#Red_Team
Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
@BlueRedTeam
Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
@BlueRedTeam
GitHub
GitHub - khast3x/Redcloud: Automated Red Team Infrastructure deployement using Docker
Automated Red Team Infrastructure deployement using Docker - khast3x/Redcloud
#Red_Team
Using the HIB segment to bypass KASLR on x86-based macOS
https://blog.ret2.io/2022/08/17/macos-dblmap-kernel-exploitation
@BlueRedTeam
Using the HIB segment to bypass KASLR on x86-based macOS
https://blog.ret2.io/2022/08/17/macos-dblmap-kernel-exploitation
@BlueRedTeam
RET2 Systems Blog
The LDT, a Perfect Home for All Your Kernel Payloads
With the broad adoption of Kernel Address Space Layout Randomization (KASLR) by modern systems, obtaining an information leak is a necessary component of mos...
#Blue_Team
+ Sauron - YARA based malware scanner with realtime filesystem monitoring
https://github.com/evilsocket/sauron
+ BARK Detections: These KQL queries are designed to find use of the abuses in the BloodHound BARK toolkit in Azure AD
https://github.com/reprise99/Sentinel-Queries/tree/main/Azure%20AD%20Abuse%20Detection
@BlueRedTeam
+ Sauron - YARA based malware scanner with realtime filesystem monitoring
https://github.com/evilsocket/sauron
+ BARK Detections: These KQL queries are designed to find use of the abuses in the BloodHound BARK toolkit in Azure AD
https://github.com/reprise99/Sentinel-Queries/tree/main/Azure%20AD%20Abuse%20Detection
@BlueRedTeam
GitHub
GitHub - evilsocket/sauron: A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using…
A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules. - evilsocket/sauron
#Blue_Team
+ Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
https://github.com/fullstorydev/grpcurl
+ Open Anti-Rootkit
https://github.com/BlackINT3/OpenArk
@BlueRedTeam
+ Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
https://github.com/fullstorydev/grpcurl
+ Open Anti-Rootkit
https://github.com/BlackINT3/OpenArk
@BlueRedTeam
GitHub
GitHub - fullstorydev/grpcurl: Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers - fullstorydev/grpcurl
#Blue_Team
+ How to Detect OAuth Access Token Theft in Azure
https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html
+ Rapidly Search and Hunt through Windows Event Logs
https://github.com/WithSecureLabs/chainsaw
+ Design an identity security strategy
https://www.cloudpartner.fi/?p=8328
@BlueRedTeam
+ How to Detect OAuth Access Token Theft in Azure
https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html
+ Rapidly Search and Hunt through Windows Event Logs
https://github.com/WithSecureLabs/chainsaw
+ Design an identity security strategy
https://www.cloudpartner.fi/?p=8328
@BlueRedTeam
Inversecos
How to Detect OAuth Access Token Theft in Azure
#Red_Team
Windows Privilege Escalation
Part 1 - Unquoted service paths
https://medium.com/@tinopreter/windows-privilege-escalation-1-unquoted-service-paths-975e3ea6f1e9
Part 2 - Hijacking DLLs
https://medium.com/@tinopreter/windows-privilege-escalation-2-hijacking-dlls-28505b68a978
@BlueRedTeam
Windows Privilege Escalation
Part 1 - Unquoted service paths
https://medium.com/@tinopreter/windows-privilege-escalation-1-unquoted-service-paths-975e3ea6f1e9
Part 2 - Hijacking DLLs
https://medium.com/@tinopreter/windows-privilege-escalation-2-hijacking-dlls-28505b68a978
@BlueRedTeam
Medium
Windows PrivEsc (1) — Unquoted service paths
When starting a service, Windows require the path to the service binary. And if the full path to the binary has spaces in between the…
#Red_Team
+ EtwSessionHijacking - Poc on blocking Procmon from monitoring network events
https://github.com/ORCx41/EtwSessionHijacking
+ Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion
https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2
@BlueRedTeam
+ EtwSessionHijacking - Poc on blocking Procmon from monitoring network events
https://github.com/ORCx41/EtwSessionHijacking
+ Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion
https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2
@BlueRedTeam
GitHub
GitHub - NUL0x4C/EtwSessionHijacking: A Poc on blocking Procmon from monitoring network events
A Poc on blocking Procmon from monitoring network events - NUL0x4C/EtwSessionHijacking
🏃♂️ آموزش های رایگان امنیت شبکه و تست نفوذ
✅ مقالات حوزه امنیت شبکه و تست نفوذ
🔴 پکیج های آموزشی
🔰 به همراه فیلم های آموزشی رایگان
https://news.1rj.ru/str/irsecurityworld
✅ مقالات حوزه امنیت شبکه و تست نفوذ
🔴 پکیج های آموزشی
🔰 به همراه فیلم های آموزشی رایگان
https://news.1rj.ru/str/irsecurityworld
#Red_Team #Blue_Team
MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques
Part 1
Part 2
Part 3
@BlueRedTeam
MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques
Part 1
Part 2
Part 3
@BlueRedTeam
👍2
#Red_Team
Spoofing Call Stacks To Confuse EDRs
https://labs.withsecure.com/blog/spoofing-call-stacks-to-confuse-edrs/
@BlueRedTeam
Spoofing Call Stacks To Confuse EDRs
https://labs.withsecure.com/blog/spoofing-call-stacks-to-confuse-edrs/
@BlueRedTeam
#Red_Team
Bypassing AppLocker by abusing HashInfo
https://shells.systems/post-bypassing-applocker-by-abusing-hashinfo
@BlueRedTeam
Bypassing AppLocker by abusing HashInfo
https://shells.systems/post-bypassing-applocker-by-abusing-hashinfo
@BlueRedTeam
Shells.Systems
Bypassing AppLocker by abusing HashInfo - Shells.Systems
Estimated Reading Time: 4 minutesThis article is based mostly on the work of Grzegorz Tworek (@0gtweet) I recently saw this tweet from Grzegorz Tworek (@0gtweet – who if you aren’t following you really should be!) come across my timeline I had seen previous…
#Red_Team
+ RCE on Spip and Root-Me
https://thinkloveshare.com/hacking/rce_on_spip_and_root_me
]-> v2: https://thinkloveshare.com/hacking/rce_on_spip_and_root_me_v2
+ Guide to DLL Sideloading
https://crypt0ace.github.io/posts/DLL-Sideloading
@BlueRedTeam
+ RCE on Spip and Root-Me
https://thinkloveshare.com/hacking/rce_on_spip_and_root_me
]-> v2: https://thinkloveshare.com/hacking/rce_on_spip_and_root_me_v2
+ Guide to DLL Sideloading
https://crypt0ace.github.io/posts/DLL-Sideloading
@BlueRedTeam
Thinkloveshare
RCE on Spip and Root-Me
Vulnerability research write-up on spip, the web framework used by root-me.org. The issues found goes from XSS to RCE, passing by SQLi!
