#Red_Team
Tools Developed for RITSEC Red Team Recruiting
https://github.com/jabbate19/Red-Team-Recruiting
@BlueRedTeam
Tools Developed for RITSEC Red Team Recruiting
https://github.com/jabbate19/Red-Team-Recruiting
@BlueRedTeam
GitHub
GitHub - jabbate19/Red-Team-Recruiting: Tools Developed for RITSEC Red Team Recruiting
Tools Developed for RITSEC Red Team Recruiting. Contribute to jabbate19/Red-Team-Recruiting development by creating an account on GitHub.
#Red_Team
A Python package to validate and generate documentation for Atomic Red Team Atomics
https://github.com/MSAdministrator/art-parser
@BlueRedTeam
A Python package to validate and generate documentation for Atomic Red Team Atomics
https://github.com/MSAdministrator/art-parser
@BlueRedTeam
GitHub
GitHub - MSAdministrator/art-parser: A Python package to validate and generate documentation for Atomic Red Team Atomics
A Python package to validate and generate documentation for Atomic Red Team Atomics - GitHub - MSAdministrator/art-parser: A Python package to validate and generate documentation for Atomic Red Tea...
#Red_Team
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022
https://github.com/Ppamo/2022.01---pentesting-web---evaluaci-n-final
@BlueRedTeam
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022
https://github.com/Ppamo/2022.01---pentesting-web---evaluaci-n-final
@BlueRedTeam
GitHub
GitHub - Ppamo/2022.01---pentesting-web---evaluaci-n-final: Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero…
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022 - GitHub - Ppamo/2022.01---pentesting-web---evaluaci-n-final: Evaluación final curso Pentesting Web, Diplomado Red Team,...
#Red_Team
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022
https://github.com/Sohrabian/special-cyber-security-topic
@BlueRedTeam
Evaluación final curso Pentesting Web, Diplomado Red Team, USACH, enero 2022
https://github.com/Sohrabian/special-cyber-security-topic
@BlueRedTeam
GitHub
GitHub - Sohrabian/special-cyber-security-topic: with this cyber security topics you can level up your knowledge for more influnce…
with this cyber security topics you can level up your knowledge for more influnce ( out of the box ) - include every you thinking, it can be developed at any time. it's helpful for &quo...
#Red_Team
A very simple way of running Atomic Red Team tests!
https://github.com/Adam-Mashinchi/atomic-unit-test
@BlueRedTeam
A very simple way of running Atomic Red Team tests!
https://github.com/Adam-Mashinchi/atomic-unit-test
@BlueRedTeam
GitHub
GitHub - Adam-Mashinchi/atomic-unit-test: A very simple way of running Atomic Red Team tests!
A very simple way of running Atomic Red Team tests! - Adam-Mashinchi/atomic-unit-test
#Red_Team
Various Red Team noscripts I'm working on
https://github.com/MdbookTech/redteam-noscripts
@BlueRedTeam
Various Red Team noscripts I'm working on
https://github.com/MdbookTech/redteam-noscripts
@BlueRedTeam
GitHub
GitHub - Mdbook/redteam-noscripts: Various Red Team noscripts I'm working on
Various Red Team noscripts I'm working on. Contribute to Mdbook/redteam-noscripts development by creating an account on GitHub.
