#Red_Team
Bypassing AppLocker by abusing HashInfo
https://shells.systems/post-bypassing-applocker-by-abusing-hashinfo
@BlueRedTeam
Bypassing AppLocker by abusing HashInfo
https://shells.systems/post-bypassing-applocker-by-abusing-hashinfo
@BlueRedTeam
Shells.Systems
Bypassing AppLocker by abusing HashInfo - Shells.Systems
Estimated Reading Time: 4 minutesThis article is based mostly on the work of Grzegorz Tworek (@0gtweet) I recently saw this tweet from Grzegorz Tworek (@0gtweet – who if you aren’t following you really should be!) come across my timeline I had seen previous…
#Red_Team
+ RCE on Spip and Root-Me
https://thinkloveshare.com/hacking/rce_on_spip_and_root_me
]-> v2: https://thinkloveshare.com/hacking/rce_on_spip_and_root_me_v2
+ Guide to DLL Sideloading
https://crypt0ace.github.io/posts/DLL-Sideloading
@BlueRedTeam
+ RCE on Spip and Root-Me
https://thinkloveshare.com/hacking/rce_on_spip_and_root_me
]-> v2: https://thinkloveshare.com/hacking/rce_on_spip_and_root_me_v2
+ Guide to DLL Sideloading
https://crypt0ace.github.io/posts/DLL-Sideloading
@BlueRedTeam
Thinkloveshare
RCE on Spip and Root-Me
Vulnerability research write-up on spip, the web framework used by root-me.org. The issues found goes from XSS to RCE, passing by SQLi!
#Blue_Team
Process Behaviour Anomaly Detection Using EBPF and Unsupervised-Learning Autoencoders
https://www.evilsocket.net/2022/08/15/Process-behaviour-anomaly-detection-using-eBPF-and-unsupervised-learning-Autoencoders
@BlueRedTeam
Process Behaviour Anomaly Detection Using EBPF and Unsupervised-Learning Autoencoders
https://www.evilsocket.net/2022/08/15/Process-behaviour-anomaly-detection-using-eBPF-and-unsupervised-learning-Autoencoders
@BlueRedTeam
evilsocket
Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders
👍2
#Blue_Team
PersistenceSniper
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines
https://github.com/last-byte/PersistenceSniper/
@BlueRedTeam
PersistenceSniper
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines
https://github.com/last-byte/PersistenceSniper/
@BlueRedTeam
GitHub
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...
👍3
Network Penetration Testing:
The people who work in this branch have a good knowledge of infrastructure and network services and the skills and tools of penetration testing, or rather, the skills and tools of hacking to find the weaknesses and vulnerabilities of different equipment and systems. and different network services use, these people must use the latest tools and methods to be able to pass through network security mechanisms to find various network weaknesses.
You can learn these contents in our channel and have access to various resources.
@NetPentesters
Persian Channel : @NetPentester
The people who work in this branch have a good knowledge of infrastructure and network services and the skills and tools of penetration testing, or rather, the skills and tools of hacking to find the weaknesses and vulnerabilities of different equipment and systems. and different network services use, these people must use the latest tools and methods to be able to pass through network security mechanisms to find various network weaknesses.
You can learn these contents in our channel and have access to various resources.
@NetPentesters
Persian Channel : @NetPentester
👎1🥰1
#Red_Team
For penetration testing / Red Team / CTF / Cybersecurity / Certifications
https://github.com/CyberSecurity2045/Pentest
@BlueRedTeam
For penetration testing / Red Team / CTF / Cybersecurity / Certifications
https://github.com/CyberSecurity2045/Pentest
@BlueRedTeam
👍5
#Cobalt_Strike
A position-independent reflective loader for Cobalt Strike
https://github.com/kyleavery/AceLdr
@BlueRedTeam
A position-independent reflective loader for Cobalt Strike
https://github.com/kyleavery/AceLdr
@BlueRedTeam
GitHub
GitHub - kyleavery/AceLdr: Cobalt Strike UDRL for memory scanner evasion.
Cobalt Strike UDRL for memory scanner evasion. Contribute to kyleavery/AceLdr development by creating an account on GitHub.
👍1
#Blue_Team
Blueteam operational triage registry hunting/forensic tool.
https://github.com/theflakes/reg_hunter
@BlueRedTeam
Blueteam operational triage registry hunting/forensic tool.
https://github.com/theflakes/reg_hunter
@BlueRedTeam
GitHub
GitHub - theflakes/reg_hunter: Blueteam operational triage registry hunting/forensic tool.
Blueteam operational triage registry hunting/forensic tool. - theflakes/reg_hunter
👏2❤1
#Red_Team
+ UAC Bypass by abusing RPC and debug objects
https://github.com/Kudaes/Elevator
+ Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
+ Nmap's XML result parse and NVD's CPE correlation to search CVE
https://github.com/CoolerVoid/Vision2
@BlueRedTeam
+ UAC Bypass by abusing RPC and debug objects
https://github.com/Kudaes/Elevator
+ Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
+ Nmap's XML result parse and NVD's CPE correlation to search CVE
https://github.com/CoolerVoid/Vision2
@BlueRedTeam
GitHub
GitHub - Kudaes/Elevator: UAC bypass by abusing RPC and debug objects.
