#Blue_Team
1. Detecting Rogue RDP
https://blog.thickmints.dev/mintsights/detecting-rogue-rdp
2. Debugging the undebuggable and finding a CVE in MS Defender for Endpoint
https://medium.com/falconforce/debugging-the-undebuggable-and-finding-a-cve-in-microsoft-defender-for-endpoint-ce36f50bb31
@BlueRedTeam
1. Detecting Rogue RDP
https://blog.thickmints.dev/mintsights/detecting-rogue-rdp
2. Debugging the undebuggable and finding a CVE in MS Defender for Endpoint
https://medium.com/falconforce/debugging-the-undebuggable-and-finding-a-cve-in-microsoft-defender-for-endpoint-ce36f50bb31
@BlueRedTeam
#Red_Team
A testing Red Team Infrastructure created with Docker
https://github.com/DFlavian/Red-Team-Infrastructure
@BlueRedTeam
A testing Red Team Infrastructure created with Docker
https://github.com/DFlavian/Red-Team-Infrastructure
@BlueRedTeam
GitHub
GitHub - DFlavian/Red-Team-Infrastructure: A testing Red Team Infrastructure created with Docker
A testing Red Team Infrastructure created with Docker - DFlavian/Red-Team-Infrastructure
#Red_Team
Repositorio donde subiré herramientas que he ido desarrollando en mi Tercero de Carrera orientadas sobre todo para utilizarlas en un posible ejercicio de Red Team.
https://github.com/Hexix23/RedTeamTools
@BlueRedTeam
Repositorio donde subiré herramientas que he ido desarrollando en mi Tercero de Carrera orientadas sobre todo para utilizarlas en un posible ejercicio de Red Team.
https://github.com/Hexix23/RedTeamTools
@BlueRedTeam
GitHub
GitHub - Hexix23/RedTeamTools: Repository where I will be uploading tools that I have been developing during the degree, oriented…
Repository where I will be uploading tools that I have been developing during the degree, oriented above all, to be used during a Red Team exercise, CTFs, etc. - GitHub - Hexix23/RedTeamTools: Repo...
#CVE-2022
Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965
https://github.com/me2nuk/CVE-2022-22965
@BlueRedTeam
Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965
https://github.com/me2nuk/CVE-2022-22965
@BlueRedTeam
GitHub
GitHub - me2nuk/CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965
Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965 - me2nuk/CVE-2022-22965
#Red_Team
Combining techniques to defeat Windows Defender and default Applocker rules
https://kymb0.github.io/malwaredev-bypass-av-xml
@BlueRedTeam
Combining techniques to defeat Windows Defender and default Applocker rules
https://kymb0.github.io/malwaredev-bypass-av-xml
@BlueRedTeam
kymBlog
Combining techniques to defeat Windows Defender and default Applocker rules
Using techniques taught in Sektor7’s RED TEAM Operator: Malware Development Essentials
#CVE-2022
Nmap Spring4Shell NSE noscript for Spring Boot RCE (CVE-2022-22965)
https://github.com/gpiechnik2/nmap-spring4shell
@BlueRedTeam
Nmap Spring4Shell NSE noscript for Spring Boot RCE (CVE-2022-22965)
https://github.com/gpiechnik2/nmap-spring4shell
@BlueRedTeam
GitHub
GitHub - gpiechnik2/nmap-spring4shell: Nmap Spring4Shell NSE noscript for Spring Boot RCE (CVE-2022-22965)
Nmap Spring4Shell NSE noscript for Spring Boot RCE (CVE-2022-22965) - GitHub - gpiechnik2/nmap-spring4shell: Nmap Spring4Shell NSE noscript for Spring Boot RCE (CVE-2022-22965)
#CVE-2022
PowerShell port of CVE-2022-22965 vulnerability check by colincowie.
https://github.com/daniel0x00/Invoke-CVE-2022-22965-SafeCheck
@BlueRedTeam
PowerShell port of CVE-2022-22965 vulnerability check by colincowie.
https://github.com/daniel0x00/Invoke-CVE-2022-22965-SafeCheck
@BlueRedTeam
GitHub
GitHub - daniel0x00/Invoke-CVE-2022-22965-SafeCheck: PowerShell port of CVE-2022-22965 vulnerability check by colincowie.
