#Cobalt_Strike
BeaconNotifier-Discord
Cobalt strike CNA noscript to notify you via Discord whenever there is a new beacon.
https://github.com/ScriptIdiot/BeaconNotifier-Discord
@BlueRedTeam
BeaconNotifier-Discord
Cobalt strike CNA noscript to notify you via Discord whenever there is a new beacon.
https://github.com/ScriptIdiot/BeaconNotifier-Discord
@BlueRedTeam
GitHub
GitHub - ScriptIdiot/BeaconNotifier-Discord: Cobalt strike CNA noscript to notify you via Discord whenever there is a new beacon.
Cobalt strike CNA noscript to notify you via Discord whenever there is a new beacon. - ScriptIdiot/BeaconNotifier-Discord
PoshC2
A proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement.
PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework.
Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX.
https://github.com/nettitude/PoshC2
Documentation:
https://poshc2.readthedocs.io/en/latest/
@BlueRedTeam
A proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement.
PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework.
Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX.
https://github.com/nettitude/PoshC2
Documentation:
https://poshc2.readthedocs.io/en/latest/
@BlueRedTeam
GitHub
GitHub - nettitude/PoshC2: A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement. - nettitude/PoshC2
👍2
#tools
#Blue_Team
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules
https://socfortress.medium.com/windows-registry-forensic-analysis-using-chainsaw-wazuh-agent-and-sigma-rules-40dbceba7201
+ Exploiting Authentication in AWS IAM Authenticator for Kubernetes
https://blog.lightspin.io/exploiting-eks-authentication-vulnerability-in-aws-iam-authenticator
@BlueRedTeam
#Blue_Team
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules
https://socfortress.medium.com/windows-registry-forensic-analysis-using-chainsaw-wazuh-agent-and-sigma-rules-40dbceba7201
+ Exploiting Authentication in AWS IAM Authenticator for Kubernetes
https://blog.lightspin.io/exploiting-eks-authentication-vulnerability-in-aws-iam-authenticator
@BlueRedTeam
Medium
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules
Introduction.
👍4
#Red_Team
Abusing forgotten permissions on computer objects in Active Directory
https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory
@BlueRedTeam
Abusing forgotten permissions on computer objects in Active Directory
https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory
@BlueRedTeam
dirkjanm.io
Abusing forgotten permissions on computer objects in Active Directory
A while back, I read an interesting blog by Oddvar Moe about Pre-created computer accounts in Active Directory. In the blog, Oddvar also describes the option to configure who can join the computer to the domain after the object is created. This sets an interesting…
#Red_Team
Assessment, Analysis, and Hardening of a vulnerable system. This report includes a Red Team Security Assessment, a Blue Team Log Analysis, and Hardening and Mitigation Strategies.
https://github.com/Maximus-Meridius-SC/Project-2-Red-Team-vs.-Blue-Team
@BlueRedTeam
Assessment, Analysis, and Hardening of a vulnerable system. This report includes a Red Team Security Assessment, a Blue Team Log Analysis, and Hardening and Mitigation Strategies.
https://github.com/Maximus-Meridius-SC/Project-2-Red-Team-vs.-Blue-Team
@BlueRedTeam
GitHub
GitHub - Maximus-Meridius-SC/Project-2-Red-Team-vs.-Blue-Team: Assessment, Analysis, and Hardening of a vulnerable system. This…
Assessment, Analysis, and Hardening of a vulnerable system. This report includes a Red Team Security Assessment, a Blue Team Log Analysis, and Hardening and Mitigation Strategies. - GitHub - Maxim...
#Blue_Team
Tips to construct a web application firewall
https://antonio-cooler.gitbook.io/coolervoid-tavern
@BlueRedTeam
Tips to construct a web application firewall
https://antonio-cooler.gitbook.io/coolervoid-tavern
@BlueRedTeam
antonio-cooler.gitbook.io
Whoami | CoolerVoid tavern
Little words about me
#tools
#Red_Team
+ Tool to start processes as SYSTEM using token duplication
https://github.com/magnusstubman/tokenduplicator
+ Splunk Attack Range 2.0
https://www.splunk.com/en_us/blog/security/introducing-splunk-attack-range-v2-0.html
https://github.com/splunk/attack_range
@BlueRedTeam
#Red_Team
+ Tool to start processes as SYSTEM using token duplication
https://github.com/magnusstubman/tokenduplicator
+ Splunk Attack Range 2.0
https://www.splunk.com/en_us/blog/security/introducing-splunk-attack-range-v2-0.html
https://github.com/splunk/attack_range
@BlueRedTeam
GitHub
GitHub - magnusstubman/tokenduplicator: Tool to start processes as SYSTEM using token duplication
Tool to start processes as SYSTEM using token duplication - magnusstubman/tokenduplicator
#Red_Team
Abusing forgotten permissions on computer objects in Active Directory
https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory
@BlueRedTeam
Abusing forgotten permissions on computer objects in Active Directory
https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory
@BlueRedTeam
dirkjanm.io
Abusing forgotten permissions on computer objects in Active Directory
A while back, I read an interesting blog by Oddvar Moe about Pre-created computer accounts in Active Directory. In the blog, Oddvar also describes the option to configure who can join the computer to the domain after the object is created. This sets an interesting…
#Red_Team
Scripts that i can leverage on Red Team Engagements
https://github.com/nickgobern/Bad_Boy_Scripts
@BlueRedTeam
Scripts that i can leverage on Red Team Engagements
https://github.com/nickgobern/Bad_Boy_Scripts
@BlueRedTeam
GitHub
GitHub - nickgobern/Bad_Boy_Scripts: Scripts that I can leverage on Red Team Engagements
Scripts that I can leverage on Red Team Engagements - GitHub - nickgobern/Bad_Boy_Scripts: Scripts that I can leverage on Red Team Engagements
#Cobalt_Strike
Miscellaneous Cobalt Strike Beacon Object Files
https://github.com/Cobalt-Strike/sleep_python_bridge
@BlueRedTeam
Miscellaneous Cobalt Strike Beacon Object Files
https://github.com/Cobalt-Strike/sleep_python_bridge
@BlueRedTeam
GitHub
GitHub - Cobalt-Strike/sleep_python_bridge: This project is 'bridge' between the sleep and python language. It allows the control…
This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client. ...
