#CVE-2022
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
https://github.com/twseptian/cve-2022-22947
@BlueRedTeam
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
https://github.com/twseptian/cve-2022-22947
@BlueRedTeam
GitHub
GitHub - twseptian/cve-2022-22947: Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947) - twseptian/cve-2022-22947
#CVE-2022
spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963
https://github.com/hktalent/spring-spel-0day-poc
@BlueRedTeam
spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963
https://github.com/hktalent/spring-spel-0day-poc
@BlueRedTeam
GitHub
GitHub - hktalent/spring-spel-0day-poc: spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day…
spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963 - hktalent/spring-spel-0day-poc
#exploit
+ CVE-2022-28345:
Signal client for iOS < 5.33.2 are vulnerable to RTLO Injection URI Spoofing using malicious URLs
https://sick.codes/sick-2022-42
+ CVE-2021-1782:
an iOS in-the-wild vulnerability in vouchers
https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html
@BlueRedTeam
+ CVE-2022-28345:
Signal client for iOS < 5.33.2 are vulnerable to RTLO Injection URI Spoofing using malicious URLs
https://sick.codes/sick-2022-42
+ CVE-2021-1782:
an iOS in-the-wild vulnerability in vouchers
https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html
@BlueRedTeam
Sick.Codes
CVE-2022-28345 – Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs…
Title CVE-2022-28345 – Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg CVE ID CVE-2022-28345 CVSS Score…
#CVE-2022
CVE-2022-22954 VMware Workspace ONE Access free marker SSTI
https://github.com/MLX15/CVE-2022-22954
@BlueRedTeam
CVE-2022-22954 VMware Workspace ONE Access free marker SSTI
https://github.com/MLX15/CVE-2022-22954
@BlueRedTeam
GitHub
GitHub - MLX15/CVE-2022-22954: CVE-2022-22954 VMware Workspace ONE Access free marker SSTI
CVE-2022-22954 VMware Workspace ONE Access free marker SSTI - MLX15/CVE-2022-22954
Exploiting a double-edged SSRF for server and client-side impact
https://www.yassineaboukir.com/blog/exploiting-a-double-edged-SSRF-for-server-and-client-side-impact
@BlueRedTeam
https://www.yassineaboukir.com/blog/exploiting-a-double-edged-SSRF-for-server-and-client-side-impact
@BlueRedTeam
Yassine Aboukir
Exploiting a double-edged SSRF for server and client-side impact
Just like a knife with two cutting edges, this is a story of a double-edged Server-Side Request Forgery (SSRF) vulnerability which was successfully exploited to achieve and demonstrate both server and client-side security impact which is not very common to…
#Red_Team
Red Teaming Toolkit
A collection of open source and commercial tools that aid in red team operations. This post will help you during red team engagement.
Contents
— Reconnaissance
— Weaponization
— Delivery
— Command and Control
— Lateral Movement
— Establish Foothold
— Escalate Privileges
— Data Exfiltration
— Misc
— References
https://renatoborbolla.medium.com/red-teaming-adversary-simulation-toolkit-da89b20cb5ea
@BlueRedTeam
Red Teaming Toolkit
A collection of open source and commercial tools that aid in red team operations. This post will help you during red team engagement.
Contents
— Reconnaissance
— Weaponization
— Delivery
— Command and Control
— Lateral Movement
— Establish Foothold
— Escalate Privileges
— Data Exfiltration
— Misc
— References
https://renatoborbolla.medium.com/red-teaming-adversary-simulation-toolkit-da89b20cb5ea
@BlueRedTeam
Medium
Red Teaming/Adversary Simulation Toolkit
Organizations are having a hard time detecting new tactics and techniques employed by cyber criminals looking to breach their defenses…
#exploit
+ CVE-2022-26809:
Weakness in a core Windows 7/10/Server2019/2022 component (RPC)
https://github.com/XmasSnow/CVE-2022-26809-RCE
+ CVE-2022-29072:
7-Zip <21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area (0-day)
https://github.com/kagancapar/CVE-2022-29072
@BlueRedTeam
+ CVE-2022-26809:
Weakness in a core Windows 7/10/Server2019/2022 component (RPC)
https://github.com/XmasSnow/CVE-2022-26809-RCE
+ CVE-2022-29072:
7-Zip <21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area (0-day)
https://github.com/kagancapar/CVE-2022-29072
@BlueRedTeam
#Red_Team
Process Doppelganging (Mitre: T1055.013)
https://www.hackingarticles.in/process-doppelganging-mitret1055-013
@BlueRedTeam
Process Doppelganging (Mitre: T1055.013)
https://www.hackingarticles.in/process-doppelganging-mitret1055-013
@BlueRedTeam
Hacking Articles
Process Doppelganging (Mitre:T1055.013)
Explore Process Doppelganging, a defense evasion technique using NTFS transactions. Learn how it works, its demonstration, and drawbacks.
#PTH
OverPass-the-Hash in 1C Enterprise
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"
Bonus:
If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
@BlueRedTeam
OverPass-the-Hash in 1C Enterprise
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"
Bonus:
If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
@BlueRedTeam
GitHub
1C-Exploit-Kit/1C-Shell at master · starev-org/1C-Exploit-Kit
1C Exploit Kit. Contribute to starev-org/1C-Exploit-Kit development by creating an account on GitHub.
#tools
+ Flutter Reverse Engineering Framework
https://github.com/Impact-I/reFlutter
+ Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers
https://github.com/firefart/stunner
@BlueRedTeam
+ Flutter Reverse Engineering Framework
https://github.com/Impact-I/reFlutter
+ Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers
https://github.com/firefart/stunner
@BlueRedTeam
GitHub
GitHub - Impact-I/reFlutter: Flutter Reverse Engineering Framework
Flutter Reverse Engineering Framework. Contribute to Impact-I/reFlutter development by creating an account on GitHub.
#exploit
Use-After-Free Exploit
in HackSysExtremeVulnerableDriver
https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
@BlueRedTeam
Use-After-Free Exploit
in HackSysExtremeVulnerableDriver
https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
@BlueRedTeam
#Red_Team
FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
https://github.com/pwn1sher/frostbyte
@BlueRedTeam
FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
https://github.com/pwn1sher/frostbyte
@BlueRedTeam
GitHub
GitHub - pwn1sher/frostbyte: FrostByte is a POC project that combines different defense evasion techniques to build better redteam…
FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads - pwn1sher/frostbyte
#Red_Team
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
https://github.com/Mr-xn/RedTeam_BlueTeam_HW
@BlueRedTeam
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
https://github.com/Mr-xn/RedTeam_BlueTeam_HW
@BlueRedTeam
GitHub
GitHub - Mr-xn/RedTeam_BlueTeam_HW: 红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具. Contribute to Mr-xn/RedTeam_BlueTeam_HW development by creating an account on GitHub.
#Red_Team
Windows Red Team Cheat Sheet
https://reconshell.com/windows-red-team-cheat-sheet/
@BlueRedTeam
Windows Red Team Cheat Sheet
https://reconshell.com/windows-red-team-cheat-sheet/
@BlueRedTeam
🔥7🥰2👍1
#Blue_Team
Microsoft Windows 10/11/server 2016 and above recommended block rules
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
@BlueRedTeam
Microsoft Windows 10/11/server 2016 and above recommended block rules
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
@BlueRedTeam
Docs
Applications that can bypass App Control and how to block them
View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.