PowerShell port of CVE-2022-22965 vulnerability check by colincowie. - daniel0x00/Invoke-CVE-2022-22965-SafeCheck
#CVE-2022
Vulnerability scanner for Spring4Shell (CVE-2022-22965)
https://github.com/fracturelabs/go-scan-spring
@BlueRedTeam
Vulnerability scanner for Spring4Shell (CVE-2022-22965)
https://github.com/fracturelabs/go-scan-spring
@BlueRedTeam
GitHub
GitHub - fracturelabs/go-scan-spring: Vulnerability scanner for Spring4Shell (CVE-2022-22965)
Vulnerability scanner for Spring4Shell (CVE-2022-22965) - fracturelabs/go-scan-spring
#Red_Team
Log Poisoning - Inject payloads in logs
https://infosecwriteups.com/log-poisoning-inject-payloads-in-logs-e7f1fa338f2f
@BlueRedTeam
Log Poisoning - Inject payloads in logs
https://infosecwriteups.com/log-poisoning-inject-payloads-in-logs-e7f1fa338f2f
@BlueRedTeam
Medium
Log Poisoning — Inject payloads in logs
Logs… These are the files, in which all the activities on a server are stored. These are used for monitoring, troubleshooting, fixing bugs…
#Red_Team
Process Injection via Component Object Model (COM) IRundown::DoCallback()
https://www.mdsec.co.uk/2022/04/process-injection-via-component-object-model-com-irundowndocallback
@BlueRedTeam
Process Injection via Component Object Model (COM) IRundown::DoCallback()
https://www.mdsec.co.uk/2022/04/process-injection-via-component-object-model-com-irundowndocallback
@BlueRedTeam
MDSec
Process Injection via Component Object Model (COM) IRundown::DoCallback() - MDSec
Introduction The MDSec red team are continually performing research in to new and innovative techniques for code injection enabling us to integrate them in to tools used for our red...
👍1
#Red_Team
Counter Terrorism Unit and Red Team for United States of America and Alliijng Countries for Foreign Embargos.
https://github.com/capaomega/Reticulating-Documenting-Splines
@BlueRedTeam
Counter Terrorism Unit and Red Team for United States of America and Alliijng Countries for Foreign Embargos.
https://github.com/capaomega/Reticulating-Documenting-Splines
@BlueRedTeam
GitHub
capaomega/Reticulating-Documenting-Splines
Counter Terrorism Unit and Red Team for United States of America and Alliijng Countries for Foreign Embargos. - capaomega/Reticulating-Documenting-Splines
#CVE-2022
Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
https://github.com/alt3kx/CVE-2022-22965
@BlueRedTeam
Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
https://github.com/alt3kx/CVE-2022-22965
@BlueRedTeam
GitHub
GitHub - alt3kx/CVE-2022-22965: Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive) - alt3kx/CVE-2022-22965
#exploit
CVE-2022-25372:
Local Privilege Escalation in Pritunl VPN Client
https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client
@BlueRedTeam
CVE-2022-25372:
Local Privilege Escalation in Pritunl VPN Client
https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client
@BlueRedTeam
Rhino Security Labs
CVE-2022-25372: Local Privilege Escalation in Pritunl VPN Client
The Pritunl VPN Client service is vulnerable to an arbitrary file write as SYSTEM on Windows.
#Blue_Team
1. Detecting malicious artifacts using an ETW consumer in kernel mode
https://www.countercraftsec.com/blog/post/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode
2. A curated checklist of 300+ tips for protecting digital security and privacy
https://github.com/Lissy93/personal-security-checklist
@BlueRedTeam
1. Detecting malicious artifacts using an ETW consumer in kernel mode
https://www.countercraftsec.com/blog/post/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode
2. A curated checklist of 300+ tips for protecting digital security and privacy
https://github.com/Lissy93/personal-security-checklist
@BlueRedTeam
CounterCraft
Detecting Malicious Artifacts Using an ETW Consumer in Kernel Mode
Post-exploitation tooling is becoming increasingly sophisticated and often evades detection by EDRs, meaning sometimes we will not be able to detect when an attacker is able to load his code into memory. Here's a way to detect artifacts that are already loaded…