#Blue_Team
Scheduled Task Tampering
https://labs.f-secure.com/blog/scheduled-task-tampering
@BlueRedTeam
Scheduled Task Tampering
https://labs.f-secure.com/blog/scheduled-task-tampering
@BlueRedTeam
#exploit
+ CVE-2022-1388:
BIG-IP F5 iControl REST vulnerability
https://github.com/numanturle/CVE-2022-1388
+ CVE-2022-1040:
Auth bypass and RCE in webmin portal of Sophos Firewall
https://github.com/cve-hunter/CVE-2022-1040-sophos-rce
@BlueRedTeam
+ CVE-2022-1388:
BIG-IP F5 iControl REST vulnerability
https://github.com/numanturle/CVE-2022-1388
+ CVE-2022-1040:
Auth bypass and RCE in webmin portal of Sophos Firewall
https://github.com/cve-hunter/CVE-2022-1040-sophos-rce
@BlueRedTeam
GitHub
GitHub - numanturle/CVE-2022-1388: K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388
K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388 - numanturle/CVE-2022-1388
#exploit
Hacking a Bank by Finding a 0day in DotCMS
https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce
@BlueRedTeam
Hacking a Bank by Finding a 0day in DotCMS
https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce
@BlueRedTeam
#tools
#Red_Team
+ AD CS: weaponizing the ESC7 attack
https://www.tarlogic.com/blog/ad-cs-esc7-attack
+ An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav)
https://github.com/med0x2e/NTLMRelay2Self
+ Tools for performing attacks on EIGRP domains
https://github.com/necreas1ng/EIGRPWN
@BlueRedTeam
#Red_Team
+ AD CS: weaponizing the ESC7 attack
https://www.tarlogic.com/blog/ad-cs-esc7-attack
+ An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav)
https://github.com/med0x2e/NTLMRelay2Self
+ Tools for performing attacks on EIGRP domains
https://github.com/necreas1ng/EIGRPWN
@BlueRedTeam
Tarlogic Security
AD CS: weaponizing the ESC7 attack
Research and tooling development around the ESC7 attack at Active Directory Certificate Services (AD CS) for Red Team operations
MDE_under_hood.pdf
3 MB
#Blue_Team
"Windows Defender for Endpoint:
Lifting the veil, a look at MDE under the hood"
@BlueRedTeam
"Windows Defender for Endpoint:
Lifting the veil, a look at MDE under the hood"
@BlueRedTeam
Google releases monthly security patches for Android with fixes for 37 vulnerabilities in various components, including a fix for an actively exploited vulnerability in the Linux kernel.
Details: https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html
Details: https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html
#CVE-2022-28776
Any App Can Install Any App In The Galaxy App Store
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
@BlueRedTeam
Any App Can Install Any App In The Galaxy App Store
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
@BlueRedTeam
#webshell
Making webshell and terminal supports trzsz ( trz / tsz ), which similar to rz / sz, and compatible with tmux.
https://github.com/trzsz/trzsz.js
@BlueRedTeam
Making webshell and terminal supports trzsz ( trz / tsz ), which similar to rz / sz, and compatible with tmux.
https://github.com/trzsz/trzsz.js
@BlueRedTeam
GitHub
GitHub - trzsz/trzsz.js: trzsz.js is the js version of trzsz, makes terminal built with electron and webshell to support trzsz…
trzsz.js is the js version of trzsz, makes terminal built with electron and webshell to support trzsz ( trz / tsz ). - trzsz/trzsz.js
#Red_Team
For this project, I worked on a Red Team vs. Blue Team scenario in which I played the role of both pentester and SOC analyst.
https://github.com/Jtullis316/Red-Team-vs-Blue-Team
@BlueRedTeam
For this project, I worked on a Red Team vs. Blue Team scenario in which I played the role of both pentester and SOC analyst.
https://github.com/Jtullis316/Red-Team-vs-Blue-Team
@BlueRedTeam
GitHub
GitHub - Jtullis316/Red-Team-vs-Blue-Team: I worked on a Red Team vs. Blue Team scenario in which I played the role of both penetration…
I worked on a Red Team vs. Blue Team scenario in which I played the role of both penetration tester and SOC analyst. - Jtullis316/Red-Team-vs-Blue-Team
❤1👍1
#tools
#Red_Team
MalSCCM - tool allows you to abuse local/remote SCCM servers to deploy malicious applications to hosts they manage
https://github.com/nettitude/MalSCCM
]-> https://labs.nettitude.com/blog/introducing-malsccm
@BlueRedTeam
#Red_Team
MalSCCM - tool allows you to abuse local/remote SCCM servers to deploy malicious applications to hosts they manage
https://github.com/nettitude/MalSCCM
]-> https://labs.nettitude.com/blog/introducing-malsccm
@BlueRedTeam
GitHub
GitHub - nettitude/MalSCCM
Contribute to nettitude/MalSCCM development by creating an account on GitHub.
Scheduled Task Tampering
In this post we will explore two approaches that can be used to achieve the same result: create or modify a scheduled task and execute it, without generating the relevant telemetry. First, we will explore how direct registry manipulation could be used to create or modify tasks and how this did not generate the usual entries in the eventlog. Finally, an alternative route based on tampering with the Task Scheduler ETW will be presented that will completely suppress most of logging related to the Task Scheduler.
https://labs.f-secure.com/blog/scheduled-task-tampering/
@BlueRedTeam
In this post we will explore two approaches that can be used to achieve the same result: create or modify a scheduled task and execute it, without generating the relevant telemetry. First, we will explore how direct registry manipulation could be used to create or modify tasks and how this did not generate the usual entries in the eventlog. Finally, an alternative route based on tampering with the Task Scheduler ETW will be presented that will completely suppress most of logging related to the Task Scheduler.
https://labs.f-secure.com/blog/scheduled-task-tampering/
@BlueRedTeam
#CVE-2022
PoC for CVE-2022-1388_F5_BIG-IP
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
@BlueRedTeam
PoC for CVE-2022-1388_F5_BIG-IP
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
@BlueRedTeam
GitHub
GitHub - sherlocksecurity/CVE-2022-1388-Exploit-POC: PoC for CVE-2022-1388_F5_BIG-IP
PoC for CVE-2022-1388_F5_BIG-IP. Contribute to sherlocksecurity/CVE-2022-1388-Exploit-POC development by creating an account on GitHub.
👍1
#CVE-2022
K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388
https://github.com/numanturle/CVE-2022-1388
@BlueRedTeam
K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388
https://github.com/numanturle/CVE-2022-1388
@BlueRedTeam
GitHub
GitHub - numanturle/CVE-2022-1388: K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388
K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388 - numanturle/CVE-2022-1388
👍1
#CVE-2022
PoC for CVE-2022-1388_F5_BIG-IP
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP_RCE
@BlueRedTeam
PoC for CVE-2022-1388_F5_BIG-IP
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP_RCE
@BlueRedTeam
GitHub
GitHub - sherlocksecurity/CVE-2022-1388-Exploit-POC: PoC for CVE-2022-1388_F5_BIG-IP
PoC for CVE-2022-1388_F5_BIG-IP. Contribute to sherlocksecurity/CVE-2022-1388-Exploit-POC development by creating an account on GitHub.