#CVE-2022-28776
Any App Can Install Any App In The Galaxy App Store
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
@BlueRedTeam
Any App Can Install Any App In The Galaxy App Store
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
@BlueRedTeam
#webshell
Making webshell and terminal supports trzsz ( trz / tsz ), which similar to rz / sz, and compatible with tmux.
https://github.com/trzsz/trzsz.js
@BlueRedTeam
Making webshell and terminal supports trzsz ( trz / tsz ), which similar to rz / sz, and compatible with tmux.
https://github.com/trzsz/trzsz.js
@BlueRedTeam
GitHub
GitHub - trzsz/trzsz.js: trzsz.js is the js version of trzsz, makes terminal built with electron and webshell to support trzsz…
trzsz.js is the js version of trzsz, makes terminal built with electron and webshell to support trzsz ( trz / tsz ). - trzsz/trzsz.js
#Red_Team
For this project, I worked on a Red Team vs. Blue Team scenario in which I played the role of both pentester and SOC analyst.
https://github.com/Jtullis316/Red-Team-vs-Blue-Team
@BlueRedTeam
For this project, I worked on a Red Team vs. Blue Team scenario in which I played the role of both pentester and SOC analyst.
https://github.com/Jtullis316/Red-Team-vs-Blue-Team
@BlueRedTeam
GitHub
GitHub - Jtullis316/Red-Team-vs-Blue-Team: I worked on a Red Team vs. Blue Team scenario in which I played the role of both penetration…
I worked on a Red Team vs. Blue Team scenario in which I played the role of both penetration tester and SOC analyst. - Jtullis316/Red-Team-vs-Blue-Team
❤1👍1
#tools
#Red_Team
MalSCCM - tool allows you to abuse local/remote SCCM servers to deploy malicious applications to hosts they manage
https://github.com/nettitude/MalSCCM
]-> https://labs.nettitude.com/blog/introducing-malsccm
@BlueRedTeam
#Red_Team
MalSCCM - tool allows you to abuse local/remote SCCM servers to deploy malicious applications to hosts they manage
https://github.com/nettitude/MalSCCM
]-> https://labs.nettitude.com/blog/introducing-malsccm
@BlueRedTeam
GitHub
GitHub - nettitude/MalSCCM
Contribute to nettitude/MalSCCM development by creating an account on GitHub.
Scheduled Task Tampering
In this post we will explore two approaches that can be used to achieve the same result: create or modify a scheduled task and execute it, without generating the relevant telemetry. First, we will explore how direct registry manipulation could be used to create or modify tasks and how this did not generate the usual entries in the eventlog. Finally, an alternative route based on tampering with the Task Scheduler ETW will be presented that will completely suppress most of logging related to the Task Scheduler.
https://labs.f-secure.com/blog/scheduled-task-tampering/
@BlueRedTeam
In this post we will explore two approaches that can be used to achieve the same result: create or modify a scheduled task and execute it, without generating the relevant telemetry. First, we will explore how direct registry manipulation could be used to create or modify tasks and how this did not generate the usual entries in the eventlog. Finally, an alternative route based on tampering with the Task Scheduler ETW will be presented that will completely suppress most of logging related to the Task Scheduler.
https://labs.f-secure.com/blog/scheduled-task-tampering/
@BlueRedTeam
#CVE-2022
PoC for CVE-2022-1388_F5_BIG-IP
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
@BlueRedTeam
PoC for CVE-2022-1388_F5_BIG-IP
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
@BlueRedTeam
GitHub
GitHub - sherlocksecurity/CVE-2022-1388-Exploit-POC: PoC for CVE-2022-1388_F5_BIG-IP
PoC for CVE-2022-1388_F5_BIG-IP. Contribute to sherlocksecurity/CVE-2022-1388-Exploit-POC development by creating an account on GitHub.
👍1
#CVE-2022
K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388
https://github.com/numanturle/CVE-2022-1388
@BlueRedTeam
K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388
https://github.com/numanturle/CVE-2022-1388
@BlueRedTeam
GitHub
GitHub - numanturle/CVE-2022-1388: K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388
K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388 - numanturle/CVE-2022-1388
👍1
#CVE-2022
PoC for CVE-2022-1388_F5_BIG-IP
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP_RCE
@BlueRedTeam
PoC for CVE-2022-1388_F5_BIG-IP
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP_RCE
@BlueRedTeam
GitHub
GitHub - sherlocksecurity/CVE-2022-1388-Exploit-POC: PoC for CVE-2022-1388_F5_BIG-IP
PoC for CVE-2022-1388_F5_BIG-IP. Contribute to sherlocksecurity/CVE-2022-1388-Exploit-POC development by creating an account on GitHub.
