#Red_Team
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach
@BlueRedTeam
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach
@BlueRedTeam
Volexity
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
Volexity frequently works with individuals and organizations heavily targeted by sophisticated, motivated, and well-equipped threat actors from around the world. Some of these individuals or organizations are attacked infrequently or […]
#webshell
BlueHound is a GUI based scanner program for hunting threats on host.It supports scanning files for webshell,suspicious PE files injected in memory and CobaltStrike's beacon in memory.
https://github.com/10000Tigers/BlueHound
@BlueRedTeam
BlueHound is a GUI based scanner program for hunting threats on host.It supports scanning files for webshell,suspicious PE files injected in memory and CobaltStrike's beacon in memory.
https://github.com/10000Tigers/BlueHound
@BlueRedTeam
GitHub
GitHub - 10000Tigers/BlueHound: BlueHound is a GUI based scanner program for hunting threats on host.It supports scanning files…
BlueHound is a GUI based scanner program for hunting threats on host.It supports scanning files for webshell,suspicious PE files injected in memory and CobaltStrike's beacon in memory. - 10...
#CVE-2022
These are two Python noscripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)
https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix
@BlueRedTeam
These are two Python noscripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)
https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix
@BlueRedTeam
GitHub
GitHub - JotaQC/CVE-2022-30190_Temporary_Fix: These are two Python noscripts compiled to easily and quickly apply temporary protection…
These are two Python noscripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina) - JotaQC/CVE-2022-30190_Temporary_Fix
#CVE-2022
These are the source codes of the Python noscripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)
https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code
@BlueRedTeam
These are the source codes of the Python noscripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)
https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code
@BlueRedTeam
GitHub
GitHub - SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code: These are the source codes of the Python noscripts to apply the temporary…
These are the source codes of the Python noscripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina) - GitHub - SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code:...
#CVE-2022
CVE-2022-30136 Unauthenticated RCE in Microsoft Windows Network File System
https://github.com/oturu/Cve-2022-30136-RCE
@BlueRedTeam
CVE-2022-30136 Unauthenticated RCE in Microsoft Windows Network File System
https://github.com/oturu/Cve-2022-30136-RCE
@BlueRedTeam
#Cobalt_Strike
Former attempt at creating a independent #Cobalt Strike Beacon
https://github.com/SecIdiot/beacon
@BlueRedTeam
Former attempt at creating a independent #Cobalt Strike Beacon
https://github.com/SecIdiot/beacon
@BlueRedTeam
ExeSpy is a cross-platform PE viewer for EXE and DLL files
https://github.com/andyjsmith/Exe-Spy
@BlueRedTeam
https://github.com/andyjsmith/Exe-Spy
@BlueRedTeam
GitHub
GitHub - andyjsmith/Exe-Spy: ExeSpy is a cross-platform PE viewer for EXE and DLL files
ExeSpy is a cross-platform PE viewer for EXE and DLL files - andyjsmith/Exe-Spy
#Cobalt_Strike
Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike
https://github.com/turalalv/Payload-cob
@BlueRedTeam
Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike
https://github.com/turalalv/Payload-cob
@BlueRedTeam
GitHub
GitHub - turalalv/Payload-cob: Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment…
Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike - turalalv/Payload-cob
#Red_Team
+ Grab unsaved Notepad contents with a Beacon Object File
https://github.com/tothi/NoteThief
+ Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications
+ Marshmallows & Kerberoasting
https://redcanary.com/blog/marshmallows-and-kerberoasting
@BlueRedTeam
+ Grab unsaved Notepad contents with a Beacon Object File
https://github.com/tothi/NoteThief
+ Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications
+ Marshmallows & Kerberoasting
https://redcanary.com/blog/marshmallows-and-kerberoasting
@BlueRedTeam
GitHub
GitHub - tothi/NoteThief: Grab unsaved Notepad contents with a Beacon Object File
Grab unsaved Notepad contents with a Beacon Object File - tothi/NoteThief
#Blue_Team
+ Smart context-based SSRF vulnerabiltiy scanner
https://github.com/Th0h0/autossrf
+ Total Registry - enhanced Registry editor/viewer
https://github.com/zodiacon/TotalRegistry
@BlueRedTeam
+ Smart context-based SSRF vulnerabiltiy scanner
https://github.com/Th0h0/autossrf
+ Total Registry - enhanced Registry editor/viewer
https://github.com/zodiacon/TotalRegistry
@BlueRedTeam
GitHub
GitHub - Th0h0/autossrf: Smart context-based SSRF vulnerability scanner.
