#Red_Team
Red Teaming and Penetration Testing Checklist, Cheatsheet, Clicknoscript
https://github.com/ibr0wse/RedTeam-PenTest-Cheatsheet-Checklist
@BlueRedTeam
Red Teaming and Penetration Testing Checklist, Cheatsheet, Clicknoscript
https://github.com/ibr0wse/RedTeam-PenTest-Cheatsheet-Checklist
@BlueRedTeam
GitHub
GitHub - ibr0wse/RedTeam-PenTest-Cheatsheet-Checklist: Red Teaming and Penetration Testing Checklist, Cheatsheet, Clicknoscript
Red Teaming and Penetration Testing Checklist, Cheatsheet, Clicknoscript - ibr0wse/RedTeam-PenTest-Cheatsheet-Checklist
#webshell
Automatically create user email (SMTP / WEBMAIL) on webshell
https://github.com/biulove0x/CreateEmail-SMTP-WEBMAIL
@BlueRedTeam
Automatically create user email (SMTP / WEBMAIL) on webshell
https://github.com/biulove0x/CreateEmail-SMTP-WEBMAIL
@BlueRedTeam
👍1
#Red_Team
+ Exploiting IRCTC along with few other government domains through XXE
https://systemweakness.com/exploiting-irctc-along-with-few-other-government-domains-through-xxe-cd7a9ff698
+ ServiceMove-BOF:
Lateral movement technique by abusing Windows Perception Simulation Service
https://github.com/netero1010/ServiceMove-BOF
+ Protected Process Light (PPL) Attack
https://paper.seebug.org/1892/
@BlueRedTeam
+ Exploiting IRCTC along with few other government domains through XXE
https://systemweakness.com/exploiting-irctc-along-with-few-other-government-domains-through-xxe-cd7a9ff698
+ ServiceMove-BOF:
Lateral movement technique by abusing Windows Perception Simulation Service
https://github.com/netero1010/ServiceMove-BOF
+ Protected Process Light (PPL) Attack
https://paper.seebug.org/1892/
@BlueRedTeam
Medium
Exploiting IRCTC along with few other government domains through XXE
In this blog, I would be giving an Insight about XXE(XML External Entity) injection and a practical attack case study where I did…
#Blue_Team
Prioritizing ATT&CK Techniques
https://medium.com/mitre-engenuity/where-to-begin-prioritizing-att-ck-techniques-c535b50983f4
]-> Top ATT&CK Techniques - calculator:
https://top-attack-techniques.mitre-engenuity.org
]-> Methodology:
https://top-attack-techniques.mitre-engenuity.org/methodology
@BlueRedTeam
Prioritizing ATT&CK Techniques
https://medium.com/mitre-engenuity/where-to-begin-prioritizing-att-ck-techniques-c535b50983f4
]-> Top ATT&CK Techniques - calculator:
https://top-attack-techniques.mitre-engenuity.org
]-> Methodology:
https://top-attack-techniques.mitre-engenuity.org/methodology
@BlueRedTeam
Medium
Where to begin? Prioritizing ATT&CK Techniques
Written by Mike Cunningham, Alexia Crumpton, Jon Baker, and Ingrid Skoog.
#Red_Team
I worked on a Red Team vs. Blue Team scenario in which I played the role of both penetration tester and SOC analyst.
https://github.com/Johnrhume/Redivivus-Inc.-e
@BlueRedTeam
I worked on a Red Team vs. Blue Team scenario in which I played the role of both penetration tester and SOC analyst.
https://github.com/Johnrhume/Redivivus-Inc.-e
@BlueRedTeam
#Red_Team
C2X-HTTP - C2/Post-Exploitation Tool For Red Teaming and Ethical Hacking [on HTTP(S)]
https://github.com/739156041qqx/nxenon7
@BlueRedTeam
C2X-HTTP - C2/Post-Exploitation Tool For Red Teaming and Ethical Hacking [on HTTP(S)]
https://github.com/739156041qqx/nxenon7
@BlueRedTeam
#Blue_Team
Evicting the Adversary:
Guidance to kick out an active attacker in your environment
https://www.huntress.com/blog/evicting-the-adversary
@BlueRedTeam
Evicting the Adversary:
Guidance to kick out an active attacker in your environment
https://www.huntress.com/blog/evicting-the-adversary
@BlueRedTeam
Huntress
Evicting the Adversary | Huntress
This blog shows how to catch an adversary moving from machine to machine, how to terminate this movement and how to evict the adversary from your network.