#CVE-2022
CVE-2022-1388 F5 Big IP unauth remote code execution
https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388
@BlueRedTeam
CVE-2022-1388 F5 Big IP unauth remote code execution
https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388
@BlueRedTeam
GitHub
GitHub - Vulnmachines/F5-Big-IP-CVE-2022-1388: CVE-2022-1388 F5 Big IP unauth remote code execution
CVE-2022-1388 F5 Big IP unauth remote code execution - Vulnmachines/F5-Big-IP-CVE-2022-1388
#Cobalt_Strike
pyCobaltHound is an Aggressor noscript extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.
https://github.com/NVISOsecurity/pyCobaltHound
@BlueRedTeam
pyCobaltHound is an Aggressor noscript extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.
https://github.com/NVISOsecurity/pyCobaltHound
@BlueRedTeam
GitHub
GitHub - NVISOsecurity/pyCobaltHound: pyCobaltHound is an Aggressor noscript extension for Cobalt Strike which aims to provide a…
pyCobaltHound is an Aggressor noscript extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound. - GitHub - NVISOsecurity/pyCobaltHound: pyCobaltHoun...
❤6
#Cobalt_Strike
ShellCode Loader for MSF and Cobalt Strike
https://github.com/LDrakura/ShellCodeLoader
@BlueRedTeam
ShellCode Loader for MSF and Cobalt Strike
https://github.com/LDrakura/ShellCodeLoader
@BlueRedTeam
GitHub
GitHub - LDrakura/ShellCodeLoader: ShellCode Loader for MSF and Cobalt Strike
ShellCode Loader for MSF and Cobalt Strike. Contribute to LDrakura/ShellCodeLoader development by creating an account on GitHub.
#CVE-2022
F5 BIG-IP RCE exploitation (CVE-2022-1388)
https://github.com/alt3kx/CVE-2022-1388_PoC
@BlueRedTeam
F5 BIG-IP RCE exploitation (CVE-2022-1388)
https://github.com/alt3kx/CVE-2022-1388_PoC
@BlueRedTeam
GitHub
GitHub - alt3kx/CVE-2022-1388_PoC: F5 BIG-IP RCE exploitation (CVE-2022-1388)
F5 BIG-IP RCE exploitation (CVE-2022-1388). Contribute to alt3kx/CVE-2022-1388_PoC development by creating an account on GitHub.
#CVE-2022
CVE-2022-26809 is a vulnerability in Remote Procedure Call Runtime
https://github.com/ExploitPwner/CVE-2022-26809-RCE-POC
@BlueRedTeam
CVE-2022-26809 is a vulnerability in Remote Procedure Call Runtime
https://github.com/ExploitPwner/CVE-2022-26809-RCE-POC
@BlueRedTeam
#Red_Team
+ Abusing HTTP hop-by-hop request headers
https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
+ A collection of GCP IAM privilege escalation methods
https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation
@BlueRedTeam
+ Abusing HTTP hop-by-hop request headers
https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
+ A collection of GCP IAM privilege escalation methods
https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation
@BlueRedTeam
GitHub
GitHub - RhinoSecurityLabs/GCP-IAM-Privilege-Escalation: A collection of GCP IAM privilege escalation methods documented by the…
A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team. - RhinoSecurityLabs/GCP-IAM-Privilege-Escalation
#CVE-2022
[Reserved For CVE-2022-29554]
https://github.com/ComparedArray/printix-CVE-2022-29554
@BlueRedTeam
[Reserved For CVE-2022-29554]
https://github.com/ComparedArray/printix-CVE-2022-29554
@BlueRedTeam
GitHub
GitHub - ComparedArray/printix-CVE-2022-29554: A "Mishandling of Input to API" or "Exposed Dangerous Method or Function" vulnerability…
A "Mishandling of Input to API" or "Exposed Dangerous Method or Function" vulnerability in PrintixService.exe, in Kofax Printix's "Printix Secur...