#Blue_Team
+ Detect Apps and Services using LDAP instead of LDAPS
https://dirteam.com/sander/2022/05/30/howto-detect-apps-and-services-using-ldap-instead-of-ldaps
+ Find secrets/passwords in container images and file systems
https://github.com/deepfence/SecretScanner
@BlueRedTeam
+ Detect Apps and Services using LDAP instead of LDAPS
https://dirteam.com/sander/2022/05/30/howto-detect-apps-and-services-using-ldap-instead-of-ldaps
+ Find secrets/passwords in container images and file systems
https://github.com/deepfence/SecretScanner
@BlueRedTeam
The things that are better left unspoken
HOWTO: Detect Apps and Services using LDAP instead of LDAPS - The things that are better left unspoken
Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Traditionally, the Lightweight Directory Access Protocol (LDAP) was used by software developers to integrate. While Kerberos-based Integrated Windows Authentication…
#Red_Team
Flexible C2 framework for Nation State Simulations in Red Team Assessments.
https://github.com/aidden-laoch/sabre
@BlueRedTeam
Flexible C2 framework for Nation State Simulations in Red Team Assessments.
https://github.com/aidden-laoch/sabre
@BlueRedTeam
#Red_Team
Enumeration and lateral movement in GCP environments
https://securityshenanigans.medium.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794
@BlueRedTeam
Enumeration and lateral movement in GCP environments
https://securityshenanigans.medium.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794
@BlueRedTeam
Medium
Enumeration and lateral movement in GCP environments
This write up is about a pentest we did in which we managed to compromise a hybrid GCP hosted infrastructure using native GCP tools for…
#CVE-2022
CVE-2022-30190 or \"Follina\" 0day proof of concept
https://github.com/rayorole/CVE-2022-30190
@BlueRedTeam
CVE-2022-30190 or \"Follina\" 0day proof of concept
https://github.com/rayorole/CVE-2022-30190
@BlueRedTeam
GitHub
GitHub - rayorole/CVE-2022-30190: CVE-2022-30190 or "Follina" 0day proof of concept
CVE-2022-30190 or "Follina" 0day proof of concept. Contribute to rayorole/CVE-2022-30190 development by creating an account on GitHub.
#tools
Rust-based high performance domain permutation generator.
A rust-based version of the popular dnsgen python utility.
ripgen is split into two main parts:
ripgen: A CLI utility that calls into ripgen_lib and uses dnsgen's transforms.
ripgen_lib: A library that allows you to create high performance permutations of domain names.
https://github.com/resyncgg/ripgen
@BlueRedTeam
Rust-based high performance domain permutation generator.
A rust-based version of the popular dnsgen python utility.
ripgen is split into two main parts:
ripgen: A CLI utility that calls into ripgen_lib and uses dnsgen's transforms.
ripgen_lib: A library that allows you to create high performance permutations of domain names.
https://github.com/resyncgg/ripgen
@BlueRedTeam
GitHub
GitHub - AlephNullSK/dnsgen: DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and…
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discove...
#Blue_Team
+ NotSoCereal: A Deserialization exploit playground
https://github.com/NotSoSecure/NotSoCereal-Lab
+ Kernel mode WinDbg extension and PoCs for token privilege investigation
https://github.com/daem0nc0re/PrivFu#s4udelegator
@BlueRedTeam
+ NotSoCereal: A Deserialization exploit playground
https://github.com/NotSoSecure/NotSoCereal-Lab
+ Kernel mode WinDbg extension and PoCs for token privilege investigation
https://github.com/daem0nc0re/PrivFu#s4udelegator
@BlueRedTeam
GitHub
GitHub - NotSoSecure/NotSoCereal-Lab: NotSoCereal: A Deserialization exploit playground
NotSoCereal: A Deserialization exploit playground. Contribute to NotSoSecure/NotSoCereal-Lab development by creating an account on GitHub.
#Red_Team
Fricciolosa Red Team website ⚔️
https://github.com/Fricciolosa-Red-Team/fricciolosa.com
@BlueRedTeam
Fricciolosa Red Team website ⚔️
https://github.com/Fricciolosa-Red-Team/fricciolosa.com
@BlueRedTeam
GitHub
GitHub - Fricciolosa-Red-Team/fricciolosa.com: Fricciolosa Red Team website ⚔️
Fricciolosa Red Team website ⚔️. Contribute to Fricciolosa-Red-Team/fricciolosa.com development by creating an account on GitHub.
