[ hoaxshell ]
hoaxshell is an unconventional Windows reverse shell, currently undetected
by Microsoft Defender and other AV solutions as it is solely based on http(s) traffic.
Thanks to: Ruslan
https://github.com/t3l3machus/hoaxshell
@NetPentesters
hoaxshell is an unconventional Windows reverse shell, currently undetected
by Microsoft Defender and other AV solutions as it is solely based on http(s) traffic.
Thanks to: Ruslan
https://github.com/t3l3machus/hoaxshell
@NetPentesters
GitHub
GitHub - t3l3machus/hoaxshell: A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish…
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell. - t3l3machus/hoaxshell
#lpe #linux #cve
LPE exploit for CVE-2022-34918.
This exploit has been written for the kernel Linux ubuntu 5.15.0-39-generic
article: https://randorisec.fr/crack-linux-firewall/
https://github.com/randorisec/CVE-2022-34918-LPE-PoC
@NetPentesters
LPE exploit for CVE-2022-34918.
This exploit has been written for the kernel Linux ubuntu 5.15.0-39-generic
article: https://randorisec.fr/crack-linux-firewall/
https://github.com/randorisec/CVE-2022-34918-LPE-PoC
@NetPentesters
#ldap #gc #impacket
If ldap/ldaps ports are blocked by firewall but gc port (3268) is accessible. In my case, kerberoasting with impacket can't be achieved. Simply switch ldap:// protocol to gc:// in impacket and win!
@NetPentesters
If ldap/ldaps ports are blocked by firewall but gc port (3268) is accessible. In my case, kerberoasting with impacket can't be achieved. Simply switch ldap:// protocol to gc:// in impacket and win!
@NetPentesters
#av #evasion
A PoC implementation for an evasion technique to terminate the current
thread and restore it before resuming execution, while implementing page
protection changes during no execution.
https://github.com/janoglezcampos/DeathSleep
@NetPentesters
A PoC implementation for an evasion technique to terminate the current
thread and restore it before resuming execution, while implementing page
protection changes during no execution.
https://github.com/janoglezcampos/DeathSleep
@NetPentesters
GitHub
GitHub - janoglezcampos/DeathSleep: A PoC implementation for an evasion technique to terminate the current thread and restore it…
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. - janoglezcam...
#windows #impersonate #lpe
[ DiagTrackEoP ]
Just another way to abuse SeImpersonate privilege
https://github.com/Wh04m1001/DiagTrackEoP
@NetPentesters
[ DiagTrackEoP ]
Just another way to abuse SeImpersonate privilege
https://github.com/Wh04m1001/DiagTrackEoP
@NetPentesters
GitHub
GitHub - Wh04m1001/DiagTrackEoP
Contribute to Wh04m1001/DiagTrackEoP development by creating an account on GitHub.
[ Running Exploit As Protected Process Light From Userland ]
Run any code as the highest level of protection, meaning that the exploit will have full access over any other Protected Process Light and anti-malware services won’t be able to monitor it(Since they run with the lower protection of AntiMalware)
https://tastypepperoni.medium.com/running-exploit-as-protected-process-ligh-from-userland-f4c7dfe63387
+POC: https://github.com/tastypepperoni/RunAsWinTcb
#exploit
@NetPentesters
Run any code as the highest level of protection, meaning that the exploit will have full access over any other Protected Process Light and anti-malware services won’t be able to monitor it(Since they run with the lower protection of AntiMalware)
https://tastypepperoni.medium.com/running-exploit-as-protected-process-ligh-from-userland-f4c7dfe63387
+POC: https://github.com/tastypepperoni/RunAsWinTcb
#exploit
@NetPentesters
Medium
Running Exploit As Protected Process Light From Userland
Overview
#pid #lsass
Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service (LSASS)
https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/
@NetPentesters
Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service (LSASS)
https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/
@NetPentesters
MDSec
Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service (LSASS) - MDSec
Introduction Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes....
#sandbox #detect
Such a tiny code snippet that can help you bypass some automatic sandbox detections
@NetPentesters
Such a tiny code snippet that can help you bypass some automatic sandbox detections
@NetPentesters
Deny internet access and sniff your local network by performing arp spoofing attacks.
https://github.com/avan-pra/arpmess
@NetPentesters
https://github.com/avan-pra/arpmess
@NetPentesters
GitHub
GitHub - avan-pra/arpmess: Perform arp spoofing attack in C
Perform arp spoofing attack in C. Contribute to avan-pra/arpmess development by creating an account on GitHub.