Smart context-based SSRF vulnerability scanner. Contribute to Th0h0/autossrf development by creating an account on GitHub.
#Red_Team
Red Team, Blue Team, and Network Forensics
https://github.com/andresmadeddie/Security-Offensive-Defensive-Forensics
@BlueRedTeam
Red Team, Blue Team, and Network Forensics
https://github.com/andresmadeddie/Security-Offensive-Defensive-Forensics
@BlueRedTeam
GitHub
GitHub - andresmadeddie/Security-Offensive-Defensive-Forensics: Red Team, Blue Team, and Network Forensics
Red Team, Blue Team, and Network Forensics. Contribute to andresmadeddie/Security-Offensive-Defensive-Forensics development by creating an account on GitHub.
👍3
#Cobalt_Strike
Privat crypt Cobalt Strike and powershell
https://github.com/trewisscotch/Crypt-Cobalt-Strike-Powershell
@BlueRedTeam
Privat crypt Cobalt Strike and powershell
https://github.com/trewisscotch/Crypt-Cobalt-Strike-Powershell
@BlueRedTeam
#Red_Team
+ Mangle - tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
https://github.com/optiv/Mangle
+ Extracting Whitelisted Paths from Windows Defender ASR Rules
https://adamsvoboda.net/extracting-asr-rules
@BlueRedTeam
+ Mangle - tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
https://github.com/optiv/Mangle
+ Extracting Whitelisted Paths from Windows Defender ASR Rules
https://adamsvoboda.net/extracting-asr-rules
@BlueRedTeam
GitHub
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from…
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - optiv/Mangle
#Blue_Team
+ Detecting Linux Anti-Forensics Log Tampering
https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html
+ Detecting the DFSCoerce attack
https://www.kustoking.com/detecting-the-dfscoerce-attack
@BlueRedTeam
+ Detecting Linux Anti-Forensics Log Tampering
https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html
+ Detecting the DFSCoerce attack
https://www.kustoking.com/detecting-the-dfscoerce-attack
@BlueRedTeam
Inversecos
Detecting Linux Anti-Forensics Log Tampering
#Red_Team
This repo contains a bash noscript \"PotOfDomains\" which is made to help me automate some Red Teaming Recon tasks.
https://github.com/l3pr3ch4un00/PotOfDomains
@BlueRedTeam
This repo contains a bash noscript \"PotOfDomains\" which is made to help me automate some Red Teaming Recon tasks.
https://github.com/l3pr3ch4un00/PotOfDomains
@BlueRedTeam
👍2
#Red_Team
Ad hoc collection of Red Teaming & Active Directory tooling
https://github.com/expl0itabl3/Toolies
@BlueRedTeam
Ad hoc collection of Red Teaming & Active Directory tooling
https://github.com/expl0itabl3/Toolies
@BlueRedTeam
GitHub
GitHub - expl0itabl3/Toolies: Ad hoc collection of Red Teaming & Active Directory tooling.
Ad hoc collection of Red Teaming & Active Directory tooling. - expl0itabl3/Toolies
#Cobalt_Strike
Useful aggressor noscripts for Cobalt Strike
https://github.com/nickzer0/AgressorScripts
@BlueRedTeam
Useful aggressor noscripts for Cobalt Strike
https://github.com/nickzer0/AgressorScripts
@BlueRedTeam
GitHub
GitHub - nickzer0/AgressorScripts: Useful aggressor noscripts for Cobalt Strike
Useful aggressor noscripts for Cobalt Strike. Contribute to nickzer0/AgressorScripts development by creating an account on GitHub.
#Red_Team
+ Embedding Payloads and Bypassing Controls in Microsoft InfoPath
https://spaceraccoon.dev/embedding-payloads-bypassing-controls-microsoft-infopath
+ Exploiting vulnerabilities in iOS Application
https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
@BlueRedTeam
+ Embedding Payloads and Bypassing Controls in Microsoft InfoPath
https://spaceraccoon.dev/embedding-payloads-bypassing-controls-microsoft-infopath
+ Exploiting vulnerabilities in iOS Application
https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
@BlueRedTeam
spaceraccoon.dev
Embedding Payloads and Bypassing Controls in Microsoft InfoPath
While browsing a SharePoint instance recently, I came across an interesting URL. The page itself displayed a web form that submitted data to SharePoint. Intrigued by the .xsn extension, I downloaded the file and started investigating what turned out to be…
#Cobalt_Strike
Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
https://github.com/tijme/kernel-mii
@BlueRedTeam
Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
https://github.com/tijme/kernel-mii
@BlueRedTeam
GitHub
GitHub - tijme/kernel-mii: Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551. - tijme/kernel-mii