#Red_Team
Anti-Reverse engineering-Framework written in Rust, to support Red Team Operators into evading detection.
https://github.com/ThottySploity/invyria
@BlueRedTeam
Anti-Reverse engineering-Framework written in Rust, to support Red Team Operators into evading detection.
https://github.com/ThottySploity/invyria
@BlueRedTeam
#Blue_Team
+ Detecting Active Directory Kerberos Attacks
https://www.splunk.com/en_us/blog/security/detecting-active-directory-kerberos-attacks-threat-research-release-march-2022.html
+ Generate Advanced YARA Rules Based on Code Reuse
https://www.intezer.com/blog/threat-hunting/yara-rules-minimize-false-positives
@BlueRedTeam
+ Detecting Active Directory Kerberos Attacks
https://www.splunk.com/en_us/blog/security/detecting-active-directory-kerberos-attacks-threat-research-release-march-2022.html
+ Generate Advanced YARA Rules Based on Code Reuse
https://www.intezer.com/blog/threat-hunting/yara-rules-minimize-false-positives
@BlueRedTeam
Splunk
Detecting Active Directory Kerberos Attacks: Threat Research Release, March 2022 | Splunk
Learn more about the Splunk Threat Research Team's new analytic story to help SOC analysts detect adversaries abusing the Kerberos protocol to attack Windows Active Directory environments
#Red_Team
A Detailed Guide on Rubeus
https://www.hackingarticles.in/a-detailed-guide-on-rubeus
]-> C# toolset for raw Kerberos interaction and abuses:
https://github.com/GhostPack/Rubeus
@BlueRedTeam
A Detailed Guide on Rubeus
https://www.hackingarticles.in/a-detailed-guide-on-rubeus
]-> C# toolset for raw Kerberos interaction and abuses:
https://github.com/GhostPack/Rubeus
@BlueRedTeam
Hacking Articles
A Detailed Guide on Rubeus
Discover Rubeus, a C# toolkit for Kerberos interaction and abuse, and its various uses in Active Directory attacks in this Guide
#Red_Team
List of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
https://github.com/0xOverflow/RedTeam-Physical-Tools
@BlueRedTeam
List of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
https://github.com/0xOverflow/RedTeam-Physical-Tools
@BlueRedTeam
GitHub
GitHub - DavidProbinsky/RedTeam-Physical-Tools: Red Team Toolkit - A curated list of tools that are commonly used in the field…
Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry. - DavidProbinsky/RedTeam-Physical-Tools
🔥2👍1
#Blue_Team
Set of EVTX samples mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases
https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack
@BlueRedTeam
Set of EVTX samples mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases
https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack
@BlueRedTeam
GitHub
GitHub - mdecrevoisier/EVTX-to-MITRE-Attack: Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure…
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases. - mdecrevoisier/EVTX-to-MITRE-Attack
🔥3❤2👍1
#Red_Team
+ Bypassing OpenSSH MaxAuthTries
https://www.whiteoaksecurity.com/blog/bypassing-openssh-maxauthtries
+ Exploitation of an SSRF vulnerability against EC2 IMDSv2
https://www.yassineaboukir.com/blog/exploitation-of-an-SSRF-vulnerability-against-EC2-IMDSv2
@BlueRedTeam
+ Bypassing OpenSSH MaxAuthTries
https://www.whiteoaksecurity.com/blog/bypassing-openssh-maxauthtries
+ Exploitation of an SSRF vulnerability against EC2 IMDSv2
https://www.yassineaboukir.com/blog/exploitation-of-an-SSRF-vulnerability-against-EC2-IMDSv2
@BlueRedTeam
Cyberadvisors
Cyber Advisors - Your Cyber Security Partner
Cyber Advisors provides customizable cybersecurity solutions & services. We help deliver, implement, manage, monitor, test defenses, & strengthen systems.
