تجزیه و تحلیل برای CVE-2021-34535 -
آسیب پذیری RCE در Remote Desktop Client
https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control
#vulnerability
#RDP
#RCE
#Analysis
@NetPentester
آسیب پذیری RCE در Remote Desktop Client
https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control
#vulnerability
#RDP
#RCE
#Analysis
@NetPentester
کانفیگ بک دور برای دور زدن انتی ویروس
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads
#Bypass
#antivirus
#backdoor
@NetPentester
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads
#Bypass
#antivirus
#backdoor
@NetPentester
Airstrike - Automatically grab and crack WPA-2 handshakes with distributed client-server architecture
https://github.com/redcode-lab/AirStrike
#tools
#wpa
#airstrike
@NetPentester
https://github.com/redcode-lab/AirStrike
#tools
#wpa
#airstrike
@NetPentester
Cloud service provider security mistakes
https://github.com/SummitRoute/csp_security_mistakes
#Cloud
@NetPentester
https://github.com/SummitRoute/csp_security_mistakes
#Cloud
@NetPentester
GitHub
GitHub - SummitRoute/csp_security_mistakes: This repo has been replaced by https://www.cloudvulndb.org
This repo has been replaced by https://www.cloudvulndb.org - SummitRoute/csp_security_mistakes
MikroTik_vulns.pdf
555.4 KB
Most exploited vulnerabilities of MikroTik devices, 2021.
#Analytics
#Mikrotik
#vulnerability
@NetPentester
#Analytics
#Mikrotik
#vulnerability
@NetPentester
آسیبپذیریهای مایکروسافت و پیاده سازی GitHub OAuth منجر به حملات تغییر مسیر میشوند.
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
#Microsoft
#vulnerability
@NetPentester
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
#Microsoft
#vulnerability
@NetPentester
CVE-2021-42287
Weaponisation - Active Directory
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
#AD
#cve
@NetPentester
Weaponisation - Active Directory
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
#AD
#cve
@NetPentester
پیاده سازی پایتون برای CVE-2021-42278 (افزایش دسترسی اکتیو دایرکتوری)
https://github.com/ly4k/Pachine
#cve
#privilege
#AD
#python
@NetPentester
https://github.com/ly4k/Pachine
#cve
#privilege
#AD
#python
@NetPentester
Hypervisor compromises using Azure Run Command
https://www.mandiant.com/resources/azure-run-command-dummies
#Cloud
#Azure
@NetPentester
https://www.mandiant.com/resources/azure-run-command-dummies
#Cloud
#Azure
@NetPentester
Thirumalai_Khanna.pdf
3.6 MB
"Who Owns Your Hybrid Active Directory? Hunting for Adversary Techniques", 2021.
#cloud
#ad
@NetPentester
#cloud
#ad
@NetPentester
Active Directory Lateral Movement
https://research.splunk.com/stories/active_directory_lateral_movement
#Blue_Team
#AD
@NetPentester
https://research.splunk.com/stories/active_directory_lateral_movement
#Blue_Team
#AD
@NetPentester
Splunk Security Content
Analytics Story: Active Directory Lateral Movement
Date: 2021-12-09 ID: 399d65dc-1f08-499b-a259-aad9051f38ad Author: David Dorsey, Mauricio Velazco Splunk Product: Splunk Enterprise Security Denoscription Detect and investigate tactics, techniques, and procedures around how attackers move laterally within an…
نفوذ به شبکه های هسته 5G از خارج و داخل
https://penthertz.com/blog/Intruding-5G-core-networks-from-outside-and_inside.html
#5G
#Network
#Network_5G
@NetPentester
https://penthertz.com/blog/Intruding-5G-core-networks-from-outside-and_inside.html
#5G
#Network
#Network_5G
@NetPentester
ابزار Powershell برای خودکار کردن شمارش اکتیو دایرکتوری
https://github.com/61106960/adPEAS#simple-usage-with-generic-program-parameters
#PowerShell
#RedTeam
#AD
@NetPentester
https://github.com/61106960/adPEAS#simple-usage-with-generic-program-parameters
#PowerShell
#RedTeam
#AD
@NetPentester
GitHub
GitHub - 61106960/adPEAS: Powershell tool to automate Active Directory enumeration.
Powershell tool to automate Active Directory enumeration. - 61106960/adPEAS
هانی پات شبکه داخلی برای تشخیص اینکه آیا یک تهدید مهاجم/داخلی شبکه شما را برای log4j CVE-2021-44228 اسکن می کند.
https://github.com/BinaryDefense/log4j-honeypot-flask
#honeypot
#Log4j
@NetPentester
https://github.com/BinaryDefense/log4j-honeypot-flask
#honeypot
#Log4j
@NetPentester
نقشه ذهنی برای سرویس ها AWS
برای دریافت آسانتر گواهینامه های AWS
https://github.com/notcuder/aws-mindmap
#Mindmap
#Aws
@NetPentester
برای دریافت آسانتر گواهینامه های AWS
https://github.com/notcuder/aws-mindmap
#Mindmap
#Aws
@NetPentester
GitHub
GitHub - notcuder/aws-mindmap: The mindmaps for AWS services to get AWS Certificates easier.
The mindmaps for AWS services to get AWS Certificates easier. - notcuder/aws-mindmap
CrackMapExec (CME)
یک ابزار پس از بهره برداری است که به ارزیابی خودکار امنیت شبکه های بزرگ Active Directory کمک می کند.
https://github.com/byt3bl33d3r/CrackMapExec
#AD
#CME
@NetPentester
یک ابزار پس از بهره برداری است که به ارزیابی خودکار امنیت شبکه های بزرگ Active Directory کمک می کند.
https://github.com/byt3bl33d3r/CrackMapExec
#AD
#CME
@NetPentester
GitHub
GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
A swiss army knife for pentesting networks. Contribute to byt3bl33d3r/CrackMapExec development by creating an account on GitHub.
CVE-2021-45608 - NetUSB RCE Flaw in Millions of End User Routers
https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers
#router
#cve
@NetPentester
https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers
#router
#cve
@NetPentester
SentinelOne
CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers
SentinelLabs has discovered a high severity flaw in NetUSB which could be remotely exploited to execute code in the kernel.