#Red_Team
+ Steal private objects of other projects via project import
https://hackerone.com/reports/743953
+ HInvoke and avoiding PInvoke
https://dr4k0nia.github.io/dotnet/coding/2022/08/10/HInvoke-and-avoiding-PInvoke.html
+ Cobalt Strike UDRL for memory scanner evasion
https://github.com/kyleavery/AceLdr
@BlueRedTeam
+ Steal private objects of other projects via project import
https://hackerone.com/reports/743953
+ HInvoke and avoiding PInvoke
https://dr4k0nia.github.io/dotnet/coding/2022/08/10/HInvoke-and-avoiding-PInvoke.html
+ Cobalt Strike UDRL for memory scanner evasion
https://github.com/kyleavery/AceLdr
@BlueRedTeam
HackerOne
GitLab disclosed on HackerOne: Steal private objects of other...
### Summary
An attacker could transfer issues, merge requests of another project to the imported project by importing a crafted GitLab export.
### Steps to reproduce
1. Import the attached...
An attacker could transfer issues, merge requests of another project to the imported project by importing a crafted GitLab export.
### Steps to reproduce
1. Import the attached...
#Red_Team
+ Windows attacks with Network Provider
https://www.scip.ch/en/?labs.20220217
+ Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY
https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
@BlueRedTeam
+ Windows attacks with Network Provider
https://www.scip.ch/en/?labs.20220217
+ Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY
https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
@BlueRedTeam
www.scip.ch
Windows attacks with Network Provider
Attacks against LSA can be made harder with Credential Guard and LSA Protection. Security Support Providers get access to credentials via LSA. Network Providers also get credentials access on logins and password changes.
#Red_Team
+ Burp2Malleable - Python utility to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
https://github.com/CodeXTF2/Burp2Malleable
+ A tool for extracting, modifying, and crafting ASDM binary packages (CVE-2022-20829)
https://github.com/jbaines-r7/theway
@BlueRedTeam
+ Burp2Malleable - Python utility to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
https://github.com/CodeXTF2/Burp2Malleable
+ A tool for extracting, modifying, and crafting ASDM binary packages (CVE-2022-20829)
https://github.com/jbaines-r7/theway
@BlueRedTeam
GitHub
GitHub - CodeXTF2/Burp2Malleable: Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable…
Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles - CodeXTF2/Burp2Malleable
#Red_Team
+ Toolkit for abusing Kerberos PKU2U/NegoEx
https://github.com/morRubin/NegoExRelay
+ EDR bypass through Kernel callbacks removal
https://github.com/wavestone-cdt/EDRSandblast/tree/DefCon30Release
@BlueRedTeam
+ Toolkit for abusing Kerberos PKU2U/NegoEx
https://github.com/morRubin/NegoExRelay
+ EDR bypass through Kernel callbacks removal
https://github.com/wavestone-cdt/EDRSandblast/tree/DefCon30Release
@BlueRedTeam
GitHub
GitHub - morRubin/NegoExRelay
Contribute to morRubin/NegoExRelay development by creating an account on GitHub.
#Red_Team
Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
@BlueRedTeam
Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
@BlueRedTeam
GitHub
GitHub - khast3x/Redcloud: Automated Red Team Infrastructure deployement using Docker
Automated Red Team Infrastructure deployement using Docker - khast3x/Redcloud
#Red_Team
Using the HIB segment to bypass KASLR on x86-based macOS
https://blog.ret2.io/2022/08/17/macos-dblmap-kernel-exploitation
@BlueRedTeam
Using the HIB segment to bypass KASLR on x86-based macOS
https://blog.ret2.io/2022/08/17/macos-dblmap-kernel-exploitation
@BlueRedTeam
RET2 Systems Blog
The LDT, a Perfect Home for All Your Kernel Payloads
With the broad adoption of Kernel Address Space Layout Randomization (KASLR) by modern systems, obtaining an information leak is a necessary component of mos...
