A collection of various awesome lists for hackers, pentesters and security researchers
https://github.com/Hack-with-Github/Awesome-Hacking
@BlueRedTeam
https://github.com/Hack-with-Github/Awesome-Hacking
@BlueRedTeam
GitHub
GitHub - Hack-with-Github/Awesome-Hacking: A collection of various awesome lists for hackers, pentesters and security researchers
A collection of various awesome lists for hackers, pentesters and security researchers - Hack-with-Github/Awesome-Hacking
👍2
#Red_Team
1. AD CS: from ManageCA to RCE
https://www.blackarrow.net/ad-cs-from-manageca-to-rce
2. Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs
https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis
3. WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory
https://www.x86matthew.com/view_post?id=windows_no_exec&s=09
@BlueRedTeam
1. AD CS: from ManageCA to RCE
https://www.blackarrow.net/ad-cs-from-manageca-to-rce
2. Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs
https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis
3. WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory
https://www.x86matthew.com/view_post?id=windows_no_exec&s=09
@BlueRedTeam
Tarlogic Security
BlackArrow - Offensive security services
BlackArrow is the offensive and defensive security services division of Tarlogic Security. A team of high level professionals
#tools
#Blue_Team
master_librarian - A tool to audit Linux system libraries to find public security vulnerabilities
https://github.com/CoolerVoid/master_librarian
@BlueRedTeam
#Blue_Team
master_librarian - A tool to audit Linux system libraries to find public security vulnerabilities
https://github.com/CoolerVoid/master_librarian
@BlueRedTeam
👍1
#Red_Team
Tool created for Red Team to test default credentials on SSH and WinRM and then execute noscripts with those credentials before the password can be changed by Blue Team.
https://github.com/RITRedteam/StreetCred
@BlueRedTeam
Tool created for Red Team to test default credentials on SSH and WinRM and then execute noscripts with those credentials before the password can be changed by Blue Team.
https://github.com/RITRedteam/StreetCred
@BlueRedTeam
GitHub
GitHub - RITRedteam/StreetCred: Tool created for Red Team to test default credentials on SSH and WinRM and then execute noscripts…
Tool created for Red Team to test default credentials on SSH and WinRM and then execute noscripts with those credentials before the password can be changed by Blue Team. - RITRedteam/StreetCred
#Red_Team
Penetration Testing, Vulnerability Assessment and Red Team Learning
https://github.com/nairuzabulhul/R3d-Buck3T
@BlueRedTeam
Penetration Testing, Vulnerability Assessment and Red Team Learning
https://github.com/nairuzabulhul/R3d-Buck3T
@BlueRedTeam
GitHub
GitHub - nairuzabulhul/R3d-Buck3T: Penetration Testing, Vulnerability Assessment and Red Team Learning
Penetration Testing, Vulnerability Assessment and Red Team Learning - nairuzabulhul/R3d-Buck3T
#Cobalt_Strike
Cobalt Strike 4.5 cracked version.
https://github.com/trewisscotch/CobaltStr4.5
@BlueRedTeam
Cobalt Strike 4.5 cracked version.
https://github.com/trewisscotch/CobaltStr4.5
@BlueRedTeam
👍2
#tools
#Blue_Team
1. Fnord - Pattern Extractor for Obfuscated Code
https://github.com/Neo23x0/Fnord
2. A collection of tools to help audit NPM dependencies for suspicious packages or continuously monitor dependencies for future security events
https://github.com/jfrog/jfrog-npm-tools
@BlueRedTeam
#Blue_Team
1. Fnord - Pattern Extractor for Obfuscated Code
https://github.com/Neo23x0/Fnord
2. A collection of tools to help audit NPM dependencies for suspicious packages or continuously monitor dependencies for future security events
https://github.com/jfrog/jfrog-npm-tools
@BlueRedTeam
GitHub
GitHub - Neo23x0/Fnord: Pattern Extractor for Obfuscated Code
Pattern Extractor for Obfuscated Code. Contribute to Neo23x0/Fnord development by creating an account on GitHub.