[ Know Your AD Vulnerability: CVE-2022-26923 ]
An article with a detailed analysis of the CVE-2022-26923 vulnerability
https://www.semperis.com/blog/ad-vulnerability-cve-2022-26923/
#CVE
#AD
@NetPentesters
An article with a detailed analysis of the CVE-2022-26923 vulnerability
https://www.semperis.com/blog/ad-vulnerability-cve-2022-26923/
#CVE
#AD
@NetPentesters
Semperis
Know Your AD Vulnerability: CVE-2022-26923
Understanding Active Directory vulnerabilities like CVE-2022-26923 is crucial to protecting your organization. Learn about AD vulnerabilities at Semperis.
A VMWare Workspace ONE Access Remote Code Execution Exploit
https://github.com/sourceincite/hekate
#vmware
#one
#cve
#poc
@NetPentesters
https://github.com/sourceincite/hekate
#vmware
#one
#cve
#poc
@NetPentesters
GitHub
GitHub - sourceincite/hekate
Contribute to sourceincite/hekate development by creating an account on GitHub.
[ Concealed code execution: Techniques and detection ]
https://www.huntandhackett.com/blog/concealed-code-execution-techniques-and-detection
@NetPentesters
https://www.huntandhackett.com/blog/concealed-code-execution-techniques-and-detection
@NetPentesters
Huntandhackett
Concealed code execution: Techniques and detection
After months of dedicated research we cover a wide range of concealed code execution techniques and investigate their mechanisms and how to detect them.
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections
and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
https://github.com/wavestone-cdt/EDRSandblast/tree/DefCon30Release
#edr
#bypass
@NetPentesters
and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
https://github.com/wavestone-cdt/EDRSandblast/tree/DefCon30Release
#edr
#bypass
@NetPentesters
GitHub
GitHub - wavestone-cdt/EDRSandblast at DefCon30Release
Contribute to wavestone-cdt/EDRSandblast development by creating an account on GitHub.
PrintNightmare exploit With the following features:
- Ability to target multiple hosts.
- Built-in SMB server for payload delivery, removing the need for open file shares.
- Exploit includes both MS-RPRN & MS-PAR protocols (define in CMD args).
- Implements UNC bypass technique.
https://github.com/m8sec/CVE-2021-34527
@NetPentesters
- Ability to target multiple hosts.
- Built-in SMB server for payload delivery, removing the need for open file shares.
- Exploit includes both MS-RPRN & MS-PAR protocols (define in CMD args).
- Implements UNC bypass technique.
https://github.com/m8sec/CVE-2021-34527
@NetPentesters
GitHub
GitHub - m8sec/CVE-2021-34527: PrintNightmare (CVE-2021-34527) PoC Exploit
PrintNightmare (CVE-2021-34527) PoC Exploit. Contribute to m8sec/CVE-2021-34527 development by creating an account on GitHub.
A basic emulation of an "RPC Backdoor"
https://github.com/eladshamir/RPC-Backdoor
#rpc
#backdoor
@NetPentesters
https://github.com/eladshamir/RPC-Backdoor
#rpc
#backdoor
@NetPentesters
GitHub
GitHub - eladshamir/RPC-Backdoor: A basic emulation of an "RPC Backdoor"
A basic emulation of an "RPC Backdoor". Contribute to eladshamir/RPC-Backdoor development by creating an account on GitHub.
dc-sonar
Analyzing AD domains for security risks related to user accounts
https://github.com/ST1LLY/dc-sonar
#ad
#redteam
@NetPentesters
Analyzing AD domains for security risks related to user accounts
https://github.com/ST1LLY/dc-sonar
#ad
#redteam
@NetPentesters
Best Practices for Securing Active Directory
https://docs.microsoft.com/en-gb/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory
#ad
#blueteam
@NetPentesters
https://docs.microsoft.com/en-gb/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory
#ad
#blueteam
@NetPentesters
Docs
Best practices for securing Active Directory
Learn more about best practices for securing Active Directory.
RPCRecon
Tool in Bash to carry out a basic enumeration and extract the most relevant information from an Active Directory via rpcclient.
This utility will allow us to obtain the following information from a Domain:
▫️ Domain Users
▫️ Domain Users with their denoscription
▫️ Domain Admin Users
▫️ Domain Groups
▫️ Domains within the network
https://github.com/m4lal0/RPCrecon
#AD
@NetPentesters
Tool in Bash to carry out a basic enumeration and extract the most relevant information from an Active Directory via rpcclient.
This utility will allow us to obtain the following information from a Domain:
▫️ Domain Users
▫️ Domain Users with their denoscription
▫️ Domain Admin Users
▫️ Domain Groups
▫️ Domains within the network
https://github.com/m4lal0/RPCrecon
#AD
@NetPentesters
GitHub
GitHub - m4lal0/RPCrecon: Herramienta en Bash para efectuar una enumeración básica y extraer la información más relevante de un…
Herramienta en Bash para efectuar una enumeración básica y extraer la información más relevante de un Directorio Activo vía rpcclient. - m4lal0/RPCrecon