#Cobalt_Strike
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
https://github.com/boku7/BokuLoader
@BlueRedTeam
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
https://github.com/boku7/BokuLoader
@BlueRedTeam
GitHub
GitHub - boku7/BokuLoader: A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt…
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! - boku7/BokuLoader
#Blue_Team
1. Hermetic Wiper Malware Detection Rules
https://github.com/stripesoc/detections/tree/main/hermeticwiper
2. CVE-2021-31166 Detection Rules
https://github.com/mvlnetdev/CVE-2021-31166-detection-rules
@BlueRedTeam
1. Hermetic Wiper Malware Detection Rules
https://github.com/stripesoc/detections/tree/main/hermeticwiper
2. CVE-2021-31166 Detection Rules
https://github.com/mvlnetdev/CVE-2021-31166-detection-rules
@BlueRedTeam
GitHub
detections/hermeticwiper at main · stripesoc/detections
KQL detection rules. Contribute to stripesoc/detections development by creating an account on GitHub.
#exploit
1. CVE-2022-21974:
Roaming Security Rights Management Services
Remote Code Execution Vulnerability
https://github.com/0vercl0k/CVE-2022-21974
2. CVE-2022-21971:
Windows Runtime RCE Vulnerability
https://github.com/0vercl0k/CVE-2022-21971
@BlueRedTeam
1. CVE-2022-21974:
Roaming Security Rights Management Services
Remote Code Execution Vulnerability
https://github.com/0vercl0k/CVE-2022-21974
2. CVE-2022-21971:
Windows Runtime RCE Vulnerability
https://github.com/0vercl0k/CVE-2022-21971
@BlueRedTeam
GitHub
GitHub - 0vercl0k/CVE-2022-21974: PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability"
PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability" - 0vercl0k/CVE-2022-21974
#tools
Fuzzing Network Applications with AFL and libdesock
https://lolcads.github.io/posts/2022/02/libdesock
]-> A de-socketing library for fuzzing:
https://github.com/fkie-cad/libdesock
@BlueRedTeam
Fuzzing Network Applications with AFL and libdesock
https://lolcads.github.io/posts/2022/02/libdesock
]-> A de-socketing library for fuzzing:
https://github.com/fkie-cad/libdesock
@BlueRedTeam
lolcads tech blog
libdesock
Fuzzing Network Applications with AFL and libdesock Fuzzing network servers with AFL is challenging since AFL provides its input via stdin or command line arguments while servers get their input over network connections. As the popularity of AFL grew, many…
#tools
#Red_Team
1. Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket
https://github.com/Dramelac/GoldenCopy
2. Jbin Website Secret Scraper will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, secrets, tokens and many other juicy information
https://github.com/h33tlit/Jbin-website-secret-scraper
@BlueRedTeam
#Red_Team
1. Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket
https://github.com/Dramelac/GoldenCopy
2. Jbin Website Secret Scraper will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, secrets, tokens and many other juicy information
https://github.com/h33tlit/Jbin-website-secret-scraper
@BlueRedTeam
GitHub
GitHub - Dramelac/GoldenCopy: Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket. - Dramelac/GoldenCopy
#Blue_Team
HTTP Desync Attacks:
Request Smuggling Reborn
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
]-> Http request smuggling vulnerability scanner:
https://github.com/Sh1Yo/request_smuggler
@BlueRedTeam
HTTP Desync Attacks:
Request Smuggling Reborn
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
]-> Http request smuggling vulnerability scanner:
https://github.com/Sh1Yo/request_smuggler
@BlueRedTeam
#Red_Team
Into the art of Binary Exploitation
Part 4 - Reviving of Satanic-ROP
https://infosecwriteups.com/into-the-art-of-binary-exploitation-0x000004-reviving-of-satanic-rop-5ab604b52341
@BlueRedTeam
Into the art of Binary Exploitation
Part 4 - Reviving of Satanic-ROP
https://infosecwriteups.com/into-the-art-of-binary-exploitation-0x000004-reviving-of-satanic-rop-5ab604b52341
@BlueRedTeam
Medium
Into the art of Binary Exploitation 0x000004[Reviving of Satanic-ROP]
Continuation of sorcery…!!
#exploit
1. CVE-2021-30955:
Apple macOS Kernel Race Condition
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
2. CVE-2021-3489:
Exploitation Analysis of Linux Kernel eBPF RINGBUF Out-of-Bounds Access Vulnerability
https://mp.weixin.qq.com/s/biSNUlzZqqcYiYwfMSaTeg
@BlueRedTeam
1. CVE-2021-30955:
Apple macOS Kernel Race Condition
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
2. CVE-2021-3489:
Exploitation Analysis of Linux Kernel eBPF RINGBUF Out-of-Bounds Access Vulnerability
https://mp.weixin.qq.com/s/biSNUlzZqqcYiYwfMSaTeg
@BlueRedTeam
Gist
CVE-2021-30955 PoC
CVE-2021-30955 PoC. GitHub Gist: instantly share code, notes, and snippets.