UAC bypass by abusing RPC and debug objects. Contribute to Kudaes/Elevator development by creating an account on GitHub.
👍2
#Red_Team
+ Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code
https://github.com/evilsocket/jscythe
+ BlazingFast DoS method (updated 2022):
Newest version of a BlazingFast bypass
https://github.com/0x44F/blazingfast-dos-updated
@BlueRedTeam
+ Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code
https://github.com/evilsocket/jscythe
+ BlazingFast DoS method (updated 2022):
Newest version of a BlazingFast bypass
https://github.com/0x44F/blazingfast-dos-updated
@BlueRedTeam
GitHub
GitHub - evilsocket/jscythe: Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute…
Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code. - evilsocket/jscythe
#Red_Team
Bypassing Intel CET with Counterfeit Objects
https://www.offensive-security.com/offsec/bypassing-intel-cet-with-counterfeit-objects
https://gitlab.com/offensive-security/blog/COOP
@BlueRedTeam
Bypassing Intel CET with Counterfeit Objects
https://www.offensive-security.com/offsec/bypassing-intel-cet-with-counterfeit-objects
https://gitlab.com/offensive-security/blog/COOP
@BlueRedTeam
OffSec
Bypassing Intel CET with Counterfeit Objects
In this blog, we’ll briefly cover how CFI mitigations works, including CET, and how we can leverage COOP to effectively bypass Intel CET on the latest Windows releases.
👍1
#Red_Team
+ Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key
https://github.com/hackerhouse-opensource/MsSettingsDelegateExecute
+ UAC bypass for x64 Windows 7-11
https://github.com/zha0gongz1/iscsicpl_bypassUAC
@BlueRedTeam
+ Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key
https://github.com/hackerhouse-opensource/MsSettingsDelegateExecute
+ UAC bypass for x64 Windows 7-11
https://github.com/zha0gongz1/iscsicpl_bypassUAC
@BlueRedTeam
GitHub
GitHub - hackerhouse-opensource/MsSettingsDelegateExecute: Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry…
Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key. - hackerhouse-opensource/MsSettingsDelegateExecute
🔥2
#Red_Team
+ Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass (Win7+)
https://github.com/hackerhouse-opensource/ColorDataProxyUACBypass
+ evilginx2 + gophish
https://github.com/fin3ss3g0d/evilgophish
@BlueRedTeam
+ Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass (Win7+)
https://github.com/hackerhouse-opensource/ColorDataProxyUACBypass
+ evilginx2 + gophish
https://github.com/fin3ss3g0d/evilgophish
@BlueRedTeam
GitHub
GitHub - hackerhouse-opensource/ColorDataProxyUACBypass: Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing…
Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass. Win 7 & up. - hackerhouse-opensource/ColorDat...
#Blue_Team
Windows Security Updates for Hackers
https://blog.bitsadmin.com/blog/windows-security-updates-for-hackers
]-> Windows Exploit Suggester - Next Generation (WES-NG) - A python noscript to analyze systeminfo utility output (WinXP-11):
https://github.com/bitsadmin/wesng
@BlueRedTeam
Windows Security Updates for Hackers
https://blog.bitsadmin.com/blog/windows-security-updates-for-hackers
]-> Windows Exploit Suggester - Next Generation (WES-NG) - A python noscript to analyze systeminfo utility output (WinXP-11):
https://github.com/bitsadmin/wesng
@BlueRedTeam
BITSADMIN Blog
Windows Security Updates for Hackers
Windows versions, releases and patch levels are a rather complex matter. This post brings structure in how Windows versioning and patching works and how to identify which vulnerabilities a Windows installation is vulnerable to.
👍3🥰1
#Blue_Team
PersistenceSniper
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The noscript is also available on Powershell Gallery.
https://github.com/last-byte/PersistenceSniper
@BlueRedTeam
PersistenceSniper
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The noscript is also available on Powershell Gallery.
https://github.com/last-byte/PersistenceSniper
@BlueRedTeam
GitHub
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...
#Red_Team
Certipy
Certipy is an offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS).
If you're not familiar with AD CS and the various domain escalation techniques, I highly recommend reading Certified Pre-Owned by Will Schroeder and Lee Christensen.
https://github.com/ly4k/Certipy
Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!: https://research.ifcr.dk/7237d88061f7
@BlueRedTeam
Certipy
Certipy is an offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS).