#Cobalt_Strike
Crypt-Cobalt-Strike-Powershell
Privat crypt Cobalt Strike and powershell
https://github.com/trewisscotch/Crypt-Cobalt-Strike-Powershell
@BlueRedTeam
Crypt-Cobalt-Strike-Powershell
Privat crypt Cobalt Strike and powershell
https://github.com/trewisscotch/Crypt-Cobalt-Strike-Powershell
@BlueRedTeam
👍2
#Red_Team
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
https://github.com/optiv/Mangle
@BlueRedTeam
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
https://github.com/optiv/Mangle
@BlueRedTeam
GitHub
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from…
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - optiv/Mangle
#Red_Team
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
https://github.com/edoardottt/awesome-hacker-search-engines
@BlueRedTeam
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
https://github.com/edoardottt/awesome-hacker-search-engines
@BlueRedTeam
GitHub
GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing,…
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more - edoardottt/awesome-hacker-search-engines
#Red_Team
SharpSniper
Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO.
SharpSniper is a simple tool to find the IP address of these users so that you can target their box.
It requires that you have privileges to read logs on Domain Controllers.
First it queries and makes a list of Domain contollers, then search for Log-on events on any of the DCs for the user you are looking for and then reads the most recent DHCP allocated logon IP address.
https://github.com/HunnicCyber/SharpSniper
@BlueRedTeam
SharpSniper
Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO.
SharpSniper is a simple tool to find the IP address of these users so that you can target their box.
It requires that you have privileges to read logs on Domain Controllers.
First it queries and makes a list of Domain contollers, then search for Log-on events on any of the DCs for the user you are looking for and then reads the most recent DHCP allocated logon IP address.
https://github.com/HunnicCyber/SharpSniper
@BlueRedTeam
GitHub
GitHub - HunnicCyber/SharpSniper: Find specific users in active directory via their username and logon IP address
Find specific users in active directory via their username and logon IP address - HunnicCyber/SharpSniper
👍3
#Red_Team
HacktheBox Synack Red Team Assessment Writeups | Host | Web | Mobile
https://github.com/htbpro/HacktheBox-Synack-Red-Team-Assessment-Writeups-Host-Web-Mobile
@BlueRedTeam
HacktheBox Synack Red Team Assessment Writeups | Host | Web | Mobile
https://github.com/htbpro/HacktheBox-Synack-Red-Team-Assessment-Writeups-Host-Web-Mobile
@BlueRedTeam
#Cobalt_Strike
kernel-mii
Cobalt Strike Beacon Object File foundation for kernel exploitation using CVE-2021-21551.
This is a Cobalt Strike (CS) Beacon Object File (BOF) which exploits CVE-2021-21551. It only overwrites the beacon process token with the system process token. But this BOF is mostly just a good foundation for further kernel exploitation via CS.
https://github.com/tijme/kernel-mii
@BlueRedTeam
kernel-mii
Cobalt Strike Beacon Object File foundation for kernel exploitation using CVE-2021-21551.
This is a Cobalt Strike (CS) Beacon Object File (BOF) which exploits CVE-2021-21551. It only overwrites the beacon process token with the system process token. But this BOF is mostly just a good foundation for further kernel exploitation via CS.
https://github.com/tijme/kernel-mii
@BlueRedTeam
GitHub
GitHub - tijme/kernel-mii: Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551. - tijme/kernel-mii
#CVE-2022
CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability
https://github.com/Daro1967/CVE-2022-24500-RCE
@BlueRedTeam
CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability
https://github.com/Daro1967/CVE-2022-24500-RCE
@BlueRedTeam
👎1
#CVE-2022
PoC for CVE-2022-23614 (Twig sort filter code execution)
https://github.com/davwwwx/CVE-2022-23614
@BlueRedTeam
PoC for CVE-2022-23614 (Twig sort filter code execution)
https://github.com/davwwwx/CVE-2022-23614
@BlueRedTeam
GitHub
GitHub - davwwwx/CVE-2022-23614: PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)
PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass) - davwwwx/CVE-2022-23614
👎1🥰1