#Red_Team
Sandman is a backdoor that meant to work on hardened networks during red team engagements.
Sandman works as a stager and leverages NTP (protocol to sync time & date) to download an arbitrary shellcode from a pre defined server.
Since NTP is a protocol that is overlooked by many defenders resulting wide network accessability.
https://github.com/Idov31/Sandman
@BlueRedTeam
Sandman is a backdoor that meant to work on hardened networks during red team engagements.
Sandman works as a stager and leverages NTP (protocol to sync time & date) to download an arbitrary shellcode from a pre defined server.
Since NTP is a protocol that is overlooked by many defenders resulting wide network accessability.
https://github.com/Idov31/Sandman
@BlueRedTeam
GitHub
GitHub - Idov31/Sandman: Sandman is a NTP based backdoor for hardened networks.
Sandman is a NTP based backdoor for hardened networks. - Idov31/Sandman
#Red_Team
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks
@BlueRedTeam
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks
@BlueRedTeam
GitHub
GitHub - 0xsyr0/Awesome-Cybersecurity-Handbooks: A huge chunk of my personal notes since I started playing CTFs and working as…
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer. - 0xsyr0/Awesome-Cybersecurity-Handbooks
🔥7
#Cobalt_Strike
A Cobalt Strike Beacon Notifier Via Telegram Bot.
https://github.com/lynxbinz/CS-Beacon-Notifier
@BlueRedTeam
A Cobalt Strike Beacon Notifier Via Telegram Bot.
https://github.com/lynxbinz/CS-Beacon-Notifier
@BlueRedTeam
GitHub
GitHub - lynxbinz/CS-Beacon-Notifier: A Cobalt Strike Beacon Notifier Via Telegram Bot.
A Cobalt Strike Beacon Notifier Via Telegram Bot. Contribute to lynxbinz/CS-Beacon-Notifier development by creating an account on GitHub.
❤1👍1
#Cobalt_Strike
Cobalt Strike profile generator using Jenkins to automate the heavy lifting
https://github.com/RomanRII/jenkins-strike
@BlueRedTeam
Cobalt Strike profile generator using Jenkins to automate the heavy lifting
https://github.com/RomanRII/jenkins-strike
@BlueRedTeam
GitHub
GitHub - RomanRII/jenkins-strike: Cobalt Strike profile generator using Jenkins to automate the heavy lifting
Cobalt Strike profile generator using Jenkins to automate the heavy lifting - RomanRII/jenkins-strike
#Cobalt_Strike
Code and yara rules for detection and analysis of Cobalt Strike
https://github.com/we1h0/cobaltstrike-yara
@BlueRedTeam
Code and yara rules for detection and analysis of Cobalt Strike
https://github.com/we1h0/cobaltstrike-yara
@BlueRedTeam
GitHub
GitHub - we1h0/cobaltstrike-yara: 用于检测和分析 Cobalt Strike 的 代码和yara规则
用于检测和分析 Cobalt Strike 的 代码和yara规则. Contribute to we1h0/cobaltstrike-yara development by creating an account on GitHub.
👍1
#Cobalt_Strike
Use Alibaba Cloud oss object storage to forward http traffic to implement (cs) Cobalt Strike, msf online, etc. These use Alibaba Cloud's related domain names for communication.
https://github.com/pantom2077/alioss-stinger
@BlueRedTeam
Use Alibaba Cloud oss object storage to forward http traffic to implement (cs) Cobalt Strike, msf online, etc. These use Alibaba Cloud's related domain names for communication.
https://github.com/pantom2077/alioss-stinger
@BlueRedTeam
GitHub
GitHub - pant0m/alioss-stinger: 利用阿里云oss对象存储,来转发http流量实现(cs)Cobalt Strike、msf 上线等 这之间利用阿里云的相关域名进行通信。
利用阿里云oss对象存储,来转发http流量实现(cs)Cobalt Strike、msf 上线等 这之间利用阿里云的相关域名进行通信。 - pant0m/alioss-stinger
👍3
#Red_Team
Red Team Script for Cloud pentest with private Cloud built with OpenShift. Fast Extrated the config information in bootstrap.ign file
https://github.com/Esonhugh/OpenShift_IGN_ConfigFileExtractor
@BlueRedTeam
Red Team Script for Cloud pentest with private Cloud built with OpenShift. Fast Extrated the config information in bootstrap.ign file
https://github.com/Esonhugh/OpenShift_IGN_ConfigFileExtractor
@BlueRedTeam
GitHub
GitHub - Esonhugh/OpenShift_IGN_ConfigFileExtractor: Red Team Script for Cloud pentest with private Cloud built with OpenShift.…
Red Team Script for Cloud pentest with private Cloud built with OpenShift. Fast Extrated the config information in bootstrap.ign file - Esonhugh/OpenShift_IGN_ConfigFileExtractor
redteam_with_onenote (1).pdf
576.3 KB
#Red_Team
RedTeam With OneNote Sections
1. Not affected by Protected View/ MOTW
2. Allows embedding Malicious Excel/Word/PPT files that will be played without protected view
3. Allows embedding HTA, LNK, EXE files and spoof extensions
4. Possible to format document in a way user are tricked into opening a malicious file or a link
@BlueRedTeam
RedTeam With OneNote Sections
1. Not affected by Protected View/ MOTW
2. Allows embedding Malicious Excel/Word/PPT files that will be played without protected view
3. Allows embedding HTA, LNK, EXE files and spoof extensions
4. Possible to format document in a way user are tricked into opening a malicious file or a link
@BlueRedTeam
🔥5👍1😁1
#webshell
A python based webshell discovery and decoder for static packet captures. Designed to be extended for easy identification and decoding of many webshell families.
