#Red_Team

For penetration testing / Red Team / CTF / Cybersecurity / Certifications

https://github.com/CyberSecurity2045/Pentest

@BlueRedTeam

#Cobalt_Strike
A position-independent reflective loader for Cobalt Strike

https://github.com/kyleavery/AceLdr

@BlueRedTeam

#Blue_Team

Blueteam operational triage registry hunting/forensic tool.

https://github.com/theflakes/reg_hunter

@BlueRedTeam

#Red_Team

+ UAC Bypass by abusing RPC and debug objects
https://github.com/Kudaes/Elevator
+ Automated Red Team Infrastructure deployement using Docker
https://github.com/khast3x/Redcloud
+ Nmap's XML result parse and NVD's CPE correlation to search CVE
https://github.com/CoolerVoid/Vision2

@BlueRedTeam

#Red_Team

+ Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code
https://github.com/evilsocket/jscythe
+ BlazingFast DoS method (updated 2022):
Newest version of a BlazingFast bypass
https://github.com/0x44F/blazingfast-dos-updated

@BlueRedTeam

#Red_Team

Bypassing Intel CET with Counterfeit Objects
https://www.offensive-security.com/offsec/bypassing-intel-cet-with-counterfeit-objects


https://gitlab.com/offensive-security/blog/COOP

@BlueRedTeam

#Red_Team

+ Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key
https://github.com/hackerhouse-opensource/MsSettingsDelegateExecute
+ UAC bypass for x64 Windows 7-11
https://github.com/zha0gongz1/iscsicpl_bypassUAC

@BlueRedTeam

#Red_Team
+ Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass (Win7+)
https://github.com/hackerhouse-opensource/ColorDataProxyUACBypass
+ evilginx2 + gophish
https://github.com/fin3ss3g0d/evilgophish

@BlueRedTeam

#Blue_Team

Windows Security Updates for Hackers
https://blog.bitsadmin.com/blog/windows-security-updates-for-hackers
]-> Windows Exploit Suggester - Next Generation (WES-NG) - A python noscript to analyze systeminfo utility output (WinXP-11):
https://github.com/bitsadmin/wesng

@BlueRedTeam

#Blue_Team

​​PersistenceSniper

Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The noscript is also available on Powershell Gallery.

https://github.com/last-byte/PersistenceSniper

@BlueRedTeam

#Red_Team

​​Certipy

Certipy is an offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS).

If you're not familiar with AD CS and the various domain escalation techniques, I highly recommend reading Certified Pre-Owned by Will Schroeder and Lee Christensen.

https://github.com/ly4k/Certipy

Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!: https://research.ifcr.dk/7237d88061f7

@BlueRedTeam

#Red_Team
​​ADenum

ADEnum.py is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.

LDAP:

▫️ Enum Domain Admin users
▫️ Enum Domain Controllers
▫️ Enum Domain users with Password Not Expire
▫️ Enum Domain users with old password
▫️ Enum Domain users with interesting denoscription
▫️ Enum Domain users with not the default encryption
▫️ Enum Domain users with Protecting Privileged Domain Accounts

Kerberos:

▫️ AS-REP Roastable
▫️ Kerberoastable
▫️ Password cracking with john (krb5tgs and krb5asrep)

https://github.com/SecuProject/ADenum

@BlueRedTeam

#Red_Team
BloodHound

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.

Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify.

Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.

https://github.com/BloodHoundAD/BloodHound

Introducing BloodHound 4.2 — The Azure Refactor:
https://posts.specterops.io/1cff734938bd

Active Directory Enumeration: BloodHound:
https://www.hackingarticles.in/active-directory-enumeration-bloodhound/

@BlueRedTeam

#Cobalt_Strike
​​Awesome CobaltStrike

https://github.com/zer0yu/Awesome-CobaltStrike

@BlueRedTeam

#Cobalt_Strike
Cobalt Strike UDRL for memory scanner evasion.

Features

Easy to Use:
Import a single CNA noscript before generating shellcode.

Dynamic Memory Encryption:
Creates a new heap for any allocations from Beacon and encrypts entries before sleep.

Code Obfuscation and Encryption:
Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE).

Return Address Spoofing at Execution:
Certain WinAPI calls are executed with a spoofed return address (InternetConnectA, NtWaitForSingleObject, RtlAllocateHeap).

Sleep Without Sleep:
Delayed execution using WaitForSingleObjectEx.

RC4 Encryption:
All encryption performed with SystemFunction032.

https://github.com/kyleavery/AceLdr

@BlueRedTeam

#Red_Team

List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.

https://github.com/0xMrNiko/Awesome-Red-Teaming

https://github.com/J0hnbX/RedTeam-Resources

https://github.com/A0RX/Red-Blueteam-party

@BlueRedTeam

#Red_Team
👺 Red team: Pentest two organizations at the same time.

• I would like to remind you about the useful webinar "Red team: Pentest with two contractors at the same time". Where real examples of attacks are analyzed:

➖ Methods and tactics of physical penetration into the territory of the organization.
➖ Penetration into the company's perimeter from the outside, through IoT in the apartment of the organization's management.
➖ Gaining administrator access, including information security specialists through Active Directory, a client for MacOS (0-day)
➖ Hacking ACS and camera systems in a cafe.
➖ Installation of an eternal backdoor that could not be found even after reinstallation.
and much more...

@BlueRedTeam

#Red_Team

Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique)
https://nokline.github.io/bugbounty/2022/09/02/Glassdoor-Cache-Poisoning.html

HideProcessHook - DLL that hooks the NtQuerySystemInformation API and hides a process name
https://github.com/ryan-weil/HideProcessHook

@BlueRedTeam

#Red_Team

+ Practical Attacks Against NTLMV1
https://www.trustedsec.com/blog/practical-attacks-against-ntlmv1
+ Exploiting Laravel based applications with leaked APP_KEYs and Queues
https://mogwailabs.de/en/blog/2022/08/exploiting-laravel-based-applications-with-leaked-app_keys-and-queues

@BlueRedTeam

#Blue_Team
Elkeid - Cloud-Native Host-Based IDS to provide next-generation Threat Detection and Behavior Audition with modern architecture
https://github.com/bytedance/Elkeid
@BlueRedTeam

#Red_Team
+ Writing a simple rootkit for linux
https://0x00sec.org/t/writing-a-simple-rootkit-for-linux/29034
+ A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS
https://0xdf.gitlab.io/2022/09/17/htb-streamio.html

@BlueRedTeam