#tools
#Red_Team
Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
https://github.com/FULLSHADE/Auto-Elevate
@BlueRedTeam
#Red_Team
Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
https://github.com/FULLSHADE/Auto-Elevate
@BlueRedTeam
GitHub
GitHub - FULLSHADE/Auto-Elevate: Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit…
Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation - FULLSHADE/Auto-Elevate
#Cobalt_Strike
A collection of C# utilities intended to be used with Cobalt Strike's execute-assembly
https://github.com/breakid/SharpUtils
@BlueRedTeam
A collection of C# utilities intended to be used with Cobalt Strike's execute-assembly
https://github.com/breakid/SharpUtils
@BlueRedTeam
GitHub
GitHub - breakid/SharpUtils: A collection of C# utilities intended to be used with Cobalt Strike's execute-assembly
A collection of C# utilities intended to be used with Cobalt Strike's execute-assembly - GitHub - breakid/SharpUtils: A collection of C# utilities intended to be used with Cobalt Strike&...
#Red_Team
CTF Writeups / Penetration testing / Red Teaming
https://github.com/sujal11111/1337redteamer.github.io
@BlueRedTeam
CTF Writeups / Penetration testing / Red Teaming
https://github.com/sujal11111/1337redteamer.github.io
@BlueRedTeam
#exploit
1. CVE-2022-23648:
containerd: Insecure handling of image volumes
https://bugs.chromium.org/p/project-zero/issues/detail?id=2244
2. Exploit tool for CVE-2021-43008
Adminer 1.0 - 4.6.2 Arbitrary File Read vulnerability
https://github.com/p0dalirius/CVE-2021-43008-AdminerRead
@BlueRedTeam
1. CVE-2022-23648:
containerd: Insecure handling of image volumes
https://bugs.chromium.org/p/project-zero/issues/detail?id=2244
2. Exploit tool for CVE-2021-43008
Adminer 1.0 - 4.6.2 Arbitrary File Read vulnerability
https://github.com/p0dalirius/CVE-2021-43008-AdminerRead
@BlueRedTeam
GitHub
GitHub - p0dalirius/CVE-2021-43008-AdminerRead: Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability - GitHub - p0dalirius/CVE-2021-43008-AdminerRead: Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 ...
#Red_Team
Bypassing MFA with Pass-the-Cookie
https://stealthbits.com/blog/bypassing-mfa-with-pass-the-cookie
@BlueRedTeam
Bypassing MFA with Pass-the-Cookie
https://stealthbits.com/blog/bypassing-mfa-with-pass-the-cookie
@BlueRedTeam
#Cobalt_Strike
Useful Cobalt Strike BOFs found or used during engagements
https://github.com/wsummerhill/CobaltStrike_BOF_Collections
@BlueRedTeam
Useful Cobalt Strike BOFs found or used during engagements
https://github.com/wsummerhill/CobaltStrike_BOF_Collections
@BlueRedTeam
GitHub
GitHub - wsummerhill/CobaltStrike_BOF_Collections: Useful Cobalt Strike BOFs found or used during engagements
Useful Cobalt Strike BOFs found or used during engagements - wsummerhill/CobaltStrike_BOF_Collections
#Cobalt_Strike
Agressor noscript that lists available Cobalt Strike beacon commands and colors them based on their type
https://github.com/outflanknl/HelpColor
@BlueRedTeam
Agressor noscript that lists available Cobalt Strike beacon commands and colors them based on their type
https://github.com/outflanknl/HelpColor
@BlueRedTeam
GitHub
GitHub - outflanknl/HelpColor: Agressor noscript that lists available Cobalt Strike beacon commands and colors them based on their…
Agressor noscript that lists available Cobalt Strike beacon commands and colors them based on their type - outflanknl/HelpColor
👍2
#Red_Team
1. TCC ClickJacking:
A proof of concept for a ClickJacking attack on macOS
https://github.com/breakpointHQ/TCC-ClickJacking
2. iOS Hacking - A Beginner's Guide to Hacking iOS Apps (2022)
https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
@BlueRedTeam
1. TCC ClickJacking:
A proof of concept for a ClickJacking attack on macOS
https://github.com/breakpointHQ/TCC-ClickJacking
2. iOS Hacking - A Beginner's Guide to Hacking iOS Apps (2022)
https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
@BlueRedTeam
GitHub
GitHub - breakpointHQ/TCC-ClickJacking: A proof of concept for a clickjacking attack on macOS.
A proof of concept for a clickjacking attack on macOS. - breakpointHQ/TCC-ClickJacking
❤3
#Blue_Team
The LAPSUS$ Group - A Chaotic Start of Ransomware-free Extortion
https://www.picussecurity.com/resource/the-lapsus-group-a-chaotic-start-of-ransomware-free-extortion
Lapsus Group IOC
@BlueRedTeam
The LAPSUS$ Group - A Chaotic Start of Ransomware-free Extortion
https://www.picussecurity.com/resource/the-lapsus-group-a-chaotic-start-of-ransomware-free-extortion
Lapsus Group IOC
@BlueRedTeam
Picussecurity
The LAPSUS$ Group - A Chaotic Start of Ransomware-free Extortion
This article explains the LAPSUS$ group that threatened to leak the data of breached organizations, such as Octa and Microsoft, without using ransomware.
