#CVE-2022
WSOB is a python created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.
https://github.com/oppsec/WSOB
@BlueRedTeam
WSOB is a python created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.
https://github.com/oppsec/WSOB
@BlueRedTeam
GitHub
GitHub - 000pp/WSOB: 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. - 000pp/WSOB
#Red_Team
+ Moodle Stored XSS and blind SSRF possible via feedback answer text
https://r0.haxors.org/posts?id=20
+ Privilege Escalation to SYSTEM in AWS VPN Client (CVE-2022-25165)
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client
@BlueRedTeam
+ Moodle Stored XSS and blind SSRF possible via feedback answer text
https://r0.haxors.org/posts?id=20
+ Privilege Escalation to SYSTEM in AWS VPN Client (CVE-2022-25165)
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client
@BlueRedTeam
Rhino Security Labs
CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client
The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation.
#EmergencyResponse
This project integrates the excellent offensive and defensive tool projects of the whole network, including automatic utilization, subdomain, sensitive directory, port and other scanning, major middleware, cms vulnerability exploitation tools and emergency response materials.
https://github.com/guchangan1/-
@BlueRedTeam
This project integrates the excellent offensive and defensive tool projects of the whole network, including automatic utilization, subdomain, sensitive directory, port and other scanning, major middleware, cms vulnerability exploitation tools and emergency response materials.
https://github.com/guchangan1/-
@BlueRedTeam
GitHub
GitHub - guchangan1/All-Defense-Tool: 本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。 - GitHub - guchangan1/All-Defense-Tool: 本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具...
👍3👎1
#Red_Team
+ Bypassing PESieve and Moneta (The "easy" way....?)
https://www.arashparsa.com/bypassing-pesieve-and-moneta-the-easiest-way-i-could-find
+ Bypass the Docker Firewall by Abusing REST API
https://tbhaxor.com/bypass-the-docker-firewall-by-abusing-rest-api
@BlueRedTeam
+ Bypassing PESieve and Moneta (The "easy" way....?)
https://www.arashparsa.com/bypassing-pesieve-and-moneta-the-easiest-way-i-could-find
+ Bypass the Docker Firewall by Abusing REST API
https://tbhaxor.com/bypass-the-docker-firewall-by-abusing-rest-api
@BlueRedTeam
Arash's Blog
Bypassing PESieve and Moneta (The "easy" way....?)
Table of Contents
1. Introduction
2. Moneta and the first IOC
3. Moneta and the final IOC
4. The PeSieve Bypass
5. Conclusion
TLDR; POC is here: https://github.com/waldo-irc/YouMayPasser/. Usage isn't
super straight forward but I'd rather it wasn't.…
1. Introduction
2. Moneta and the first IOC
3. Moneta and the final IOC
4. The PeSieve Bypass
5. Conclusion
TLDR; POC is here: https://github.com/waldo-irc/YouMayPasser/. Usage isn't
super straight forward but I'd rather it wasn't.…
#tools
#Blue_Team
Determine whether a given video sequence has been manipulated or synthetically generated
https://github.com/chinmaynehate/DFSpot-Deepfake-Recognition
@BlueRedTeam
#Blue_Team
Determine whether a given video sequence has been manipulated or synthetically generated
https://github.com/chinmaynehate/DFSpot-Deepfake-Recognition
@BlueRedTeam
GitHub
GitHub - chinmaynehate/DFSpot-Deepfake-Recognition: Determine whether a given video sequence has been manipulated or synthetically…
Determine whether a given video sequence has been manipulated or synthetically generated - chinmaynehate/DFSpot-Deepfake-Recognition
#Red_Team
Method for extracting credentials in Windows
Can't retrieve credentials via DPAPI or Mimikatz? Don't worry, Microsoft has taken care of you. Just use
to retrieve all stored passwords on a host, be it the target server, FTP, or Chrome passwords, Microsoft has you covered.
@BlueRedTeam
Method for extracting credentials in Windows
Can't retrieve credentials via DPAPI or Mimikatz? Don't worry, Microsoft has taken care of you. Just use
rundll32 keymgr.dll, KRShowKeyMgrto retrieve all stored passwords on a host, be it the target server, FTP, or Chrome passwords, Microsoft has you covered.