#Blue_Team
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software
https://github.com/github/advisory-database
@BlueRedTeam
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software
https://github.com/github/advisory-database
@BlueRedTeam
GitHub
GitHub - github/advisory-database: Security vulnerability database inclusive of CVEs and GitHub originated security advisories…
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software. - github/advisory-database
#exploit
Exploiting a Use-After-Free for code execution in every version of Python 3
https://pwn.win/2022/05/11/python-buffered-reader.html
PoC :
https://github.com/kn32/python-buffered-reader-exploit
@BlueRedTeam
Exploiting a Use-After-Free for code execution in every version of Python 3
https://pwn.win/2022/05/11/python-buffered-reader.html
PoC :
https://github.com/kn32/python-buffered-reader-exploit
@BlueRedTeam
pwn.win
Exploiting a Use-After-Free for code execution in every version of Python 3
A while ago I was browsing the Python bug tracker, and I stumbled upon this bug - “memoryview to freed memory can cause segfault”. It was created in 2012, originally present in Python 2.7, but remains open to this day, 10 years later. This piqued my interest…
#Blue_Team
+ Zyxel RCE (CVE-2022-30525):
]-> Initial Detect
https://gist.github.com/z3r0-0t/a3bd4c0015458b018308cca3360a7e24
]-> Detects CVE-2022-30525 probing or exploitation attempts
https://github.com/xFFninja/threat_hunting/blob/main/web/cve-2022-30525.yaml
+ Script to Help You Find All Files Has Been Modified In A Range Time
https://github.com/3gbCyber/IR-Last-Write-Time
@BlueRedTeam
+ Zyxel RCE (CVE-2022-30525):
]-> Initial Detect
https://gist.github.com/z3r0-0t/a3bd4c0015458b018308cca3360a7e24
]-> Detects CVE-2022-30525 probing or exploitation attempts
https://github.com/xFFninja/threat_hunting/blob/main/web/cve-2022-30525.yaml
+ Script to Help You Find All Files Has Been Modified In A Range Time
https://github.com/3gbCyber/IR-Last-Write-Time
@BlueRedTeam
Gist
CVE-2022-30525-initial-detect.yaml
GitHub Gist: instantly share code, notes, and snippets.
🔥3
#tools
#Red_Team
+ Windows Kernel Driver in Rust aka Rusty Rootkit for Red Teamers
https://github.com/memN0ps/eagle-rs
+ HackSys Extreme Vulnerable Driver 3 - Stack Overflow + SMEP Bypass
https://linxz.tech/post/hevd/2022-05-14-hevd3-stackbufferoverflow
@BlueRedTeam
#Red_Team
+ Windows Kernel Driver in Rust aka Rusty Rootkit for Red Teamers
https://github.com/memN0ps/eagle-rs
+ HackSys Extreme Vulnerable Driver 3 - Stack Overflow + SMEP Bypass
https://linxz.tech/post/hevd/2022-05-14-hevd3-stackbufferoverflow
@BlueRedTeam
GitHub
GitHub - memN0ps/eagle-rs: Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle) - memN0ps/eagle-rs
👍1
#CVE-2022
Detects attempts and successful exploitation of CVE-2022-26809
https://github.com/corelight/cve-2022-26809
@BlueRedTeam
Detects attempts and successful exploitation of CVE-2022-26809
https://github.com/corelight/cve-2022-26809
@BlueRedTeam
GitHub
GitHub - corelight/cve-2022-26809: Detects attempts and successful exploitation of CVE-2022-26809
Detects attempts and successful exploitation of CVE-2022-26809 - corelight/cve-2022-26809
#Red_Team
Rapid Deployment Infrastructure for Red Teaming and Penetration Testing
https://github.com/Adastra-thw/KrakenRdi
@BlueRedTeam
Rapid Deployment Infrastructure for Red Teaming and Penetration Testing
https://github.com/Adastra-thw/KrakenRdi
@BlueRedTeam
GitHub
GitHub - Adastra-thw/KrakenRdi: Rapid Deployment Infrastructure for Red Teaming and Penetration Testing
Rapid Deployment Infrastructure for Red Teaming and Penetration Testing - Adastra-thw/KrakenRdi
#Red_Team
+ Bypassing WAF to Weaponize a Stored XSS
https://infosecwriteups.com/bypassing-waf-to-weaponize-a-stored-xss-ff9963c421ee
+ Windows Kernel Driver in Rust/
Rusty Rootkit for Red Teamers
https://github.com/memN0ps/eagle-rs
@BlueRedTeam
+ Bypassing WAF to Weaponize a Stored XSS
https://infosecwriteups.com/bypassing-waf-to-weaponize-a-stored-xss-ff9963c421ee
+ Windows Kernel Driver in Rust/
Rusty Rootkit for Red Teamers
https://github.com/memN0ps/eagle-rs
@BlueRedTeam
Medium
Bypassing WAF to Weaponize a Stored XSS
While testing a bug bounty program, I’ve noticed my <u>html injection</u> payload worked while spraying it to every field that is reflected…