Exploiting a double-edged SSRF for server and client-side impact
https://www.yassineaboukir.com/blog/exploiting-a-double-edged-SSRF-for-server-and-client-side-impact
@BlueRedTeam
https://www.yassineaboukir.com/blog/exploiting-a-double-edged-SSRF-for-server-and-client-side-impact
@BlueRedTeam
Yassine Aboukir
Exploiting a double-edged SSRF for server and client-side impact
Just like a knife with two cutting edges, this is a story of a double-edged Server-Side Request Forgery (SSRF) vulnerability which was successfully exploited to achieve and demonstrate both server and client-side security impact which is not very common to…
#Red_Team
Red Teaming Toolkit
A collection of open source and commercial tools that aid in red team operations. This post will help you during red team engagement.
Contents
— Reconnaissance
— Weaponization
— Delivery
— Command and Control
— Lateral Movement
— Establish Foothold
— Escalate Privileges
— Data Exfiltration
— Misc
— References
https://renatoborbolla.medium.com/red-teaming-adversary-simulation-toolkit-da89b20cb5ea
@BlueRedTeam
Red Teaming Toolkit
A collection of open source and commercial tools that aid in red team operations. This post will help you during red team engagement.
Contents
— Reconnaissance
— Weaponization
— Delivery
— Command and Control
— Lateral Movement
— Establish Foothold
— Escalate Privileges
— Data Exfiltration
— Misc
— References
https://renatoborbolla.medium.com/red-teaming-adversary-simulation-toolkit-da89b20cb5ea
@BlueRedTeam
Medium
Red Teaming/Adversary Simulation Toolkit
Organizations are having a hard time detecting new tactics and techniques employed by cyber criminals looking to breach their defenses…
#exploit
+ CVE-2022-26809:
Weakness in a core Windows 7/10/Server2019/2022 component (RPC)
https://github.com/XmasSnow/CVE-2022-26809-RCE
+ CVE-2022-29072:
7-Zip <21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area (0-day)
https://github.com/kagancapar/CVE-2022-29072
@BlueRedTeam
+ CVE-2022-26809:
Weakness in a core Windows 7/10/Server2019/2022 component (RPC)
https://github.com/XmasSnow/CVE-2022-26809-RCE
+ CVE-2022-29072:
7-Zip <21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area (0-day)
https://github.com/kagancapar/CVE-2022-29072
@BlueRedTeam
#Red_Team
Process Doppelganging (Mitre: T1055.013)
https://www.hackingarticles.in/process-doppelganging-mitret1055-013
@BlueRedTeam
Process Doppelganging (Mitre: T1055.013)
https://www.hackingarticles.in/process-doppelganging-mitret1055-013
@BlueRedTeam
Hacking Articles
Process Doppelganging (Mitre:T1055.013)
Explore Process Doppelganging, a defense evasion technique using NTFS transactions. Learn how it works, its demonstration, and drawbacks.
#PTH
OverPass-the-Hash in 1C Enterprise
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"
Bonus:
If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
@BlueRedTeam
OverPass-the-Hash in 1C Enterprise
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"
Bonus:
If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
@BlueRedTeam
GitHub
1C-Exploit-Kit/1C-Shell at master · starev-org/1C-Exploit-Kit
1C Exploit Kit. Contribute to starev-org/1C-Exploit-Kit development by creating an account on GitHub.
#tools
+ Flutter Reverse Engineering Framework
https://github.com/Impact-I/reFlutter
+ Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers
https://github.com/firefart/stunner
@BlueRedTeam
+ Flutter Reverse Engineering Framework
https://github.com/Impact-I/reFlutter
+ Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers
https://github.com/firefart/stunner
@BlueRedTeam
GitHub
GitHub - Impact-I/reFlutter: Flutter Reverse Engineering Framework
Flutter Reverse Engineering Framework. Contribute to Impact-I/reFlutter development by creating an account on GitHub.
#exploit
Use-After-Free Exploit
in HackSysExtremeVulnerableDriver
https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
@BlueRedTeam
Use-After-Free Exploit
in HackSysExtremeVulnerableDriver
https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
@BlueRedTeam
#Red_Team
FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
https://github.com/pwn1sher/frostbyte
@BlueRedTeam
FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
https://github.com/pwn1sher/frostbyte
@BlueRedTeam
GitHub
GitHub - pwn1sher/frostbyte: FrostByte is a POC project that combines different defense evasion techniques to build better redteam…
FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads - pwn1sher/frostbyte
#Red_Team
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
https://github.com/Mr-xn/RedTeam_BlueTeam_HW
@BlueRedTeam
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
https://github.com/Mr-xn/RedTeam_BlueTeam_HW
@BlueRedTeam
GitHub
GitHub - Mr-xn/RedTeam_BlueTeam_HW: 红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具. Contribute to Mr-xn/RedTeam_BlueTeam_HW development by creating an account on GitHub.
#Red_Team
Windows Red Team Cheat Sheet
https://reconshell.com/windows-red-team-cheat-sheet/
@BlueRedTeam
Windows Red Team Cheat Sheet
https://reconshell.com/windows-red-team-cheat-sheet/
@BlueRedTeam
🔥7🥰2👍1
#Blue_Team
Microsoft Windows 10/11/server 2016 and above recommended block rules
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
@BlueRedTeam
Microsoft Windows 10/11/server 2016 and above recommended block rules
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
@BlueRedTeam
Docs
Applications that can bypass App Control and how to block them
View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.
#Red_Team
1. In-Process Patchless AMSI Bypass
https://ethicalchaos.dev/2022/04/17/in-process-patchless-amsi-bypass
2. Analyzing Palo Alto Cortex XDR and finding ways to bypass it
https://mrd0x.com/cortex-xdr-analysis-and-bypass
@BlueRedTeam
1. In-Process Patchless AMSI Bypass
https://ethicalchaos.dev/2022/04/17/in-process-patchless-amsi-bypass
2. Analyzing Palo Alto Cortex XDR and finding ways to bypass it
https://mrd0x.com/cortex-xdr-analysis-and-bypass
@BlueRedTeam
Ethical Chaos
In-Process Patchless AMSI Bypass - Ethical Chaos
Some of you may remember my patchless AMSI bypass article and how it was used inside SharpBlock to bypass AMSI on the child process that SharpBlock spawns. This is all well a good when up against client environments that are not too sensitive to the fork…
#Red_Team
A Detailed Guide on HTML Smuggling
https://www.hackingarticles.in/a-detailed-guide-on-html-smuggling
@BlueRedTeam
A Detailed Guide on HTML Smuggling
https://www.hackingarticles.in/a-detailed-guide-on-html-smuggling
@BlueRedTeam
Hacking Articles
A Detailed Guide on HTML Smuggling
Learn how HTML Smuggling bypasses firewalls using JS blobs and payloads, with live noscripts, attack demos, and mitigation steps.