#Blue_Team
1. The SpotBugs plugin for security audits of Java web applications and Android applications (also work with Kotlin/Groovy/Scala projects)
https://github.com/find-sec-bugs/find-sec-bugs
2. SOC Skills:
How to Detect Good Apps Gone Bad
https://www.intezer.com/blog/malware-analysis/how-to-detect-legitimate-apps-used-by-attackers
@BlueRedTeam
1. The SpotBugs plugin for security audits of Java web applications and Android applications (also work with Kotlin/Groovy/Scala projects)
https://github.com/find-sec-bugs/find-sec-bugs
2. SOC Skills:
How to Detect Good Apps Gone Bad
https://www.intezer.com/blog/malware-analysis/how-to-detect-legitimate-apps-used-by-attackers
@BlueRedTeam
GitHub
GitHub - find-sec-bugs/find-sec-bugs: The SpotBugs plugin for security audits of Java web applications and Android applications.…
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects) - find-sec-bugs/find-sec-bugs
#Red_Team
1. Golden GMSA Attack
https://www.semperis.com/blog/golden-gmsa-attack
2. Bash Tricks for File Exfiltration over HTTP/S using Flask
https://medium.com/maverislabs/bash-tricks-for-file-exfiltration-over-http-s-using-flask-112aed524ad
@BlueRedTeam
1. Golden GMSA Attack
https://www.semperis.com/blog/golden-gmsa-attack
2. Bash Tricks for File Exfiltration over HTTP/S using Flask
https://medium.com/maverislabs/bash-tricks-for-file-exfiltration-over-http-s-using-flask-112aed524ad
@BlueRedTeam
Semperis
gMSA Active Directory Attacks | Semperis AD Guides
Group Managed Service Accounts (gMSAs) are vulverable to attacks called a "Golden gMSA". Learn more about GMSA Active Directory attacks on our blog.
#Cobalt_Strike
The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command.
https://github.com/N7WEra/SharpAllTheThings
@BlueRedTeam
The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command.
https://github.com/N7WEra/SharpAllTheThings
@BlueRedTeam
GitHub
GitHub - N7WEra/SharpAllTheThings: The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike…
The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command. - N7WEra/SharpAllTheThings
#Red_Team
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/Yuvrajsinh05/Yuvrajsinh05
@BlueRedTeam
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/Yuvrajsinh05/Yuvrajsinh05
@BlueRedTeam
GitHub
GitHub - Yuvrajsinh05/Yuvrajsinh05
Contribute to Yuvrajsinh05/Yuvrajsinh05 development by creating an account on GitHub.
#Red_Team
Red Team, Blue Team, and Network Analysis
https://github.com/Jwulfe/Final-Project
@BlueRedTeam
Red Team, Blue Team, and Network Analysis
https://github.com/Jwulfe/Final-Project
@BlueRedTeam
GitHub
GitHub - Jwulfe/Cyber-Security-Bootcamp-Final-Project: Red Team, Blue Team, and Network Analysis
Red Team, Blue Team, and Network Analysis. Contribute to Jwulfe/Cyber-Security-Bootcamp-Final-Project development by creating an account on GitHub.
#Red_Team
Penetration Testing, Vulnerability Assessment and Red Team Learning
https://github.com/nairuzabulhul/R3d-Buck3T
@BlueRedTeam
Penetration Testing, Vulnerability Assessment and Red Team Learning
https://github.com/nairuzabulhul/R3d-Buck3T
@BlueRedTeam
GitHub
GitHub - nairuzabulhul/R3d-Buck3T: Penetration Testing, Vulnerability Assessment and Red Team Learning
Penetration Testing, Vulnerability Assessment and Red Team Learning - nairuzabulhul/R3d-Buck3T
#Cobalt_Strike
Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.
https://github.com/wumb0/rust_bof
@BlueRedTeam
Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.
https://github.com/wumb0/rust_bof
@BlueRedTeam
GitHub
GitHub - wumb0/rust_bof: Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.
Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc. - wumb0/rust_bof
#Red_Team
Manipulating user passwords without Mimikatz
https://www.trustedsec.com/blog/manipulating-user-passwords-without-mimikatz
@BlueRedTeam
Manipulating user passwords without Mimikatz
https://www.trustedsec.com/blog/manipulating-user-passwords-without-mimikatz
@BlueRedTeam
TrustedSec
Manipulating User Passwords Without Mimikatz
Considering the following scenario: You have control over the n00py user account, which has permissions to reset the password of esteban_da , who is a…
#exploit
OAuth and PostMessage
Chaining misconfigurations for your access token
https://ninetyn1ne.github.io/2022-02-21-oauth-postmessage-misconfig
@BlueRedTeam
OAuth and PostMessage
Chaining misconfigurations for your access token
https://ninetyn1ne.github.io/2022-02-21-oauth-postmessage-misconfig
@BlueRedTeam
surajdisoja.me
OAuth and PostMessage | surajdisoja.me
Chaining misconfigurations for your access token.
#tools
#Red_Team
OSripper: AV evading OSX Backdoor and Crypter Framework
https://github.com/SubGlitch1/OSRipper
@BlueRedTeam
#Red_Team
OSripper: AV evading OSX Backdoor and Crypter Framework
https://github.com/SubGlitch1/OSRipper
@BlueRedTeam
GitHub
GitHub - NoahOksuz/OSRipper: AV evading cross platform Backdoor and Crypter Framework with a integrated lightweight webUI
AV evading cross platform Backdoor and Crypter Framework with a integrated lightweight webUI - NoahOksuz/OSRipper
#Blue_Team
ATT&CK Flow helps executives, SOC managers/defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows
https://github.com/center-for-threat-informed-defense/attack-flow
@BlueRedTeam
ATT&CK Flow helps executives, SOC managers/defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows
https://github.com/center-for-threat-informed-defense/attack-flow
@BlueRedTeam
GitHub
GitHub - center-for-threat-informed-defense/attack-flow: Attack Flow helps executives, SOC managers, and defenders easily understand…
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling att...