ExeSpy is a cross-platform PE viewer for EXE and DLL files
https://github.com/andyjsmith/Exe-Spy
@BlueRedTeam
https://github.com/andyjsmith/Exe-Spy
@BlueRedTeam
GitHub
GitHub - andyjsmith/Exe-Spy: ExeSpy is a cross-platform PE viewer for EXE and DLL files
ExeSpy is a cross-platform PE viewer for EXE and DLL files - andyjsmith/Exe-Spy
#Cobalt_Strike
Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike
https://github.com/turalalv/Payload-cob
@BlueRedTeam
Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike
https://github.com/turalalv/Payload-cob
@BlueRedTeam
GitHub
GitHub - turalalv/Payload-cob: Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment…
Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike - turalalv/Payload-cob
#Red_Team
+ Grab unsaved Notepad contents with a Beacon Object File
https://github.com/tothi/NoteThief
+ Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications
+ Marshmallows & Kerberoasting
https://redcanary.com/blog/marshmallows-and-kerberoasting
@BlueRedTeam
+ Grab unsaved Notepad contents with a Beacon Object File
https://github.com/tothi/NoteThief
+ Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications
+ Marshmallows & Kerberoasting
https://redcanary.com/blog/marshmallows-and-kerberoasting
@BlueRedTeam
GitHub
GitHub - tothi/NoteThief: Grab unsaved Notepad contents with a Beacon Object File
Grab unsaved Notepad contents with a Beacon Object File - tothi/NoteThief
#Blue_Team
+ Smart context-based SSRF vulnerabiltiy scanner
https://github.com/Th0h0/autossrf
+ Total Registry - enhanced Registry editor/viewer
https://github.com/zodiacon/TotalRegistry
@BlueRedTeam
+ Smart context-based SSRF vulnerabiltiy scanner
https://github.com/Th0h0/autossrf
+ Total Registry - enhanced Registry editor/viewer
https://github.com/zodiacon/TotalRegistry
@BlueRedTeam
GitHub
GitHub - Th0h0/autossrf: Smart context-based SSRF vulnerability scanner.
Smart context-based SSRF vulnerability scanner. Contribute to Th0h0/autossrf development by creating an account on GitHub.
#Red_Team
Red Team, Blue Team, and Network Forensics
https://github.com/andresmadeddie/Security-Offensive-Defensive-Forensics
@BlueRedTeam
Red Team, Blue Team, and Network Forensics
https://github.com/andresmadeddie/Security-Offensive-Defensive-Forensics
@BlueRedTeam
GitHub
GitHub - andresmadeddie/Security-Offensive-Defensive-Forensics: Red Team, Blue Team, and Network Forensics
Red Team, Blue Team, and Network Forensics. Contribute to andresmadeddie/Security-Offensive-Defensive-Forensics development by creating an account on GitHub.
👍3
#Cobalt_Strike
Privat crypt Cobalt Strike and powershell
https://github.com/trewisscotch/Crypt-Cobalt-Strike-Powershell
@BlueRedTeam
Privat crypt Cobalt Strike and powershell
https://github.com/trewisscotch/Crypt-Cobalt-Strike-Powershell
@BlueRedTeam
#Red_Team
+ Mangle - tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
https://github.com/optiv/Mangle
+ Extracting Whitelisted Paths from Windows Defender ASR Rules
https://adamsvoboda.net/extracting-asr-rules
@BlueRedTeam
+ Mangle - tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
https://github.com/optiv/Mangle
+ Extracting Whitelisted Paths from Windows Defender ASR Rules
https://adamsvoboda.net/extracting-asr-rules
@BlueRedTeam
GitHub
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from…
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - optiv/Mangle
#Blue_Team
+ Detecting Linux Anti-Forensics Log Tampering
https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html
+ Detecting the DFSCoerce attack
https://www.kustoking.com/detecting-the-dfscoerce-attack
@BlueRedTeam
+ Detecting Linux Anti-Forensics Log Tampering
https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html
+ Detecting the DFSCoerce attack
https://www.kustoking.com/detecting-the-dfscoerce-attack
@BlueRedTeam
Inversecos
Detecting Linux Anti-Forensics Log Tampering
#Red_Team
This repo contains a bash noscript \"PotOfDomains\" which is made to help me automate some Red Teaming Recon tasks.
https://github.com/l3pr3ch4un00/PotOfDomains
@BlueRedTeam
This repo contains a bash noscript \"PotOfDomains\" which is made to help me automate some Red Teaming Recon tasks.
https://github.com/l3pr3ch4un00/PotOfDomains
@BlueRedTeam
👍2
#Red_Team
Ad hoc collection of Red Teaming & Active Directory tooling
https://github.com/expl0itabl3/Toolies
@BlueRedTeam
Ad hoc collection of Red Teaming & Active Directory tooling
https://github.com/expl0itabl3/Toolies
@BlueRedTeam
GitHub
GitHub - expl0itabl3/Toolies: Ad hoc collection of Red Teaming & Active Directory tooling.