If you're not familiar with AD CS and the various domain escalation techniques, I highly recommend reading Certified Pre-Owned by Will Schroeder and Lee Christensen.
https://github.com/ly4k/Certipy
Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!: https://research.ifcr.dk/7237d88061f7
@BlueRedTeam
GitHub
GitHub - ly4k/Certipy: Tool for Active Directory Certificate Services enumeration and abuse
Tool for Active Directory Certificate Services enumeration and abuse - ly4k/Certipy
#Red_Team
ADenum
ADEnum.py is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
LDAP:
▫️ Enum Domain Admin users
▫️ Enum Domain Controllers
▫️ Enum Domain users with Password Not Expire
▫️ Enum Domain users with old password
▫️ Enum Domain users with interesting denoscription
▫️ Enum Domain users with not the default encryption
▫️ Enum Domain users with Protecting Privileged Domain Accounts
Kerberos:
▫️ AS-REP Roastable
▫️ Kerberoastable
▫️ Password cracking with john (krb5tgs and krb5asrep)
https://github.com/SecuProject/ADenum
@BlueRedTeam
ADenum
ADEnum.py is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
LDAP:
▫️ Enum Domain Admin users
▫️ Enum Domain Controllers
▫️ Enum Domain users with Password Not Expire
▫️ Enum Domain users with old password
▫️ Enum Domain users with interesting denoscription
▫️ Enum Domain users with not the default encryption
▫️ Enum Domain users with Protecting Privileged Domain Accounts
Kerberos:
▫️ AS-REP Roastable
▫️ Kerberoastable
▫️ Password cracking with john (krb5tgs and krb5asrep)
https://github.com/SecuProject/ADenum
@BlueRedTeam
GitHub
GitHub - SecuProject/ADenum: AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and…
AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos. - SecuProject/ADenum
👍2
#Red_Team
BloodHound
BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.
Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify.
Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.
https://github.com/BloodHoundAD/BloodHound
Introducing BloodHound 4.2 — The Azure Refactor:
https://posts.specterops.io/1cff734938bd
Active Directory Enumeration: BloodHound:
https://www.hackingarticles.in/active-directory-enumeration-bloodhound/
@BlueRedTeam
BloodHound
BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.
Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify.
Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.
https://github.com/BloodHoundAD/BloodHound
Introducing BloodHound 4.2 — The Azure Refactor:
https://posts.specterops.io/1cff734938bd
Active Directory Enumeration: BloodHound:
https://www.hackingarticles.in/active-directory-enumeration-bloodhound/
@BlueRedTeam
YouTube
Active Directory Enumeration With BloodHound
In this video, I cover the process of automating and visualizing Active Directory Enumeration with BloodHound.
-----------------------------------------------------------------------------------
LINKS:
BloodHound GitHub Repo: https://github.com/BloodHoundAD/BloodHound…
-----------------------------------------------------------------------------------
LINKS:
BloodHound GitHub Repo: https://github.com/BloodHoundAD/BloodHound…
👍3
#Cobalt_Strike
Cobalt Strike UDRL for memory scanner evasion.
Features
Easy to Use:
Import a single CNA noscript before generating shellcode.
Dynamic Memory Encryption:
Creates a new heap for any allocations from Beacon and encrypts entries before sleep.
Code Obfuscation and Encryption:
Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE).
Return Address Spoofing at Execution:
Certain WinAPI calls are executed with a spoofed return address (InternetConnectA, NtWaitForSingleObject, RtlAllocateHeap).
Sleep Without Sleep:
Delayed execution using WaitForSingleObjectEx.
RC4 Encryption:
All encryption performed with SystemFunction032.
https://github.com/kyleavery/AceLdr
@BlueRedTeam
Cobalt Strike UDRL for memory scanner evasion.
Features
Easy to Use:
Import a single CNA noscript before generating shellcode.
Dynamic Memory Encryption:
Creates a new heap for any allocations from Beacon and encrypts entries before sleep.
Code Obfuscation and Encryption:
Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE).
Return Address Spoofing at Execution:
Certain WinAPI calls are executed with a spoofed return address (InternetConnectA, NtWaitForSingleObject, RtlAllocateHeap).
Sleep Without Sleep:
Delayed execution using WaitForSingleObjectEx.
RC4 Encryption:
All encryption performed with SystemFunction032.
https://github.com/kyleavery/AceLdr
@BlueRedTeam
GitHub
GitHub - kyleavery/AceLdr: Cobalt Strike UDRL for memory scanner evasion.
Cobalt Strike UDRL for memory scanner evasion. Contribute to kyleavery/AceLdr development by creating an account on GitHub.
#Red_Team
List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.
https://github.com/0xMrNiko/Awesome-Red-Teaming
https://github.com/J0hnbX/RedTeam-Resources
https://github.com/A0RX/Red-Blueteam-party
@BlueRedTeam
List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.
https://github.com/0xMrNiko/Awesome-Red-Teaming
https://github.com/J0hnbX/RedTeam-Resources
https://github.com/A0RX/Red-Blueteam-party
@BlueRedTeam
GitHub
GitHub - 0xMrNiko/Awesome-Red-Teaming: List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn…
List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. - 0xMrNiko/Awesome-Red-Teaming
🔥6❤1👍1