#Blue_Team
Process Behaviour Anomaly Detection Using EBPF and Unsupervised-Learning Autoencoders
https://www.evilsocket.net/2022/08/15/Process-behaviour-anomaly-detection-using-eBPF-and-unsupervised-learning-Autoencoders
@BlueRedTeam
Process Behaviour Anomaly Detection Using EBPF and Unsupervised-Learning Autoencoders
https://www.evilsocket.net/2022/08/15/Process-behaviour-anomaly-detection-using-eBPF-and-unsupervised-learning-Autoencoders
@BlueRedTeam
evilsocket
Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders
👍2
#Blue_Team
PersistenceSniper
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines
https://github.com/last-byte/PersistenceSniper/
@BlueRedTeam
PersistenceSniper
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines
https://github.com/last-byte/PersistenceSniper/
@BlueRedTeam
GitHub
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...
👍3
Network Penetration Testing:
The people who work in this branch have a good knowledge of infrastructure and network services and the skills and tools of penetration testing, or rather, the skills and tools of hacking to find the weaknesses and vulnerabilities of different equipment and systems. and different network services use, these people must use the latest tools and methods to be able to pass through network security mechanisms to find various network weaknesses.
You can learn these contents in our channel and have access to various resources.
@NetPentesters
Persian Channel : @NetPentester
The people who work in this branch have a good knowledge of infrastructure and network services and the skills and tools of penetration testing, or rather, the skills and tools of hacking to find the weaknesses and vulnerabilities of different equipment and systems. and different network services use, these people must use the latest tools and methods to be able to pass through network security mechanisms to find various network weaknesses.
You can learn these contents in our channel and have access to various resources.
@NetPentesters
Persian Channel : @NetPentester
👎1🥰1
#Red_Team
For penetration testing / Red Team / CTF / Cybersecurity / Certifications
https://github.com/CyberSecurity2045/Pentest
@BlueRedTeam
For penetration testing / Red Team / CTF / Cybersecurity / Certifications
https://github.com/CyberSecurity2045/Pentest
@BlueRedTeam
👍5
#Cobalt_Strike
A position-independent reflective loader for Cobalt Strike
https://github.com/kyleavery/AceLdr
@BlueRedTeam
A position-independent reflective loader for Cobalt Strike
https://github.com/kyleavery/AceLdr
@BlueRedTeam
GitHub
GitHub - kyleavery/AceLdr: Cobalt Strike UDRL for memory scanner evasion.
Cobalt Strike UDRL for memory scanner evasion. Contribute to kyleavery/AceLdr development by creating an account on GitHub.
👍1
#Blue_Team
Blueteam operational triage registry hunting/forensic tool.
https://github.com/theflakes/reg_hunter
@BlueRedTeam
Blueteam operational triage registry hunting/forensic tool.
https://github.com/theflakes/reg_hunter
@BlueRedTeam
GitHub
GitHub - theflakes/reg_hunter: Blueteam operational triage registry hunting/forensic tool.
Blueteam operational triage registry hunting/forensic tool. - theflakes/reg_hunter
👏2❤1
#Red_Team
+ UAC Bypass by abusing RPC and debug objects
https://github.com/Kudaes/Elevator
+ Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
+ Nmap's XML result parse and NVD's CPE correlation to search CVE
https://github.com/CoolerVoid/Vision2
@BlueRedTeam
+ UAC Bypass by abusing RPC and debug objects
https://github.com/Kudaes/Elevator
+ Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
+ Nmap's XML result parse and NVD's CPE correlation to search CVE
https://github.com/CoolerVoid/Vision2
@BlueRedTeam
GitHub
GitHub - Kudaes/Elevator: UAC bypass by abusing RPC and debug objects.
UAC bypass by abusing RPC and debug objects. Contribute to Kudaes/Elevator development by creating an account on GitHub.
👍2
#Red_Team
+ Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code
https://github.com/evilsocket/jscythe
+ BlazingFast DoS method (updated 2022):
Newest version of a BlazingFast bypass
https://github.com/0x44F/blazingfast-dos-updated
@BlueRedTeam
+ Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code
https://github.com/evilsocket/jscythe
+ BlazingFast DoS method (updated 2022):
Newest version of a BlazingFast bypass
https://github.com/0x44F/blazingfast-dos-updated
@BlueRedTeam
GitHub
GitHub - evilsocket/jscythe: Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute…
Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code. - evilsocket/jscythe