#Blue_Team
A curated collection of resources, tools, and other shiny things for cybersecurity blue teams
https://github.com/fabacab/awesome-cybersecurity-blueteam#policy-enforcement
@BlueRedTeam
A curated collection of resources, tools, and other shiny things for cybersecurity blue teams
https://github.com/fabacab/awesome-cybersecurity-blueteam#policy-enforcement
@BlueRedTeam
GitHub
GitHub - fabacab/awesome-cybersecurity-blueteam: :computer:🛡️ A curated collection of awesome resources, tools, and other shiny…
:computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams. - fabacab/awesome-cybersecurity-blueteam
👍1
#Red_Team
1. Moodle: Blind SQL Injection (CVE-2021-36393)
and Broken Access Control (CVE-2021-36397)
https://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html
2. Understanding Process Ghosting in Detail
https://dosxuz.gitlab.io/post/processghosting
@BlueRedTeam
1. Moodle: Blind SQL Injection (CVE-2021-36393)
and Broken Access Control (CVE-2021-36397)
https://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html
2. Understanding Process Ghosting in Detail
https://dosxuz.gitlab.io/post/processghosting
@BlueRedTeam
dosxuz.gitlab.io
Understanding Process Ghosting in Detail
Pre-requisites The following are some pre-requisites, which will help you to enjoy this blog even more
Knowledge about C# Knowledge about the PE structure Familiarity with WinDbg Little knowledge about SysInternals Introduction A few months back, I came to…
Knowledge about C# Knowledge about the PE structure Familiarity with WinDbg Little knowledge about SysInternals Introduction A few months back, I came to…
#Red_Team
In this repo you will get the information of Red Team Security related links
https://github.com/pathakabhi24/RedTeam-Security
@BlueRedTeam
In this repo you will get the information of Red Team Security related links
https://github.com/pathakabhi24/RedTeam-Security
@BlueRedTeam
GitHub
GitHub - pathakabhi24/RedTeam-Security: In this repo you will get the information of Red Team Security related links
In this repo you will get the information of Red Team Security related links - GitHub - pathakabhi24/RedTeam-Security: In this repo you will get the information of Red Team Security related links
#Red_Team
1. PwnKit PoCs
https://sketchymoose.blogspot.com/2022/02/looking-at-some-pwnkit-pocs-for-fun.html
2. Data exfiltration using XXE on a hardened server
https://infosecwriteups.com/data-exfiltration-using-xxe-on-a-hardened-server-ef3a3e5893ac
3. Multiple HTTP Redirects to Bypass SSRF Protections
https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41c
@BlueRedTeam
1. PwnKit PoCs
https://sketchymoose.blogspot.com/2022/02/looking-at-some-pwnkit-pocs-for-fun.html
2. Data exfiltration using XXE on a hardened server
https://infosecwriteups.com/data-exfiltration-using-xxe-on-a-hardened-server-ef3a3e5893ac
3. Multiple HTTP Redirects to Bypass SSRF Protections
https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41c
@BlueRedTeam
Blogspot
Looking at some PwnKit PoCs for Fun
So CVE-2021-4034 provided an interesting situation. It is so easy to exploit and the PoCs came fast and hard. The question of responsible d...
#Red_Team
PDF for the Intro to Security Research - Red Team Hacking
https://github.com/zumaroc/intro-to-security-research
@BlueRedTeam
PDF for the Intro to Security Research - Red Team Hacking
https://github.com/zumaroc/intro-to-security-research
@BlueRedTeam
GitHub
GitHub - zumaroc/intro-to-security-research: PDF for the Intro to Security Research - Red Team Hacking
PDF for the Intro to Security Research - Red Team Hacking - GitHub - zumaroc/intro-to-security-research: PDF for the Intro to Security Research - Red Team Hacking
#Red_Team
Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
https://github.com/KCarretto/paragon
@BlueRedTeam
Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
https://github.com/KCarretto/paragon
@BlueRedTeam
GitHub
GitHub - KCarretto/paragon: Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
Red Team engagement platform with the goal of unifying offensive tools behind a simple UI - KCarretto/paragon
#Red_Team
During pentests or Red Team assessments, it all comes down to our beloved toolbox, containing all the usefull and naughty stuff of a pentester´s every day life. The problem to us is that there are three kind of people outside there.
The first group being the security researchers who develop and publish these tools with the goal of providing knowledge and to rise awareness.
The second group is (besides their own tools) using these tools and techniques to carry out attacks on governments, companies and people.
The last group is trying to keep up with the first two groups by developing and implementing detection mechanisms and countermeasures to defend against the bad guys...
https://luemmelsec.github.io/Circumventing-Countermeasures-In-AD/
@BlueRedTeam
During pentests or Red Team assessments, it all comes down to our beloved toolbox, containing all the usefull and naughty stuff of a pentester´s every day life. The problem to us is that there are three kind of people outside there.
The first group being the security researchers who develop and publish these tools with the goal of providing knowledge and to rise awareness.
The second group is (besides their own tools) using these tools and techniques to carry out attacks on governments, companies and people.
The last group is trying to keep up with the first two groups by developing and implementing detection mechanisms and countermeasures to defend against the bad guys...
https://luemmelsec.github.io/Circumventing-Countermeasures-In-AD/
@BlueRedTeam
luemmelsec.github.io
Sailing Past Security Measures In AD
Today we´re going to talk a little about possible ways to circumvent some of the security measures one might face during an engagement in an Active Directory environment.