https://github.com/fredflinch/mothra
Demonstrating the value of entropy as a detection mechanism for obfuscated webshells.
https://github.com/mttaggart/webshell-entropy
@BlueRedTeam
A python based webshell discovery and decoder for static packet captures. Designed to be extended for easy identification and decoding of many webshell families.
https://github.com/fredflinch/mothra
Demonstrating the value of entropy as a detection mechanism for obfuscated webshells.
https://github.com/mttaggart/webshell-entropy
@BlueRedTeam
GitHub
GitHub - fredflinch/mothra: A python based webshell discovery and decoder for static packet captures. Designed to be extended for…
A python based webshell discovery and decoder for static packet captures. Designed to be extended for easy identification and decoding of many webshell families. - fredflinch/mothra
👍1
#Red_Team
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
https://github.com/Aetsu/OffensivePipeline
@BlueRedTeam
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
https://github.com/Aetsu/OffensivePipeline
@BlueRedTeam
GitHub
GitHub - Aetsu/OffensivePipeline: OfensivePipeline allows you to download and build C# tools, applying certain modifications in…
OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises. - Aetsu/OffensivePipeline
👍3
#CVE-2023
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21556, CVE-2023-21679. CVE
https://github.com/Live-Hack-CVE/CVE-2023-21555
@BlueRedTeam
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21556, CVE-2023-21679. CVE
https://github.com/Live-Hack-CVE/CVE-2023-21555
@BlueRedTeam
#Cobalt_Strike
Convert Cobalt Strike profiles to modrewrite noscripts
https://github.com/threatexpress/cs2modrewrite
@BlueRedTeam
Convert Cobalt Strike profiles to modrewrite noscripts
https://github.com/threatexpress/cs2modrewrite
@BlueRedTeam
GitHub
GitHub - threatexpress/cs2modrewrite: Convert Cobalt Strike profiles to modrewrite noscripts
Convert Cobalt Strike profiles to modrewrite noscripts - threatexpress/cs2modrewrite
❤1
#Red_Team
Red Team Tutorial: Design and setup of C2 traffic redirectors
https://ditrizna.medium.com/design-and-setup-of-c2-traffic-redirectors-ec3c11bd227d
@BlueRedTeam
Red Team Tutorial: Design and setup of C2 traffic redirectors
https://ditrizna.medium.com/design-and-setup-of-c2-traffic-redirectors-ec3c11bd227d
@BlueRedTeam
Medium
Red Team Tutorial: Design and setup of C2 traffic redirectors
This article describes the Command & Control (C2) infrastructure design and provides a step-by-step setup of the C2 redirector.
👍1
#Red_Team
I've had so much fun learning rust. This is an excellent example of the power of rust, no EDR unhooking, patching of ETW, syscalls, or LITCRYPT and it calls home against EDRs. More to come soon .
https://twitter.com/Tyl0us/status/1627759675352424460
@BlueRedTeam
I've had so much fun learning rust. This is an excellent example of the power of rust, no EDR unhooking, patching of ETW, syscalls, or LITCRYPT and it calls home against EDRs. More to come soon .
https://twitter.com/Tyl0us/status/1627759675352424460
@BlueRedTeam
This media is not supported in your browser
VIEW IN TELEGRAM
#Red_Team
AMSI Patch to Defeat Windows Defender
In this week's red team tip. I take a look at the new AMSI patch from TheD1rkMtr. I use the patch to slip Invoke-Mimikatz by Windows Defender. Take a look!Amsi Patch to Bypass Windows Defender
AMSI Patch
https://github.com/TheD1rkMtr/AMSI_patch
@BlueRedTeam
AMSI Patch to Defeat Windows Defender
In this week's red team tip. I take a look at the new AMSI patch from TheD1rkMtr. I use the patch to slip Invoke-Mimikatz by Windows Defender. Take a look!Amsi Patch to Bypass Windows Defender
AMSI Patch
https://github.com/TheD1rkMtr/AMSI_patch
@BlueRedTeam
👍2