Ad hoc collection of Red Teaming & Active Directory tooling. - expl0itabl3/Toolies
#Cobalt_Strike
Useful aggressor noscripts for Cobalt Strike
https://github.com/nickzer0/AgressorScripts
@BlueRedTeam
Useful aggressor noscripts for Cobalt Strike
https://github.com/nickzer0/AgressorScripts
@BlueRedTeam
GitHub
GitHub - nickzer0/AgressorScripts: Useful aggressor noscripts for Cobalt Strike
Useful aggressor noscripts for Cobalt Strike. Contribute to nickzer0/AgressorScripts development by creating an account on GitHub.
#Red_Team
+ Embedding Payloads and Bypassing Controls in Microsoft InfoPath
https://spaceraccoon.dev/embedding-payloads-bypassing-controls-microsoft-infopath
+ Exploiting vulnerabilities in iOS Application
https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
@BlueRedTeam
+ Embedding Payloads and Bypassing Controls in Microsoft InfoPath
https://spaceraccoon.dev/embedding-payloads-bypassing-controls-microsoft-infopath
+ Exploiting vulnerabilities in iOS Application
https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
@BlueRedTeam
spaceraccoon.dev
Embedding Payloads and Bypassing Controls in Microsoft InfoPath
While browsing a SharePoint instance recently, I came across an interesting URL. The page itself displayed a web form that submitted data to SharePoint. Intrigued by the .xsn extension, I downloaded the file and started investigating what turned out to be…
#Cobalt_Strike
Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
https://github.com/tijme/kernel-mii
@BlueRedTeam
Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
https://github.com/tijme/kernel-mii
@BlueRedTeam
GitHub
GitHub - tijme/kernel-mii: Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551. - tijme/kernel-mii
#Blue_Team
+ Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction
https://jeffreyappel.nl/detect-and-block-credential-dumps-with-defender-for-endpoint-attack-surface-reduction
+ Fuzzuli - url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain
https://github.com/musana/fuzzuli
@BlueRedTeam
+ Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction
https://jeffreyappel.nl/detect-and-block-credential-dumps-with-defender-for-endpoint-attack-surface-reduction
+ Fuzzuli - url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain
https://github.com/musana/fuzzuli
@BlueRedTeam
Jeffrey Appel - Microsoft Security blog
Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction
Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phishing and controls through the typical way the admin uses and monitors the network to find more...
#Red_Team
The Phantom Credentials of SCCM: Why the NAA Won’t Die
https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9
@BlueRedTeam
The Phantom Credentials of SCCM: Why the NAA Won’t Die
https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9
@BlueRedTeam
SpecterOps
The Phantom Credentials of SCCM: Why the NAA Won’t Die - SpecterOps
Explore the risks lurking within SCCM's Network Access Accounts, why transitioning to Enhanced HTTP isn't enough, and why disabling NAAs from AD is crucial.
#Red_Team
multi-purpose Red Team Assessment access and exploitation framework for exploitation C2, backdooring and defense mechanism evasion purposes on restricted enviroments
https://github.com/blueudp/backvenom
@BlueRedTeam
multi-purpose Red Team Assessment access and exploitation framework for exploitation C2, backdooring and defense mechanism evasion purposes on restricted enviroments
https://github.com/blueudp/backvenom
@BlueRedTeam
GitHub
GitHub - blueudp/backvenom: multi-purpose Red Team Assessment access and exploitation framework for exploitation C2, backdooring…
multi-purpose Red Team Assessment access and exploitation framework for exploitation C2, backdooring and defense mechanism evasion purposes on restricted enviroments - GitHub - blueudp/backvenom: m...
Forwarded from PFK Git [ international ]
This media is not supported in your browser
VIEW IN TELEGRAM
Hacking a Company with 0-Click Email Attack | #phishing #redteam
As a penetration tester or red teamer, one of the methods of breaking into a company is #phishing and using this 0-click phishing attack it is possible to grab a user's NetNTLMv2 hash which you can relay or crack to escalate privileges or move laterally through the network. This attack could be useful on a #redteam engagement.
YouTube
@DK_HBB2
As a penetration tester or red teamer, one of the methods of breaking into a company is #phishing and using this 0-click phishing attack it is possible to grab a user's NetNTLMv2 hash which you can relay or crack to escalate privileges or move laterally through the network. This attack could be useful on a #redteam engagement.
YouTube
@DK_HBB2
❤2👍2
#Red_Team
A collection of Script for Red Team & Incidence Response
https://github.com/Johnng007/Black-Widow
@BlueRedTeam
A collection of Script for Red Team & Incidence Response
https://github.com/Johnng007/Black-Widow
@BlueRedTeam
GitHub
GitHub - Johnng007/Black-Widow: A collection of Script for Red Team & Incidence Response
A collection of Script for Red Team & Incidence Response - Johnng007/Black-Widow
👍3
#Red_Team
+ Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
https://www.offensive-security.com/offsec/macro-weaponization
+ Modular command-line tool to parse, create and manipulate JWT tokens
https://github.com/KINGSABRI/jwtear
@BlueRedTeam
+ Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
https://www.offensive-security.com/offsec/macro-weaponization
+ Modular command-line tool to parse, create and manipulate JWT tokens
https://github.com/KINGSABRI/jwtear
@BlueRedTeam
OffSec
Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties | OffSec
TJ shows us how adversaries use macro weaponization techniques to abuse hidden functionalities contained in Office document properties.