#Red_Team
1. SysWhispers integrated shellcode loader w/ ETW patching & anti-sandboxing
https://github.com/ChadMotivation/TymSpecial
2. Kernel mode WinDbg extension and PoCs for token privilege investigation
https://github.com/daem0nc0re/PrivFu
@BlueRedTeam
1. SysWhispers integrated shellcode loader w/ ETW patching & anti-sandboxing
https://github.com/ChadMotivation/TymSpecial
2. Kernel mode WinDbg extension and PoCs for token privilege investigation
https://github.com/daem0nc0re/PrivFu
@BlueRedTeam
Forwarded from Network Penetration Testing
A small library to alter AWS API requests
https://github.com/Frichetten/aws_api_shapeshifter
#Cloud
#API
#AWS
@NetPentesters
https://github.com/Frichetten/aws_api_shapeshifter
#Cloud
#API
#AWS
@NetPentesters
GitHub
GitHub - Frichetten/aws_api_shapeshifter: A small library to alter AWS API requests; Used for fuzzing research
A small library to alter AWS API requests; Used for fuzzing research - Frichetten/aws_api_shapeshifter
#exploit
1. WebKit RCE on iOS 14.1 Exploit
https://gist.github.com/ujin5/6b9a32eedc5a39d714a3a72f06efffe5
2. Writing Anti-Anti-Virus Exploit
https://ptr-yudai.hatenablog.com/entry/2022/02/13/122744
@BlueRedTeam
1. WebKit RCE on iOS 14.1 Exploit
https://gist.github.com/ujin5/6b9a32eedc5a39d714a3a72f06efffe5
2. Writing Anti-Anti-Virus Exploit
https://ptr-yudai.hatenablog.com/entry/2022/02/13/122744
@BlueRedTeam
Gist
WebKit RCE on ios 14.1
WebKit RCE on ios 14.1. GitHub Gist: instantly share code, notes, and snippets.
👍1
#Red_Team
1. Persistence - Notepad++ Plugins
https://pentestlab.blog/2022/02/14/persistence-notepad-plugins
2. Use Flickr app to install malicious apps remotely acting as updates
https://infosecwriteups.com/install-invisible-malicious-apps-remotely-acting-as-updates-71178979ff13
@BlueRedTeam
1. Persistence - Notepad++ Plugins
https://pentestlab.blog/2022/02/14/persistence-notepad-plugins
2. Use Flickr app to install malicious apps remotely acting as updates
https://infosecwriteups.com/install-invisible-malicious-apps-remotely-acting-as-updates-71178979ff13
@BlueRedTeam
Penetration Testing Lab
Persistence – Notepad++ Plugins
It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor. Except of the storage of noscripts and a…
👍1
#Red_Team
Dexter's Red Team Tool that creates cronjob/task scheduler to consistently creates users.
https://github.com/CDT-2215-Team-Bravo/DexterRedTool
@BlueRedTeam
Dexter's Red Team Tool that creates cronjob/task scheduler to consistently creates users.
https://github.com/CDT-2215-Team-Bravo/DexterRedTool
@BlueRedTeam
GitHub
GitHub - CDT-2215-Team-Bravo/DexterRedTool: Dexter's Red Team Tool that creates cronjob/task scheduler to consistently creates…
Dexter's Red Team Tool that creates cronjob/task scheduler to consistently creates users. - GitHub - CDT-2215-Team-Bravo/DexterRedTool: Dexter's Red Team Tool that creates cronjob/...
