#exploit
CVE-2021-4034:
pwnkit - LPE in polkit's pkexec
https://github.com/berdav/CVE-2021-4034
https://github.com/Ayrx/CVE-2021-4034
https://github.com/arthepsy/CVE-2021-4034
2. CVE-2022-0185:
Linux Kernel Can Allow Container Escape in Kubernetes
https://github.com/Crusaders-of-Rust/CVE-2022-0185
@BlueRedTeam
CVE-2021-4034:
pwnkit - LPE in polkit's pkexec
https://github.com/berdav/CVE-2021-4034
https://github.com/Ayrx/CVE-2021-4034
https://github.com/arthepsy/CVE-2021-4034
2. CVE-2022-0185:
Linux Kernel Can Allow Container Escape in Kubernetes
https://github.com/Crusaders-of-Rust/CVE-2022-0185
@BlueRedTeam
GitHub
GitHub - berdav/CVE-2021-4034: CVE-2021-4034 1day
CVE-2021-4034 1day. Contribute to berdav/CVE-2021-4034 development by creating an account on GitHub.
#Red_Team
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/Pa1ntex/Classic-Gui---Saktkia51-Script-op-
@BlueRedTeam
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/Pa1ntex/Classic-Gui---Saktkia51-Script-op-
@BlueRedTeam
GitHub
Pa1ntex/Classic-Gui---Saktkia51-Script-op-
local b=game:GetService("Players")local c=game:GetService("ReplicatedStorage")local d=game:GetService("StarterGui")local e=game:GetService(&...
#Red_Team
1. Delegate to KRBTGT service
https://skyblue.team/posts/delegate-krbtgt
2. Attacks on JSON Web Token (JWT)
https://infosecwriteups.com/attacks-on-json-web-token-jwt-278a49a1ad2e
@BlueRedTeam
1. Delegate to KRBTGT service
https://skyblue.team/posts/delegate-krbtgt
2. Attacks on JSON Web Token (JWT)
https://infosecwriteups.com/attacks-on-json-web-token-jwt-278a49a1ad2e
@BlueRedTeam
skyblue.team
Delegate to KRBTGT service | Sky Blueteam
This article describe a new persistence technique in Active Directory that allows to create valid TGT (i.e. have a master key). This technique relies on a Service Account with a Constrained Delegation to the KRBTGT service.
👍1
#exploit
1. CVE-2022-21882:
win32k LPE bypass CVE-2021-1732
https://github.com/KaLendsi/CVE-2022-21882
// tested on windows 20h2 19042
2. Technical Analysis of CVE-2022-22583:
Bypassing macOS System Integrity Protection (SIP)
https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection
@BlueRedTeam
1. CVE-2022-21882:
win32k LPE bypass CVE-2021-1732
https://github.com/KaLendsi/CVE-2022-21882
// tested on windows 20h2 19042
2. Technical Analysis of CVE-2022-22583:
Bypassing macOS System Integrity Protection (SIP)
https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection
@BlueRedTeam
GitHub
GitHub - KaLendsi/CVE-2022-21882: win32k LPE
win32k LPE . Contribute to KaLendsi/CVE-2022-21882 development by creating an account on GitHub.
#tools
#Blue_Team_Techniques
1. Acquiring Logs and Working with different log formats
https://github.com/Cyb3r-Monk/RITA-J
2. WMI for Script Kiddies
https://www.trustedsec.com/blog/wmi-for-noscript-kiddies
3. RipRaw is a small tool to analyse the memory of compromised Linux systems
https://github.com/cado-security/rip_raw
@BlueRedTeam
#Blue_Team_Techniques
1. Acquiring Logs and Working with different log formats
https://github.com/Cyb3r-Monk/RITA-J
2. WMI for Script Kiddies
https://www.trustedsec.com/blog/wmi-for-noscript-kiddies
3. RipRaw is a small tool to analyse the memory of compromised Linux systems
https://github.com/cado-security/rip_raw
@BlueRedTeam
GitHub
GitHub - Cyb3r-Monk/RITA-J: Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring…
Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm. - Cyb3r-Monk/RITA-J
#Red_Team
The all-in-one Red Team extension for Web Pentester 🛠
https://github.com/LasCC/Hack-Tools
@BlueRedTeam
The all-in-one Red Team extension for Web Pentester 🛠
https://github.com/LasCC/Hack-Tools
@BlueRedTeam
GitHub
GitHub - LasCC/HackTools: The all-in-one browser extension for offensive security professionals 🛠
The all-in-one browser extension for offensive security professionals 🛠 - LasCC/HackTools
#Red_Team
1. Bypass Coudflare bot protection using Cloudflare Workers
https://github.com/jychp/cloudflare-bypass
2. Unveiling DNSStager: A tool to hide your payload in DNS
https://shells.systems/unveiling-dnsstager-a-tool-to-hide-your-payload-in-dns
3. Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
https://www.tiraniddo.dev/2021/05/dumping-stored-credentials-with.html
@BlueRedTeam
1. Bypass Coudflare bot protection using Cloudflare Workers
https://github.com/jychp/cloudflare-bypass
2. Unveiling DNSStager: A tool to hide your payload in DNS
https://shells.systems/unveiling-dnsstager-a-tool-to-hide-your-payload-in-dns
3. Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
https://www.tiraniddo.dev/2021/05/dumping-stored-credentials-with.html
@BlueRedTeam
GitHub
GitHub - jychp/cloudflare-bypass: Bypass Coudflare bot protection using Cloudflare Workers
Bypass Coudflare bot protection using Cloudflare Workers - jychp/cloudflare-bypass
👍1
#exploit
1. CVE-2022-23967:
TightVNC Vulnerability
https://github.com/MaherAzzouzi/CVE-2022-23967
2. Exploit to bypass Google's JS security protection
when using MITM phishing tools
https://github.com/456478/evilginx.botguard
@BlueRedTeam
1. CVE-2022-23967:
TightVNC Vulnerability
https://github.com/MaherAzzouzi/CVE-2022-23967
2. Exploit to bypass Google's JS security protection
when using MITM phishing tools
https://github.com/456478/evilginx.botguard
@BlueRedTeam
GitHub
GitHub - MaherAzzouzi/CVE-2022-23967: TightVNC Vulnerability.
TightVNC Vulnerability. Contribute to MaherAzzouzi/CVE-2022-23967 development by creating an account on GitHub.
#Blue_Team
1. Hacktivism and State-Sponsored Knock-Offs
Attributing Deceptive Hack-and-Leak Operations
https://www.sentinelone.com/labs/hacktivism-and-state-sponsored-knock-offs-attributing-deceptive-hack-and-leak-operations
2. Winshark - Wireshark plugin to work with ETW
(Event Tracing for Windows)
https://github.com/airbus-cert/Winshark
@BlueRedTeam
1. Hacktivism and State-Sponsored Knock-Offs
Attributing Deceptive Hack-and-Leak Operations
https://www.sentinelone.com/labs/hacktivism-and-state-sponsored-knock-offs-attributing-deceptive-hack-and-leak-operations
2. Winshark - Wireshark plugin to work with ETW
(Event Tracing for Windows)
https://github.com/airbus-cert/Winshark
@BlueRedTeam
SentinelOne
Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations
Are there still real hacktivists out there or are they all a cover for state-sponsored operations?
#Red_Team
Tool created for Red Team to test default credentials on SSH and WinRM and then execute noscripts with those credentials before the password can be changed by Blue Team.
https://github.com/RITRedteam/bruhdotzip
@BlueRedTeam
Tool created for Red Team to test default credentials on SSH and WinRM and then execute noscripts with those credentials before the password can be changed by Blue Team.
https://github.com/RITRedteam/bruhdotzip
@BlueRedTeam
GitHub
GitHub - RITRedteam/StreetCred: Tool created for Red Team to test default credentials on SSH and WinRM and then execute noscripts…
Tool created for Red Team to test default credentials on SSH and WinRM and then execute noscripts with those credentials before the password can be changed by Blue Team. - GitHub - RITRedteam/StreetC...
#Blue_Team
Node/Proxy in Kubernetes RBAC:
Security Architecture Considerations
https://hackmd.io/tHxwouC4TF20xT5qKt_OuQ
@BlueRedTeam
Node/Proxy in Kubernetes RBAC:
Security Architecture Considerations
https://hackmd.io/tHxwouC4TF20xT5qKt_OuQ
@BlueRedTeam
HackMD
Node/Proxy in Kubernetes RBAC - HackMD
#Red_Team
1. Get fresh Syscalls from a fresh ntdll.dll copy
https://github.com/S3cur3Th1sSh1t/NimGetSyscallStub
2. Exploring the Playstation 5 Security:
ROP userland execution for PS5 (4.03)
https://github.com/ChendoChap/PS5-Webkit-Execution
@BlueRedTeam
1. Get fresh Syscalls from a fresh ntdll.dll copy
https://github.com/S3cur3Th1sSh1t/NimGetSyscallStub
2. Exploring the Playstation 5 Security:
ROP userland execution for PS5 (4.03)
https://github.com/ChendoChap/PS5-Webkit-Execution
@BlueRedTeam
GitHub
GitHub - S3cur3Th1sSh1t/NimGetSyscallStub: Get fresh Syscalls from a fresh ntdll.dll copy
Get fresh Syscalls from a fresh ntdll.dll copy. Contribute to S3cur3Th1sSh1t/NimGetSyscallStub development by creating an account on GitHub.