@BlueRedTeam
#tools
#Blue_Team
Tool and library to check cryptographic public keys for known vulnerabilities
https://github.com/badkeys/badkeys
@BlueRedTeam
#Blue_Team
Tool and library to check cryptographic public keys for known vulnerabilities
https://github.com/badkeys/badkeys
@BlueRedTeam
GitHub
GitHub - badkeys/badkeys: Tool to find common vulnerabilities in cryptographic public keys
Tool to find common vulnerabilities in cryptographic public keys - badkeys/badkeys
#Red_Team
This is a project based on a Red Team - Blue Team Exercise
https://github.com/skyeskyeskye/Project-2
@BlueRedTeam
This is a project based on a Red Team - Blue Team Exercise
https://github.com/skyeskyeskye/Project-2
@BlueRedTeam
GitHub
GitHub - skyeskyeskye/Project-2: This is a project based on a Red Team - Blue Team Exercise
This is a project based on a Red Team - Blue Team Exercise - GitHub - skyeskyeskye/Project-2: This is a project based on a Red Team - Blue Team Exercise
#Offensive
Engineering antivirus evasion
Part 1:
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion
]-> C/C++ source obfuscator for antivirus bypass:
https://github.com/scrt/avcleaner
Part 2:
C/C++ source obfuscator for antivirus bypass
https://blog.scrt.ch/2020/07/15/engineering-antivirus-evasion-part-ii
]-> PoC: https://github.com/scrt/avcleaner
Part 3:
https://blog.scrt.ch/2022/04/19/3432
@BlueRedTeam
Engineering antivirus evasion
Part 1:
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion
]-> C/C++ source obfuscator for antivirus bypass:
https://github.com/scrt/avcleaner
Part 2:
C/C++ source obfuscator for antivirus bypass
https://blog.scrt.ch/2020/07/15/engineering-antivirus-evasion-part-ii
]-> PoC: https://github.com/scrt/avcleaner
Part 3:
https://blog.scrt.ch/2022/04/19/3432
@BlueRedTeam
GitHub
GitHub - scrt/avcleaner: C/C++ source obfuscator for antivirus bypass
C/C++ source obfuscator for antivirus bypass. Contribute to scrt/avcleaner development by creating an account on GitHub.
#exploit
+ CVE-2021-26887:
Group Policy Folder Redirection
https://decoder.cloud/2022/04/27/group-policy-folder-redirection-cve-2021-26887
+ kernel r/w exploit for iOS 15.0 - 15.1.1
https://github.com/potmdehex/multicast_bytecopy
@BlueRedTeam
+ CVE-2021-26887:
Group Policy Folder Redirection
https://decoder.cloud/2022/04/27/group-policy-folder-redirection-cve-2021-26887
+ kernel r/w exploit for iOS 15.0 - 15.1.1
https://github.com/potmdehex/multicast_bytecopy
@BlueRedTeam
Decoder's Blog
Group Policy Folder Redirection CVE-2021-26887
Two years ago (march 2020), I found this sort of “vulnerability” in Folder Redirection policy and reported it to MSRC. They acknowledged it with CVE-2021-26887 even if they did not real…
#Red_Team
Bypassing EDR real-time injection detection logic
https://blog.redbluepurple.io/offensive-research/bypassing-injection-detection
@BlueRedTeam
Bypassing EDR real-time injection detection logic
https://blog.redbluepurple.io/offensive-research/bypassing-injection-detection
@BlueRedTeam
#Cobalt_Strike
A work in progress of constructing a minimal http(s) beacon for Cobalt Strike.
https://github.com/SecIdiot/minbeacon
@BlueRedTeam
A work in progress of constructing a minimal http(s) beacon for Cobalt Strike.
https://github.com/SecIdiot/minbeacon
@BlueRedTeam
#Red_Team
This is a project based on a Red Team - Blue Team Exercise
https://github.com/NetSPI/ESC
@BlueRedTeam
This is a project based on a Red Team - Blue Team Exercise
https://github.com/NetSPI/ESC
@BlueRedTeam
GitHub
GitHub - NetSPI/ESC: Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access…
Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it w...