We as pentesters are heavily relying on our tools like Bloodhound, Rubeus, mimikatz…
We as pentesters are heavily relying on our tools like Bloodhound, Rubeus, mimikatz…
👍3
#Promo
Discuss information security and vulnerabilities of various systems in the field of programming and social engineering and cryptography and cryptography and malware analysis. If you are interested, join the following channel:
@PFK_Security
Discuss information security and vulnerabilities of various systems in the field of programming and social engineering and cryptography and cryptography and malware analysis. If you are interested, join the following channel:
@PFK_Security
#Blue_Team
1. How to Analyze RTF Template Injection Attacks
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks
2. Moha Phishing Kit, targeting DEWA suppliers
https://stalkphish.com/2022/02/04/phishing-kit-moha-kit-targeting-dewa-suppliers
@BlueRedTeam
1. How to Analyze RTF Template Injection Attacks
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks
2. Moha Phishing Kit, targeting DEWA suppliers
https://stalkphish.com/2022/02/04/phishing-kit-moha-kit-targeting-dewa-suppliers
@BlueRedTeam
letsdefend.io
How to Analyze RTF Template Injection Attacks
Proofpoint security researchers state that cyber attack groups have adopted a new technique called "RTF Template Injection" and reported that this technique has a low detection rate. It is also included in the report that phishing attacks were carried out…
#Red_Team
1. linWinPwn is a bash noscript that automates a number of Active Directory Enumeration and Exploitation steps
https://github.com/lefayjey/linWinPwn
2. MSDT DLL Hijack UAC bypass
https://blog.sevagas.com/?MSDT-DLL-Hijack-UAC-bypass
3. Project Than - Bypass Windows Defender, Using ThreadStackSpoofer, TDP && KCTHijack
https://gitlab.com/ORCA666/3in1
@BlueRedTeam
1. linWinPwn is a bash noscript that automates a number of Active Directory Enumeration and Exploitation steps
https://github.com/lefayjey/linWinPwn
2. MSDT DLL Hijack UAC bypass
https://blog.sevagas.com/?MSDT-DLL-Hijack-UAC-bypass
3. Project Than - Bypass Windows Defender, Using ThreadStackSpoofer, TDP && KCTHijack
https://gitlab.com/ORCA666/3in1
@BlueRedTeam
GitHub
GitHub - lefayjey/linWinPwn: linWinPwn is a bash noscript that streamlines the use of a number of Active Directory tools
linWinPwn is a bash noscript that streamlines the use of a number of Active Directory tools - lefayjey/linWinPwn
#Red_Team
Advanced Process Injection
https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
@BlueRedTeam
Advanced Process Injection
https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
@BlueRedTeam
GitHub
GitHub - RedTeamOperations/Advanced-Process-Injection-Workshop
Contribute to RedTeamOperations/Advanced-Process-Injection-Workshop development by creating an account on GitHub.
#Red_Team
1. A PoC to make defender useless by removing its token privileges and lowering the token integrity
https://github.com/pwn1sher/KillDefender
2. SSRF Testing Resources
https://github.com/cujanovic/SSRF-Testing
3. A Nim implementation of reflective PE-Loading from memory
https://github.com/S3cur3Th1sSh1t/Nim-RunPE
@BlueRedTeam
1. A PoC to make defender useless by removing its token privileges and lowering the token integrity
https://github.com/pwn1sher/KillDefender
2. SSRF Testing Resources
https://github.com/cujanovic/SSRF-Testing
3. A Nim implementation of reflective PE-Loading from memory
https://github.com/S3cur3Th1sSh1t/Nim-RunPE
@BlueRedTeam
GitHub
GitHub - pwn1sher/KillDefender: A small POC to make defender useless by removing its token privileges and lowering the token integrity
A small POC to make defender useless by removing its token privileges and lowering the token integrity - GitHub - pwn1sher/KillDefender: A small POC to make defender useless by removing its token...
👍2
#Blue_Team
Decoding Cobalt Strike:
Understanding Payloads
https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads
]-> Repo:
https://github.com/avast/ioc/tree/master/CobaltStrike
@BlueRedTeam
Decoding Cobalt Strike:
Understanding Payloads
https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads
]-> Repo:
https://github.com/avast/ioc/tree/master/CobaltStrike
@BlueRedTeam
Gendigital
Decoding Cobalt Strike: Understanding payloads
Identifying and Parsing Cobalt Payloads
#Cobalt_Strike
#C2
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
https://github.com/Flangvik/CobaltBus
@BlueRedTeam
#C2
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
https://github.com/Flangvik/CobaltBus
@BlueRedTeam
GitHub
GitHub - Flangvik/CobaltBus: Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus - Flangvik/CobaltBus
👍1