#exploit
CVE-2022-21882:
Win32k Window Object Type Confusion
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-21882.html
]-> PoC: https://github.com/KaLendsi/CVE-2022-21882
@BlueRedTeam
CVE-2022-21882:
Win32k Window Object Type Confusion
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-21882.html
]-> PoC: https://github.com/KaLendsi/CVE-2022-21882
@BlueRedTeam
GitHub
GitHub - KaLendsi/CVE-2022-21882: win32k LPE
win32k LPE . Contribute to KaLendsi/CVE-2022-21882 development by creating an account on GitHub.
👍1
#Red_Team
1. Delegate to KRBTGT service
https://skyblue.team/posts/delegate-krbtgt
// The main appeal of this technique is that it does not require to be joined to the domain, contrarily to DCSync/Golden Tickets attacks: Only network access to LDAP and Kerberos ports is enough
2. Five Hacking Tips - PWNKIT
https://blog.sysrisk.com/2022/01/29/five-hacking-tips-pwnkit
@BlueRedTeam
1. Delegate to KRBTGT service
https://skyblue.team/posts/delegate-krbtgt
// The main appeal of this technique is that it does not require to be joined to the domain, contrarily to DCSync/Golden Tickets attacks: Only network access to LDAP and Kerberos ports is enough
2. Five Hacking Tips - PWNKIT
https://blog.sysrisk.com/2022/01/29/five-hacking-tips-pwnkit
@BlueRedTeam
skyblue.team
Delegate to KRBTGT service | Sky Blueteam
This article describe a new persistence technique in Active Directory that allows to create valid TGT (i.e. have a master key). This technique relies on a Service Account with a Constrained Delegation to the KRBTGT service.
#Blue_Team
1. Configuring Linux auditd for Threat Detection
https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505
2. Free Ransomware Decryption Tools
https://www.emsisoft.com/ransomware-decryption-tools/deadbolt
@BlueRedTeam
1. Configuring Linux auditd for Threat Detection
https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505
2. Free Ransomware Decryption Tools
https://www.emsisoft.com/ransomware-decryption-tools/deadbolt
@BlueRedTeam
Medium
Linux auditd for Threat Detection [Part 1]
A few years ago, I was asked to define an auditd configuration which would serve as the primary detection technology for a large…
#Red_Team
Tools Developed for RITSEC Red Team Recruiting
https://github.com/jabbate19/Red-Team-Recruiting
@BlueRedTeam
Tools Developed for RITSEC Red Team Recruiting
https://github.com/jabbate19/Red-Team-Recruiting
@BlueRedTeam
GitHub
GitHub - jabbate19/Red-Team-Recruiting: Tools Developed for RITSEC Red Team Recruiting
Tools Developed for RITSEC Red Team Recruiting. Contribute to jabbate19/Red-Team-Recruiting development by creating an account on GitHub.
#Red_Team
A Python package to validate and generate documentation for Atomic Red Team Atomics
https://github.com/MSAdministrator/art-parser
@BlueRedTeam
A Python package to validate and generate documentation for Atomic Red Team Atomics
https://github.com/MSAdministrator/art-parser
@BlueRedTeam
GitHub
GitHub - MSAdministrator/art-parser: A Python package to validate and generate documentation for Atomic Red Team Atomics
A Python package to validate and generate documentation for Atomic Red Team Atomics - GitHub - MSAdministrator/art-parser: A Python package to validate and generate documentation for Atomic Red Tea...
#Red_Team
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022
https://github.com/Ppamo/2022.01---pentesting-web---evaluaci-n-final
@BlueRedTeam
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022
https://github.com/Ppamo/2022.01---pentesting-web---evaluaci-n-final
@BlueRedTeam
GitHub
GitHub - Ppamo/2022.01---pentesting-web---evaluaci-n-final: Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero…
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022 - GitHub - Ppamo/2022.01---pentesting-web---evaluaci-n-final: Evaluación final curso Pentesting Web, Diplomado Red Team,...
#Red_Team
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022
https://github.com/Sohrabian/special-cyber-security-topic
@BlueRedTeam
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022
https://github.com/Sohrabian/special-cyber-security-topic
@BlueRedTeam
GitHub
GitHub - Sohrabian/special-cyber-security-topic: with this cyber security topics you can level up your knowledge for more influnce…
with this cyber security topics you can level up your knowledge for more influnce ( out of the box ) - include every you thinking, it can be developed at any time. it's helpful for &quo...