#Red_Team
+ Writing a simple rootkit for linux
https://0x00sec.org/t/writing-a-simple-rootkit-for-linux/29034
+ A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS
https://0xdf.gitlab.io/2022/09/17/htb-streamio.html
@BlueRedTeam
+ Writing a simple rootkit for linux
https://0x00sec.org/t/writing-a-simple-rootkit-for-linux/29034
+ A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS
https://0xdf.gitlab.io/2022/09/17/htb-streamio.html
@BlueRedTeam
0x00sec - The Home of the Hacker
The Home of the Hacker - Malware, Reverse Engineering, and Computer Science.
👍2
#Red_Team
+ Anonymously bruteforce AD usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
https://github.com/lkarlslund/ldapnomnom
+ Relaying YubiKeys
https://cube0x0.github.io/Relaying-YubiKeys
+ Stealing Access Tokens From Office Desktop Applications
https://mrd0x.com/stealing-tokens-from-office-applications
@BlueRedTeam
+ Anonymously bruteforce AD usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
https://github.com/lkarlslund/ldapnomnom
+ Relaying YubiKeys
https://cube0x0.github.io/Relaying-YubiKeys
+ Stealing Access Tokens From Office Desktop Applications
https://mrd0x.com/stealing-tokens-from-office-applications
@BlueRedTeam
GitHub
GitHub - lkarlslund/ldapnomnom: Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers…
Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP) - lkarlslund/ldapnomnom
#Blue_Team
Practical Guidance For IT Admins To Respond After Ransomware Attacks
https://m365internals.com/2022/09/19/practical-guidance-for-it-admins-to-respond-to-ransomware-attacks
@BlueRedTeam
Practical Guidance For IT Admins To Respond After Ransomware Attacks
https://m365internals.com/2022/09/19/practical-guidance-for-it-admins-to-respond-to-ransomware-attacks
@BlueRedTeam
Microsoft 365 Security
Practical Guidance for IT Admins to respond after Ransomware attacks
Keep in mind that hiring an IR firm is recommended before executing all of these steps. Perform the steps that are applicable to you and your organization. It’s been a while that I’ve b…
👍1
#Red_Team
1. Kerberoast attack "pure python"
https://github.com/skelsec/kerberoast
2. A Guide to DNS Takeovers
https://blog.projectdiscovery.io/guide-to-dns-takeovers
3. Maquerade any legitimate Windows binary by changing some fields in the PEB structure
https://github.com/D1rkMtr/MasqueradingPEB
@BlueRedTeam
1. Kerberoast attack "pure python"
https://github.com/skelsec/kerberoast
2. A Guide to DNS Takeovers
https://blog.projectdiscovery.io/guide-to-dns-takeovers
3. Maquerade any legitimate Windows binary by changing some fields in the PEB structure
https://github.com/D1rkMtr/MasqueradingPEB
@BlueRedTeam
GitHub
GitHub - skelsec/kerberoast: Kerberoast attack -pure python-
Kerberoast attack -pure python-. Contribute to skelsec/kerberoast development by creating an account on GitHub.
👍2
#Red_Team
+ Bypassing FileBlockExecutable in Sysmon 14.0: A Lesson In Analyzing Assumptions
https://www.huntandhackett.com/blog/bypassing-sysmon
+ Windows 11 Shift F10 Bypass and Autopilot privilge escalation
https://k4m1ll0.com/ShiftF10Bypass-and-privesc.html
@BlueRedTeam
+ Bypassing FileBlockExecutable in Sysmon 14.0: A Lesson In Analyzing Assumptions
https://www.huntandhackett.com/blog/bypassing-sysmon
+ Windows 11 Shift F10 Bypass and Autopilot privilge escalation
https://k4m1ll0.com/ShiftF10Bypass-and-privesc.html
@BlueRedTeam
Huntandhackett
Bypassing FileBlockExecutable in Sysmon 14.0: A Lesson In Analyzing Assumptions
Understanding the operation and limitations of Sysmon's first preventive mechanism: the FileBlockExecutable event.
