#Red_Team
+ CredUI - With Shellcode runner
https://ired.dev/discussion/comment/4/#Comment_4
+ XOR string encryption for NET based binaries
https://github.com/dr4k0nia/XorStringsNET
+ NoRunPI: Run Your Payload Without Running Your Payload
https://github.com/ORCx41/NoRunPI
+ Various Cobalt Strike BOFs
https://github.com/rvrsh3ll/BOF_Collection
@BlueRedTeam
+ CredUI - With Shellcode runner
https://ired.dev/discussion/comment/4/#Comment_4
+ XOR string encryption for NET based binaries
https://github.com/dr4k0nia/XorStringsNET
+ NoRunPI: Run Your Payload Without Running Your Payload
https://github.com/ORCx41/NoRunPI
+ Various Cobalt Strike BOFs
https://github.com/rvrsh3ll/BOF_Collection
@BlueRedTeam
Forwarded from F.P.W Library Sec [ CyberSecurity Book ]
#CVE-2022
DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field
https://github.com/HarleyDoo/CVE-2022-32548-RCE-POC
@BlueRedTeam
DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field
https://github.com/HarleyDoo/CVE-2022-32548-RCE-POC
@BlueRedTeam
👍1
#Red_Team
A Azure Exploitation Toolkit for Red Team & Pentesters
https://github.com/SikretaLabs/BlueMap
@BlueRedTeam
A Azure Exploitation Toolkit for Red Team & Pentesters
https://github.com/SikretaLabs/BlueMap
@BlueRedTeam
GitHub
GitHub - SikretaLabs/BlueMap: A Azure Exploitation Toolkit for Red Team & Pentesters
A Azure Exploitation Toolkit for Red Team & Pentesters - SikretaLabs/BlueMap
👍1
#CVE-2022
The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' / CVE-2022-21661)
https://github.com/APTIRAN/CVE-2022-21661
@BlueRedTeam
The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' / CVE-2022-21661)
https://github.com/APTIRAN/CVE-2022-21661
@BlueRedTeam
🔥1
#Blue_Team
Detecting ADCS web services abuse
https://medium.com/falconforce/falconfriday-detecting-adcs-web-services-abuse-0xff20-9f660c83cb36
@BlueRedTeam
Detecting ADCS web services abuse
https://medium.com/falconforce/falconfriday-detecting-adcs-web-services-abuse-0xff20-9f660c83cb36
@BlueRedTeam
Medium
FalconFriday — Detecting ADCS web services abuse — 0xFF20
One of the popular attack vectors against ADCS is ESC8 — relaying NTLM creds to the ADCS HTTP(S) endpoints. While preventing this…
#CVE-2022
A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692
https://github.com/SpindleSec/cve-2022-31692
@BlueRedTeam
A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692
https://github.com/SpindleSec/cve-2022-31692
@BlueRedTeam
GitHub
GitHub - blipzip/cve-2022-31692: A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE…
A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692 - blipzip/cve-2022-31692
#CVE-2022
Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability)
https://github.com/cryxnet/CVE-2022-42889-RCE
@BlueRedTeam
Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability)
https://github.com/cryxnet/CVE-2022-42889-RCE
@BlueRedTeam
GitHub
GitHub - cryxnet/CVE-2022-42889-RCE: Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability)
Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability) - GitHub - cryxnet/CVE-2022-42889-RCE: Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability)
#CVE-2022
CVE-2022-0824, CVE-2022-0829, File Manger privilege exploit
https://github.com/gokul-ramesh/WebminRCE-exploit
@BlueRedTeam
CVE-2022-0824, CVE-2022-0829, File Manger privilege exploit
https://github.com/gokul-ramesh/WebminRCE-exploit
@BlueRedTeam
GitHub
GitHub - gokul-ramesh/WebminRCE-exploit: CVE-2022-0824, CVE-2022-0829, File Manger privilege exploit
CVE-2022-0824, CVE-2022-0829, File Manger privilege exploit - gokul-ramesh/WebminRCE-exploit
#CVE-2022
Detects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6
https://github.com/corelight/CVE-2022-3602
@BlueRedTeam
Detects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6
https://github.com/corelight/CVE-2022-3602
@BlueRedTeam
GitHub
GitHub - corelight/CVE-2022-3602: Detects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL…
Detects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6 - GitHub - corelight/CVE-2022-3602: Detects attempts at exploitation of ...
#Red_Team
For Portable PE to download in Red Team Operation
https://github.com/cymonl33t1333/PE
@BlueRedTeam
For Portable PE to download in Red Team Operation
https://github.com/cymonl33t1333/PE
@BlueRedTeam
👍1
#webshell
super tiny remote webshell with some helpers. Not trying to hide anything, just a simple shell
https://github.com/lojikil/tinyshell
@BlueRedTeam
super tiny remote webshell with some helpers. Not trying to hide anything, just a simple shell
https://github.com/lojikil/tinyshell
@BlueRedTeam
GitHub
GitHub - lojikil/tinyshell: super tiny remote webshell with some helpers. Not trying to hide anything, just a simple shell
super tiny remote webshell with some helpers. Not trying to hide anything, just a simple shell - GitHub - lojikil/tinyshell: super tiny remote webshell with some helpers. Not trying to hide anythin...
#Red_Team
A Azure Exploitation Toolkit for Red Team & Pentesters
https://github.com/tota1099/django-soccer
@BlueRedTeam
A Azure Exploitation Toolkit for Red Team & Pentesters
https://github.com/tota1099/django-soccer
@BlueRedTeam
GitHub
GitHub - tota1099/django-soccer: The idea was to learn about the Django framework, building a simple application focused on managing…
The idea was to learn about the Django framework, building a simple application focused on managing a football team. With the application, one can add players, positions, games, scores, yellow and...
👍2