#Red_Team #Malware
Rootkit for Windows 10/11
Cronos is a Windows 10/11 x64 Ring 0 rootkit. Can hide processes, protect and elevate them with token manipulation.
https://github.com/XaFF-XaFF/Cronos-Rootkit
@BlueRedTeam
Rootkit for Windows 10/11
Cronos is a Windows 10/11 x64 Ring 0 rootkit. Can hide processes, protect and elevate them with token manipulation.
https://github.com/XaFF-XaFF/Cronos-Rootkit
@BlueRedTeam
GitHub
GitHub - XaFF-XaFF/Cronos-Rootkit: Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate…
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation. - GitHub - XaFF-XaFF/Cronos-Rootkit: Cronos is Windows 10/11 x64 rin...
#CVE-2022
Container Excape PoC for CVE-2022-0847 \"DirtyPipe\"
https://github.com/DataDog/dirtypipe-container-breakout-poc
@BlueRedTeam
Container Excape PoC for CVE-2022-0847 \"DirtyPipe\"
https://github.com/DataDog/dirtypipe-container-breakout-poc
@BlueRedTeam
GitHub
GitHub - DataDog/dirtypipe-container-breakout-poc: Container Excape PoC for CVE-2022-0847 "DirtyPipe"
Container Excape PoC for CVE-2022-0847 "DirtyPipe" - GitHub - DataDog/dirtypipe-container-breakout-poc: Container Excape PoC for CVE-2022-0847 "DirtyPipe"
#Cobalt_Strike
Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
https://github.com/fox-it/dissect.cobaltstrike
@BlueRedTeam
Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
https://github.com/fox-it/dissect.cobaltstrike
@BlueRedTeam
GitHub
GitHub - fox-it/dissect.cobaltstrike: Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads…
Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles - fox-it/dissect.cobaltstrike
👍1
#Cobalt_Strike
Parses Cobalt Strike malleable C2 profiles.
https://github.com/brett-fitz/pyMalleableProfileParser
@BlueRedTeam
Parses Cobalt Strike malleable C2 profiles.
https://github.com/brett-fitz/pyMalleableProfileParser
@BlueRedTeam
GitHub
GitHub - brett-fitz/pyMalleableProfileParser: Parses Cobalt Strike malleable C2 profiles.
Parses Cobalt Strike malleable C2 profiles. Contribute to brett-fitz/pyMalleableProfileParser development by creating an account on GitHub.
#tools
#Blue_Team
A lightweight extension to automatically detect and provide verbose warnings for embedded iframe elements in order to protect against Browser-In-The-Browser (BITB) attacks
https://github.com/odacavo/enhanced-iframe-protection
@BlueRedTeam
#Blue_Team
A lightweight extension to automatically detect and provide verbose warnings for embedded iframe elements in order to protect against Browser-In-The-Browser (BITB) attacks
https://github.com/odacavo/enhanced-iframe-protection
@BlueRedTeam
GitHub
GitHub - MalwareCube/enhanced-iframe-protection: A lightweight extension to automatically detect and provide verbose warnings for…
A lightweight extension to automatically detect and provide verbose warnings for embedded iframe elements in order to protect against Browser-In-The-Browser (BITB) attacks. - MalwareCube/enhanced-i...
#Red_Team
1. Circumventing Browser Security Mechanisms For SSRF
https://github.com/httpvoid/writeups/blob/main/Circumventing-Browser-Security-Mechanisms-For-SSRF.md
2. GitLab Arbitrary file read via the bulk imports UploadsPipeline
https://hackerone.com/reports/1439593
@BlueRedTeam
1. Circumventing Browser Security Mechanisms For SSRF
https://github.com/httpvoid/writeups/blob/main/Circumventing-Browser-Security-Mechanisms-For-SSRF.md
2. GitLab Arbitrary file read via the bulk imports UploadsPipeline
https://hackerone.com/reports/1439593
@BlueRedTeam
GitHub
writeups/Circumventing-Browser-Security-Mechanisms-For-SSRF.md at main · httpvoid/writeups
Contribute to httpvoid/writeups development by creating an account on GitHub.
#exploit
CVE-2022-23121:
RCE on Western Digital PR4100 NAS
https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121
@BlueRedTeam
CVE-2022-23121:
RCE on Western Digital PR4100 NAS
https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121
@BlueRedTeam
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
#Cobalt_Strike
#Purple_Team
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
https://github.com/TH3xACE/EDR-Test
@BlueRedTeam
#Purple_Team
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
https://github.com/TH3xACE/EDR-Test
@BlueRedTeam
GitHub
GitHub - TH3xACE/EDR-Test: Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team]. - GitHub - TH3xACE/EDR-Test: Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple ...
#Blue_Team
Powershell Script to aid Incidence Response and Live Forensics
https://github.com/Johnng007/Live-Forensicator#dependencies
@BlueRedTeam
Powershell Script to aid Incidence Response and Live Forensics
https://github.com/Johnng007/Live-Forensicator#dependencies
@BlueRedTeam
GitHub
GitHub - Johnng007/Live-Forensicator: A suite of Tools to aid Incidence Response and Live Forensics for - Windows (Powershell)…
A suite of Tools to aid Incidence Response and Live Forensics for - Windows (Powershell) | Linux (Bash) | MacOS (Shell) - GitHub - Johnng007/Live-Forensicator: A suite of Tools to aid Incidence Re...
#Cobalt_Strike
Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
https://github.com/fox-it/cobaltstrike-beacon-data
@BlueRedTeam
Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
https://github.com/fox-it/cobaltstrike-beacon-data
@BlueRedTeam
GitHub
GitHub - fox-it/cobaltstrike-beacon-data: Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
Open Dataset of Cobalt Strike Beacon metadata (2018-2022) - fox-it/cobaltstrike-beacon-data