#Red_Team
+ A tool for generating multiple types of NTLMv2 hash theft files
https://github.com/Greenwolf/ntlm_theft
+ Find dead-links
https://github.com/hahwul/deadfinder
@BlueRedTeam
+ A tool for generating multiple types of NTLMv2 hash theft files
https://github.com/Greenwolf/ntlm_theft
+ Find dead-links
https://github.com/hahwul/deadfinder
@BlueRedTeam
GitHub
GitHub - Greenwolf/ntlm_theft: A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf) - Greenwolf/ntlm_theft
#Red_Team
+ Car Hacking - Manual Bypass of Modern Rolling Code Implementations
https://labs.jumpsec.com/car-hacking-manual-bypass-of-modern-rolling-code-implementations
+ How To Attack Admin Panels Successfully
https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
@BlueRedTeam
+ Car Hacking - Manual Bypass of Modern Rolling Code Implementations
https://labs.jumpsec.com/car-hacking-manual-bypass-of-modern-rolling-code-implementations
+ How To Attack Admin Panels Successfully
https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
@BlueRedTeam
JUMPSEC Labs
Car Hacking – Manual Bypass of Modern Rolling Code Implementations
Introduction
#Red_Team
+ Phishing With Chromium's Application Mode
https://mrd0x.com/phishing-with-chromium-application-mode
+ FUD-UUID-Shellcode
https://github.com/Bl4ckM1rror/FUD-UUID-Shellcode#compile
@BlueRedTeam
+ Phishing With Chromium's Application Mode
https://mrd0x.com/phishing-with-chromium-application-mode
+ FUD-UUID-Shellcode
https://github.com/Bl4ckM1rror/FUD-UUID-Shellcode#compile
@BlueRedTeam
Mrd0X
Security Research | mr.d0x
Providing security research and red team techniques
🔥1
#Red_Team
+ Spoofing Calendar Invites Using .ics Files
https://mrd0x.com/spoofing-calendar-invites-using-ics-files
+ Opera Browser VPN Bypass
https://medium.com/@renwa/opera-browser-vpn-bypass-20877aaf08c0
@BlueRedTeam
+ Spoofing Calendar Invites Using .ics Files
https://mrd0x.com/spoofing-calendar-invites-using-ics-files
+ Opera Browser VPN Bypass
https://medium.com/@renwa/opera-browser-vpn-bypass-20877aaf08c0
@BlueRedTeam
#Blue_Team
+ PowerShell noscript to collect a packet trace with option to convert .etl to .pcap
https://github.com/dwmetz/QuickPcap
+ Zeroday MS Exchange Server checker
(Virtual Patching checker)
https://github.com/VNCERT-CC/0dayex-checker
+ Exchange On-premises Mitigation Tool v2 (EOMTv2)
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2
@BlueRedTeam
+ PowerShell noscript to collect a packet trace with option to convert .etl to .pcap
https://github.com/dwmetz/QuickPcap
+ Zeroday MS Exchange Server checker
(Virtual Patching checker)
https://github.com/VNCERT-CC/0dayex-checker
+ Exchange On-premises Mitigation Tool v2 (EOMTv2)
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2
@BlueRedTeam
GitHub
GitHub - dwmetz/QuickPcap: A quick and easy PowerShell noscript to collect a packet trace with option to convert .etl to .pcap.
A quick and easy PowerShell noscript to collect a packet trace with option to convert .etl to .pcap. - dwmetz/QuickPcap
multi-command mimikatz functionality in a CS beacon
https://gist.github.com/tothi/2809d548f7407de781892c4f840fdee1
@BlueRedTeam
https://gist.github.com/tothi/2809d548f7407de781892c4f840fdee1
@BlueRedTeam
Gist
multi-command mimikatz functionality in a Cobalt Strike beacon
multi-command mimikatz functionality in a Cobalt Strike beacon - mmimikatz.cna
👍2
#Red_Team
+ Certifried combined with KrbRelayUp
https://gist.github.com/tothi/f89a37127f2233352d74eef6c748ca25
+ Using NTLMRawUnHide to Uncover NTLMv2 Hashes
https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
@BlueRedTeam
+ Certifried combined with KrbRelayUp
https://gist.github.com/tothi/f89a37127f2233352d74eef6c748ca25
+ Using NTLMRawUnHide to Uncover NTLMv2 Hashes
https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
@BlueRedTeam
Gist
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts - certifried_with_krbrelayup.md
#Blue_Team
1. LMD - Linux Malware Detection
https://github.com/rfxn/linux-malware-detect
2. Aftermath - free macOS IR framework
https://github.com/jamf/aftermath
@BlueRedTeam
1. LMD - Linux Malware Detection
https://github.com/rfxn/linux-malware-detect
2. Aftermath - free macOS IR framework
https://github.com/jamf/aftermath
@BlueRedTeam
GitHub
GitHub - rfxn/linux-malware-detect: Linux Malware Detection (LMD)
Linux Malware Detection (LMD). Contribute to rfxn/linux-malware-detect development by creating an account on GitHub.
