulate over time on Red Team operation courses and work.
https://github.com/SlyJose/Red-Team
@BlueRedTeam
I'm putting together my class notes, practice results, and other information I accumulate over time on Red Team operation courses and work.
https://github.com/SlyJose/Red-Team
@BlueRedTeam
GitHub
GitHub - SlyJose/Red-Team: I'm putting together my class notes, practice results, and other information I accumulate over time…
I'm putting together my class notes, practice results, and other information I accumulate over time on Red Team operation courses and work. - GitHub - SlyJose/Red-Team: I'm putting ...
#Red_Team
1. Domain Persistence - Machine Account
https://pentestlab.blog/2022/01/17/domain-persistence-machine-account
2. Shell command obfuscation to avoid SIEM/detection system
https://github.com/ariary/volana
@BlueRedTeam
1. Domain Persistence - Machine Account
https://pentestlab.blog/2022/01/17/domain-persistence-machine-account
2. Shell command obfuscation to avoid SIEM/detection system
https://github.com/ariary/volana
@BlueRedTeam
Penetration Testing Lab
Domain Persistence – Machine Account
Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation. However, there are also cases which a…
🔥1
#tools
OpenAPI Security Scanner:
discover authorization security issues
https://github.com/ngalongc/openapi_security_scanner#warning-before-use
@BlueRedTeam
OpenAPI Security Scanner:
discover authorization security issues
https://github.com/ngalongc/openapi_security_scanner#warning-before-use
@BlueRedTeam
GitHub
GitHub - ngalongc/openapi_security_scanner
Contribute to ngalongc/openapi_security_scanner development by creating an account on GitHub.
#Red_Team
I'm putting together my class notes, practice results, and other information I accumulate over time on Red Team operation courses and work.
https://github.com/Raviikanth/working-assgmnt
@BlueRedTeam
I'm putting together my class notes, practice results, and other information I accumulate over time on Red Team operation courses and work.
https://github.com/Raviikanth/working-assgmnt
@BlueRedTeam
GitHub
GitHub - Raviikanth/working-assgmnt: <!DOCTYPE html> <html> <head> <link rel="stylesheet" href="https://stackpath.bootstr…
<!DOCTYPE html> <html> <head> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bo...
👍1🔥1
#Red_Team
#tools
1. A way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification
https://www.varonis.com/blog/box-mfa-bypass-sms
2. A tool for creating hidden accounts using the registry
https://github.com/wgpsec/CreateHiddenAccount
@BlueRedTeam
#tools
1. A way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification
https://www.varonis.com/blog/box-mfa-bypass-sms
2. A tool for creating hidden accounts using the registry
https://github.com/wgpsec/CreateHiddenAccount
@BlueRedTeam
Varonis
Mixed Messages: Busting Box’s MFA Methods | Varonis
Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.