❤1
#exploit
1. CVE-2022-22536:
SAP NetWeaver Application Server ABAP/Java/ABAP Platform/SAP Content Server/Web Dispatcher memory pipes (MPI) desynchronization vulnerability
https://github.com/antx-code/CVE-2022-22536
2. CVE-2022-0435:
A Remote Stack Overflow in the Linux Kernel
https://www.appgate.com/blog/a-remote-stack-overflow-in-the-linux-kernel
@BlueRedTeam
1. CVE-2022-22536:
SAP NetWeaver Application Server ABAP/Java/ABAP Platform/SAP Content Server/Web Dispatcher memory pipes (MPI) desynchronization vulnerability
https://github.com/antx-code/CVE-2022-22536
2. CVE-2022-0435:
A Remote Stack Overflow in the Linux Kernel
https://www.appgate.com/blog/a-remote-stack-overflow-in-the-linux-kernel
@BlueRedTeam
GitHub
GitHub - ZZ-SOCMAP/CVE-2022-22536: SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536.
SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536. - ZZ-SOCMAP/CVE-2022-22536
#hardening
#Blue_Team
1. A command-line tool to quickly analyze all IPs in a file and see which ones have open ports/vulnerabilities
https://gitlab.com/shodan-public/nrich
2. Active Directory Privilege Escalation Hardening
https://hadess.io/active-directory-privilege-escalation-hardening
@BlueRedTeam
#Blue_Team
1. A command-line tool to quickly analyze all IPs in a file and see which ones have open ports/vulnerabilities
https://gitlab.com/shodan-public/nrich
2. Active Directory Privilege Escalation Hardening
https://hadess.io/active-directory-privilege-escalation-hardening
@BlueRedTeam
GitLab
shodan-public / nrich · GitLab
A command-line tool to quickly analyze all IPs in a file and see which ones have open ports/ vulnerabilities. Can also be fed data from stdin to be...
#Red_Team
1. WAF Bypass Methods
https://hadess.io/waf-bypass-methods
2. 0-Click Account Takeover and 2FA Bypass
https://infosecwriteups.com/a-tale-of-0-click-account-takeover-and-2fa-bypass-b369cd70e42f
3. Object Overloading
https://blog.xpnsec.com/object-overloading
@BlueRedTeam
1. WAF Bypass Methods
https://hadess.io/waf-bypass-methods
2. 0-Click Account Takeover and 2FA Bypass
https://infosecwriteups.com/a-tale-of-0-click-account-takeover-and-2fa-bypass-b369cd70e42f
3. Object Overloading
https://blog.xpnsec.com/object-overloading
@BlueRedTeam
#Red_Team
Blog for tracking internet adventures and open-source projects. Security / Engineering / Red Team / Writeups
https://github.com/0xRJTC/ryanengineers.github.io
@BlueRedTeam
Blog for tracking internet adventures and open-source projects. Security / Engineering / Red Team / Writeups
https://github.com/0xRJTC/ryanengineers.github.io
@BlueRedTeam
#Blue_Team
Attack Surface Monitoring using Open-Source Intelligence
https://infosecwriteups.com/attack-surface-monitoring-using-open-source-intelligence-90415e863e93
@BlueRedTeam
Attack Surface Monitoring using Open-Source Intelligence
https://infosecwriteups.com/attack-surface-monitoring-using-open-source-intelligence-90415e863e93
@BlueRedTeam
Medium
Attack Surface Monitoring using Open-Source Intelligence
The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…
#exploit
#Red_Team
1. Nightmare: One Byte to ROP // Deep Dive Edition
https://hackmd.io/@pepsipu/ry-SK44pt
2. A multi exploit instagram exploitation framework
https://github.com/TheBirdSecurity/Instagram-Exploitation-Framework
@BlueRedTeam
#Red_Team
1. Nightmare: One Byte to ROP // Deep Dive Edition
https://hackmd.io/@pepsipu/ry-SK44pt
2. A multi exploit instagram exploitation framework
https://github.com/TheBirdSecurity/Instagram-Exploitation-Framework
@BlueRedTeam
HackMD
Nightmare: One Byte to ROP // Deep Dive Edition - HackMD
# Nightmare: One Byte to ROP // Deep Dive Edition ## Introduction In this write-up, we'll discuss ho