#Blue_Team
Advanced Sysmon ATT&CK configuration
https://github.com/ion-storm/sysmon-config
@BlueRedTeam
Advanced Sysmon ATT&CK configuration
https://github.com/ion-storm/sysmon-config
@BlueRedTeam
GitHub
GitHub - ion-storm/sysmon-config: Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source…
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Ex...
#webshell
Yara rule for web threat (webshell, redirector)
https://github.com/farhanfaisal/yararule_web
@BlueRedTeam
Yara rule for web threat (webshell, redirector)
https://github.com/farhanfaisal/yararule_web
@BlueRedTeam
GitHub
GitHub - farhanfaisal/yararule_web: Yara rule for web threat (webshell, redirector)
Yara rule for web threat (webshell, redirector). Contribute to farhanfaisal/yararule_web development by creating an account on GitHub.
#Red_Team
Detects the feasibility of sending emails, which can be used to test target email accounts in red team operations. The feasibility sent by the detection mail can be used for the target mailbox account test in the Red Team battle.
https://github.com/808Mak1r/CEmail
@BlueRedTeam
Detects the feasibility of sending emails, which can be used to test target email accounts in red team operations. The feasibility sent by the detection mail can be used for the target mailbox account test in the Red Team battle.
https://github.com/808Mak1r/CEmail
@BlueRedTeam
GitHub
GitHub - 808Mak1r/CEmail: 检测邮件发送的可行性,可用来红队作战中对目标邮箱账户测试。The feasibility sent by the detection mail can be used for the target mailbox…
检测邮件发送的可行性,可用来红队作战中对目标邮箱账户测试。The feasibility sent by the detection mail can be used for the target mailbox account test in the Red Team battle. - 808Mak1r/CEmail
#Red_Team
Red Team Toolkit for CTF's and Learning for Windows Offense
https://github.com/JHKLing/Red-VS-Blue-Project
@BlueRedTeam
Red Team Toolkit for CTF's and Learning for Windows Offense
https://github.com/JHKLing/Red-VS-Blue-Project
@BlueRedTeam
GitHub
GitHub - JHKLing/Red-VS-Blue-Project: In this project, you will work on a Red Team vs. Blue Team scenario in which you will play…
In this project, you will work on a Red Team vs. Blue Team scenario in which you will play the role of both pentester and SOC analyst. As the Red Team, you will attack a vulnerable VM within your e...
👍2
#Red_Team
ShadowSpray - tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects
https://github.com/Dec0ne/ShadowSpray
@BlueRedTeam
ShadowSpray - tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects
https://github.com/Dec0ne/ShadowSpray
@BlueRedTeam
GitHub
GitHub - Dec0ne/ShadowSpray: A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten Gen…
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. - Dec0ne/ShadowSpray
👍1
#Red_Team
+ Living-Off-the-Blindspot - Operating into EDRs’ blindspot
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
+ On Bypassing eBPF Security Monitoring
https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
@BlueRedTeam
+ Living-Off-the-Blindspot - Operating into EDRs’ blindspot
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
+ On Bypassing eBPF Security Monitoring
https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
@BlueRedTeam
Naksyn’s blog
Living-Off-the-Blindspot - Operating into EDRs’ blindspot
Red Teaming and offensive stuff
#Red_Team
1. Pivoting Over TTLS-PAP WPA Enterprise Networks
https://tbhaxor.com/pivoting-over-ttls-pap-wifi-network
2. Active Directory data collector for BloodHound
https://github.com/OPENCYBER-FR/RustHound
@BlueRedTeam
1. Pivoting Over TTLS-PAP WPA Enterprise Networks
https://tbhaxor.com/pivoting-over-ttls-pap-wifi-network
2. Active Directory data collector for BloodHound
https://github.com/OPENCYBER-FR/RustHound
@BlueRedTeam
tbhaxor's Blog
Pivoting Over TTLS-PAP WPA Enterprise Networks
In this post, you will learn how to obtain wifi credentials for a TTLS-PAP enterprise network, connect to the network, and access LAN resources.
#Cobalt_Strike
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
https://github.com/CodeXTF2/ScreenshotBOF
@BlueRedTeam
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
https://github.com/CodeXTF2/ScreenshotBOF
@BlueRedTeam
GitHub
GitHub - CodeXTF2/ScreenshotBOF: An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a…
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory. - CodeXTF2/ScreenshotBOF