#CVE-2022
A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)
https://github.com/ErrorNoInternet/FollinaScanner
@BlueRedTeam
A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)
https://github.com/ErrorNoInternet/FollinaScanner
@BlueRedTeam
GitHub
GitHub - ErrorNoInternet/FollinaScanner: A tool written in Go that scans files & directories for the Follina exploit (CVE-2022…
A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190) - ErrorNoInternet/FollinaScanner
#CVE-2022
Mitigates the \"Folina\"-ZeroDay (CVE-2022-30190)
https://github.com/derco0n/mitigate-folina
@BlueRedTeam
Mitigates the \"Folina\"-ZeroDay (CVE-2022-30190)
https://github.com/derco0n/mitigate-folina
@BlueRedTeam
GitHub
GitHub - derco0n/mitigate-folina: Mitigates the "Folina"-ZeroDay (CVE-2022-30190)
Mitigates the "Folina"-ZeroDay (CVE-2022-30190). Contribute to derco0n/mitigate-folina development by creating an account on GitHub.
#CVE-2022
The CVE-2022-30190-follina Workarounds Patch
https://github.com/suegdu/CVE-2022-30190-Follina-Patch
@BlueRedTeam
The CVE-2022-30190-follina Workarounds Patch
https://github.com/suegdu/CVE-2022-30190-Follina-Patch
@BlueRedTeam
GitHub
GitHub - suegdu/CVE-2022-30190-Follina-Patch: The CVE-2022-30190-follina Workarounds Patch
The CVE-2022-30190-follina Workarounds Patch. Contribute to suegdu/CVE-2022-30190-Follina-Patch development by creating an account on GitHub.
#CVE-2022
CVE-2022-30190 | MS-MSDT Follina One Click
https://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina
@BlueRedTeam
CVE-2022-30190 | MS-MSDT Follina One Click
https://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina
@BlueRedTeam
GitHub
GitHub - 0xflagplz/MS-MSDT-Office-RCE-Follina: CVE-2022-30190 | MS-MSDT Follina One Click
CVE-2022-30190 | MS-MSDT Follina One Click. Contribute to 0xflagplz/MS-MSDT-Office-RCE-Follina development by creating an account on GitHub.
#Red_Team
Offensive Security | Red Team
https://github.com/cyberkhalid/cyberkhalid.github.io
@BlueRedTeam
Offensive Security | Red Team
https://github.com/cyberkhalid/cyberkhalid.github.io
@BlueRedTeam
GitHub
GitHub - cyberkhalid/cyberkhalid.github.io: Offensive Security | Red Team
Offensive Security | Red Team. Contribute to cyberkhalid/cyberkhalid.github.io development by creating an account on GitHub.
👍2
#CVE-2022
CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL injection
https://github.com/crowsec-edtech/CVE-2022-26134
@BlueRedTeam
CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL injection
https://github.com/crowsec-edtech/CVE-2022-26134
@BlueRedTeam
GitHub
GitHub - crowsec-edtech/CVE-2022-26134: CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL injection
CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL injection - crowsec-edtech/CVE-2022-26134
#CVE-2022
Atlassian Confluence (CVE-2022-26134) - Unauthenticated Remote Code Execution (RCE)
https://github.com/Nwqda/CVE-2022-26134
@BlueRedTeam
Atlassian Confluence (CVE-2022-26134) - Unauthenticated Remote Code Execution (RCE)
https://github.com/Nwqda/CVE-2022-26134
@BlueRedTeam
#Blue_Team
AntimalwareBlight - Execute PowerShell code at the antimalware-light protection level
https://github.com/mattifestation/AntimalwareBlight
@BlueRedTeam
AntimalwareBlight - Execute PowerShell code at the antimalware-light protection level
https://github.com/mattifestation/AntimalwareBlight
@BlueRedTeam
GitHub
GitHub - mattifestation/AntimalwareBlight: Execute PowerShell code at the antimalware-light protection level.
Execute PowerShell code at the antimalware-light protection level. - mattifestation/AntimalwareBlight
#Cobalt_Strike
Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon
https://github.com/optiv/Registry-Recon
@BlueRedTeam
Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon
https://github.com/optiv/Registry-Recon
@BlueRedTeam
GitHub
GitHub - optiv/Registry-Recon: Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon
Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon - optiv/Registry-Recon
#Red_Team #Blue_Team #Purple_Team
AnyTeam - Red Team | Purple Team | Blue Team
https://github.com/Anlominus/AnyTeam
@BlueRedTeam
AnyTeam - Red Team | Purple Team | Blue Team
https://github.com/Anlominus/AnyTeam
@BlueRedTeam
GitHub
GitHub - AnLoMinus/AnyTeam: AnyTeam - Red Team | Purple Team | Blue Team
AnyTeam - Red Team | Purple Team | Blue Team. Contribute to AnLoMinus/AnyTeam development by creating an account on GitHub.
👍3
#tools
#Blue_Team
ADeleg - Active Directory delegation management tool
https://github.com/mtth-bfft/adeleg
@BlueRedTeam
#Blue_Team
ADeleg - Active Directory delegation management tool
https://github.com/mtth-bfft/adeleg
@BlueRedTeam
GitHub
GitHub - mtth-bfft/adeleg: Active Directory delegation management tool
Active Directory delegation management tool. Contribute to mtth-bfft/adeleg development by creating an account on GitHub.