BloodyAD is an Active Directory Privilege Escalation Framework
https://github.com/CravateRouge/bloodyAD
#AD
#privilege
@NetPentesters
https://github.com/CravateRouge/bloodyAD
#AD
#privilege
@NetPentesters
GitHub
GitHub - CravateRouge/bloodyAD: BloodyAD is an Active Directory Privilege Escalation Framework
BloodyAD is an Active Directory Privilege Escalation Framework - CravateRouge/bloodyAD
#5G_Network_Security
Exploit the Fuzz -
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks
@NetPentesters
Exploit the Fuzz -
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks
@NetPentesters
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
CVE-2021-42306 CredManifest:
App Registration Certificates Stored in Azure AD
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest
#azure
#Ad
#Cloud
#Pentest
@NetPentesters
App Registration Certificates Stored in Azure AD
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest
#azure
#Ad
#Cloud
#Pentest
@NetPentesters
NetSPI
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
The vulnerability, found by NetSPI’s cloud pentesting practice director, Karl Fosaaen, affects any organization that uses Automation Account "Run as" accounts in Azure.
New_Attack_Surfaces_WiFi_Mesh.pdf
3.2 MB
#WLAN_Security
BlackHat Europe 2021:
"New Attack Surfaces of Wi-Fi Mesh Network".
// CVE-2021-35055, CVE-2021-37566, CVE-2021-37572
@NetPentesters
BlackHat Europe 2021:
"New Attack Surfaces of Wi-Fi Mesh Network".
// CVE-2021-35055, CVE-2021-37566, CVE-2021-37572
@NetPentesters
WSUS Attacks:
Part 1 - Introducing PyWSUS
https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus
Part 2 - CVE-2020-1013 a Windows 10 LPE 1-Day
https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day
Part 3 - NTLM Relaying Attacks
https://www.gosecure.net/blog/2021/11/22/gosecure-investigates-abusing-windows-server-update-services-wsus-to-enable-ntlm-relaying-attacks
#wsus
#NTLM
@NetPentesters
Part 1 - Introducing PyWSUS
https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus
Part 2 - CVE-2020-1013 a Windows 10 LPE 1-Day
https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day
Part 3 - NTLM Relaying Attacks
https://www.gosecure.net/blog/2021/11/22/gosecure-investigates-abusing-windows-server-update-services-wsus-to-enable-ntlm-relaying-attacks
#wsus
#NTLM
@NetPentesters
GoSecure
24/7 managed detection, response, and expert cybersecurity services - GoSecure
We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.
Observing Attacks Against Hundreds
of Exposed Services in Public Clouds
https://unit42.paloaltonetworks.com/exposed-services-public-clouds
#Cloud
@NetPentestets
of Exposed Services in Public Clouds
https://unit42.paloaltonetworks.com/exposed-services-public-clouds
#Cloud
@NetPentestets
Unit 42
Observing Attacks Against Hundreds of Exposed Services in Public Clouds
Insecurely exposed services are common misconfigurations in cloud environments. We used a honeypot infrastructure to learn about attacks against them.
1. How to Detect Azure AD Backdoors:
Identity Federation
https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html
2. Checks for signature requirements over LDAP
https://github.com/GoSecure/ldap-scanner
#BlueTeam
#Azure
#Ad
#LDAP
@NetPentesters
Identity Federation
https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html
2. Checks for signature requirements over LDAP
https://github.com/GoSecure/ldap-scanner
#BlueTeam
#Azure
#Ad
#LDAP
@NetPentesters
Inversecos
How to Detect Azure Active Directory Backdoors: Identity Federation
CVE-2021-21972:
PoC Exploit for vCenter
https://github.com/NS-Sp4ce/CVE-2021-21972
https://github.com/horizon3ai/CVE-2021-21972
Exploits the Wii U's bluetooth stack to gain IOSU
kernel access via bluetooth
https://github.com/GaryOderNichts/bluubomb
#bluetooth
@NetPentesters
PoC Exploit for vCenter
https://github.com/NS-Sp4ce/CVE-2021-21972
https://github.com/horizon3ai/CVE-2021-21972
Exploits the Wii U's bluetooth stack to gain IOSU
kernel access via bluetooth
https://github.com/GaryOderNichts/bluubomb
#bluetooth
@NetPentesters
GitHub
GitHub - NS-Sp4ce/CVE-2021-21972: CVE-2021-21972 Exploit
CVE-2021-21972 Exploit. Contribute to NS-Sp4ce/CVE-2021-21972 development by creating an account on GitHub.
1. 0-day vulnerability in TP-Link Wi-Fi 6 devices
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html?utm_source=feedly&utm_medium=rss&utm_campaign=0-day-tp-link-wi-fi-6
2. TP-Link TL-WR840N EU v5 RCE
(PoC for CVE-2021-41653)
https://k4m1ll0.com/cve-2021-41653.html
#tplink
#ZeroDay
#Vulnerability
#poc
@NetPentesters
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html?utm_source=feedly&utm_medium=rss&utm_campaign=0-day-tp-link-wi-fi-6
2. TP-Link TL-WR840N EU v5 RCE
(PoC for CVE-2021-41653)
https://k4m1ll0.com/cve-2021-41653.html
#tplink
#ZeroDay
#Vulnerability
#poc
@NetPentesters
Security Affairs
Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L.
A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
https://imp0rtp3.wordpress.com/2021/11/25/sowat/
#APT31
#Router
#malware
@Netpentesters
https://imp0rtp3.wordpress.com/2021/11/25/sowat/
#APT31
#Router
#malware
@Netpentesters
Nmap noscript that searches for probable vulnerabilities based on services discovered in open ports
https://github.com/scmanjarrez/CVEScannerV2
#Nmap
#Script
#Port
#Vulnerability
@NetPentesters
https://github.com/scmanjarrez/CVEScannerV2
#Nmap
#Script
#Port
#Vulnerability
@NetPentesters
GitHub
GitHub - scmanjarrez/CVEScannerV2: Nmap noscript that scans for probable vulnerabilities based on services discovered in open ports.
Nmap noscript that scans for probable vulnerabilities based on services discovered in open ports. - GitHub - scmanjarrez/CVEScannerV2: Nmap noscript that scans for probable vulnerabilities based on se...
Proxy-Attackchain:
proxylogon, proxyshell, proxyoracle, proxytoken
full chain exploit tool
https://github.com/FDlucifer/Proxy-Attackchain
#tools
#proxy
@NetPentesters
proxylogon, proxyshell, proxyoracle, proxytoken
full chain exploit tool
https://github.com/FDlucifer/Proxy-Attackchain
#tools
#proxy
@NetPentesters
GitHub
GitHub - FDlucifer/Proxy-Attackchain: Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization…
Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization :) - FDlucifer/Proxy-Attackchain
Azure Privilege Escalation via Azure API Permissions Abuse
https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48
#Azure
#privilege
#Api
#microsoft
@NetPentesters
https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48
#Azure
#privilege
#Api
#microsoft
@NetPentesters
Analysis for CVE-2021-34535 -
RCE vulnerability in Remote Desktop Client
https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control
#vulnerability
#RDP
#RCE
#Analysis
@NetPentesters
RCE vulnerability in Remote Desktop Client
https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control
#vulnerability
#RDP
#RCE
#Analysis
@NetPentesters
Configurable backdoor to bypass antivirus
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads
#Bypass
#antivirus
#backdoor
@NetPentesters
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads
#Bypass
#antivirus
#backdoor
@NetPentesters