#Blue_Team
+ Sauron - YARA based malware scanner with realtime filesystem monitoring
https://github.com/evilsocket/sauron
+ BARK Detections: These KQL queries are designed to find use of the abuses in the BloodHound BARK toolkit in Azure AD
https://github.com/reprise99/Sentinel-Queries/tree/main/Azure%20AD%20Abuse%20Detection
@BlueRedTeam
+ Sauron - YARA based malware scanner with realtime filesystem monitoring
https://github.com/evilsocket/sauron
+ BARK Detections: These KQL queries are designed to find use of the abuses in the BloodHound BARK toolkit in Azure AD
https://github.com/reprise99/Sentinel-Queries/tree/main/Azure%20AD%20Abuse%20Detection
@BlueRedTeam
GitHub
GitHub - evilsocket/sauron: A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using…
A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules. - evilsocket/sauron
#Blue_Team
+ Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
https://github.com/fullstorydev/grpcurl
+ Open Anti-Rootkit
https://github.com/BlackINT3/OpenArk
@BlueRedTeam
+ Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
https://github.com/fullstorydev/grpcurl
+ Open Anti-Rootkit
https://github.com/BlackINT3/OpenArk
@BlueRedTeam
GitHub
GitHub - fullstorydev/grpcurl: Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers - fullstorydev/grpcurl
#Blue_Team
+ How to Detect OAuth Access Token Theft in Azure
https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html
+ Rapidly Search and Hunt through Windows Event Logs
https://github.com/WithSecureLabs/chainsaw
+ Design an identity security strategy
https://www.cloudpartner.fi/?p=8328
@BlueRedTeam
+ How to Detect OAuth Access Token Theft in Azure
https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html
+ Rapidly Search and Hunt through Windows Event Logs
https://github.com/WithSecureLabs/chainsaw
+ Design an identity security strategy
https://www.cloudpartner.fi/?p=8328
@BlueRedTeam
Inversecos
How to Detect OAuth Access Token Theft in Azure
#Red_Team
Windows Privilege Escalation
Part 1 - Unquoted service paths
https://medium.com/@tinopreter/windows-privilege-escalation-1-unquoted-service-paths-975e3ea6f1e9
Part 2 - Hijacking DLLs
https://medium.com/@tinopreter/windows-privilege-escalation-2-hijacking-dlls-28505b68a978
@BlueRedTeam
Windows Privilege Escalation
Part 1 - Unquoted service paths
https://medium.com/@tinopreter/windows-privilege-escalation-1-unquoted-service-paths-975e3ea6f1e9
Part 2 - Hijacking DLLs
https://medium.com/@tinopreter/windows-privilege-escalation-2-hijacking-dlls-28505b68a978
@BlueRedTeam
Medium
Windows PrivEsc (1) — Unquoted service paths
When starting a service, Windows require the path to the service binary. And if the full path to the binary has spaces in between the…
#Red_Team
+ EtwSessionHijacking - Poc on blocking Procmon from monitoring network events
https://github.com/ORCx41/EtwSessionHijacking
+ Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion
https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2
@BlueRedTeam
+ EtwSessionHijacking - Poc on blocking Procmon from monitoring network events
https://github.com/ORCx41/EtwSessionHijacking
+ Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion
https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2
@BlueRedTeam
GitHub
GitHub - NUL0x4C/EtwSessionHijacking: A Poc on blocking Procmon from monitoring network events
A Poc on blocking Procmon from monitoring network events - NUL0x4C/EtwSessionHijacking
🏃♂️ آموزش های رایگان امنیت شبکه و تست نفوذ
✅ مقالات حوزه امنیت شبکه و تست نفوذ
🔴 پکیج های آموزشی
🔰 به همراه فیلم های آموزشی رایگان
https://news.1rj.ru/str/irsecurityworld
✅ مقالات حوزه امنیت شبکه و تست نفوذ
🔴 پکیج های آموزشی
🔰 به همراه فیلم های آموزشی رایگان
https://news.1rj.ru/str/irsecurityworld
#Red_Team #Blue_Team
MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques
Part 1
Part 2
Part 3
@BlueRedTeam
MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques
Part 1
Part 2
Part 3
@BlueRedTeam
👍2
#Red_Team
Spoofing Call Stacks To Confuse EDRs
https://labs.withsecure.com/blog/spoofing-call-stacks-to-confuse-edrs/
@BlueRedTeam
Spoofing Call Stacks To Confuse EDRs
https://labs.withsecure.com/blog/spoofing-call-stacks-to-confuse-edrs/
@BlueRedTeam
#Red_Team
Bypassing AppLocker by abusing HashInfo
https://shells.systems/post-bypassing-applocker-by-abusing-hashinfo
@BlueRedTeam
Bypassing AppLocker by abusing HashInfo
https://shells.systems/post-bypassing-applocker-by-abusing-hashinfo
@BlueRedTeam
Shells.Systems
Bypassing AppLocker by abusing HashInfo - Shells.Systems
Estimated Reading Time: 4 minutesThis article is based mostly on the work of Grzegorz Tworek (@0gtweet) I recently saw this tweet from Grzegorz Tworek (@0gtweet – who if you aren’t following you really should be!) come across my timeline I had seen previous…
#Red_Team
+ RCE on Spip and Root-Me
https://thinkloveshare.com/hacking/rce_on_spip_and_root_me
]-> v2: https://thinkloveshare.com/hacking/rce_on_spip_and_root_me_v2
+ Guide to DLL Sideloading
https://crypt0ace.github.io/posts/DLL-Sideloading
@BlueRedTeam
+ RCE on Spip and Root-Me
https://thinkloveshare.com/hacking/rce_on_spip_and_root_me
]-> v2: https://thinkloveshare.com/hacking/rce_on_spip_and_root_me_v2
+ Guide to DLL Sideloading
https://crypt0ace.github.io/posts/DLL-Sideloading
@BlueRedTeam
Thinkloveshare
RCE on Spip and Root-Me
Vulnerability research write-up on spip, the web framework used by root-me.org. The issues found goes from XSS to RCE, passing by SQLi!
#Blue_Team
Process Behaviour Anomaly Detection Using EBPF and Unsupervised-Learning Autoencoders
https://www.evilsocket.net/2022/08/15/Process-behaviour-anomaly-detection-using-eBPF-and-unsupervised-learning-Autoencoders
@BlueRedTeam
Process Behaviour Anomaly Detection Using EBPF and Unsupervised-Learning Autoencoders
https://www.evilsocket.net/2022/08/15/Process-behaviour-anomaly-detection-using-eBPF-and-unsupervised-learning-Autoencoders
@BlueRedTeam
evilsocket
Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders
👍2
#Blue_Team
PersistenceSniper
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines
https://github.com/last-byte/PersistenceSniper/
@BlueRedTeam
PersistenceSniper
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines
https://github.com/last-byte/PersistenceSniper/
@BlueRedTeam
GitHub
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...
👍3
Network Penetration Testing:
The people who work in this branch have a good knowledge of infrastructure and network services and the skills and tools of penetration testing, or rather, the skills and tools of hacking to find the weaknesses and vulnerabilities of different equipment and systems. and different network services use, these people must use the latest tools and methods to be able to pass through network security mechanisms to find various network weaknesses.
You can learn these contents in our channel and have access to various resources.
@NetPentesters
Persian Channel : @NetPentester
The people who work in this branch have a good knowledge of infrastructure and network services and the skills and tools of penetration testing, or rather, the skills and tools of hacking to find the weaknesses and vulnerabilities of different equipment and systems. and different network services use, these people must use the latest tools and methods to be able to pass through network security mechanisms to find various network weaknesses.
You can learn these contents in our channel and have access to various resources.
@NetPentesters
Persian Channel : @NetPentester
👎1🥰1