An open source, lightweight, fast, and cross-platform website vulnerability scanning tool that helps you quickly detect potential website security risks.
https://github.com/hktalent/scan4all

MalSCCM
Tooling for red teams and attackers has long since shifted to .NET, however there are very few tools publicly available for abusing SCCM, making it an attack path that may not be explored as much.
https://labs.nettitude.com/blog/introducing-malsccm/

PoC for an NTLM relay attack dubbed DFSCoerce.
The method leverages the Distributed File System: Namespace Management Protocol (MS-DFSNM) to seize control of a Windows domain.
https://github.com/Wh04m1001/DFSCoerce

It's a Docker Environment for pentesting which having all the required tool for VAPT.
https://github.com/RAJANAGORI/Nightingale
Tools List:
https://owasp.org/www-project-nightingale/

BadUSB cable based on Attiny85 microcontroller. Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection
#redteam
https://github.com/joelsernamoreno/BadUSB-Cable

JetBrains TeamCity - account takeover via CSRF in GitHub authentication (PoC)

https://github.com/yuriisanin/CVE-2022-24342

Amsi-Bypass-Powershell

This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.

Most of the noscripts are detected by AMSI itself. So you have to find the trigger(https://github.com/RythmStick/AMSITrigger) and change the signature at the part via variable/function renaming, string replacement or encoding and decoding at runtime. Alternatively obfuscate them via ISESteroids and or Invoke-Obfuscation to get them working. You can also take a look at blog(https://s3cur3th1ssh1t.github.io/Bypass_AMSI_by_manual_modification/) post about manually changing the signature to get a valid bypass again.


https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell

Source:
https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf

For more and Reference :

https://twitter.com/ShitSecure

use a Kerberos relay attack to authenticate as that user to an RDP server due to a lack of user checking in the ticket authentication process
https://bugs.chromium.org/p/project-zero/issues/detail?id=2268

UAC bypass
https://github.com/Wh04m1001/IDiagnosticProfileUAC

Abusing functionality to exploit a super SSRF in #Jira Server (CVE-2022-26135)

Jira is vulnerable to SSRF which requires authentication to exploit.

Exploit:

https://github.com/assetnote/jira-mobile-ssrf-exploit

https://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira/…

A vulnerability (CVE-2022-34265) in Django is due to improper string processing when executing SQL for the arguments of the functions Trunc and Extract used for date data in Django. By specifying the request parameters as is in the kind argument of Trunc or the lookup_name argument of Extract, there is a risk that arbitrary SQL minutes can be executed. By exploiting this vulnerability, a third party can send commands to the database to access unauthorized data or delete the database.

Affected Versions

Django 3.2.x prior to 3.2.14

Django 4.0.x prior to 4.0.6


Countermeasures

Update to Django 3.2.14 or higher.

Update to Django 4.0.6 or higher.

https://github.com/aeyesec/CVE-2022-34265

Get persistence via freaky scheduled task download cradles.
https://github.com/VirtualAlllocEx/Taskschedule-Persistence-Download-Cradles

A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
features :
Automatically detects open SMB pipes on the remote machine.
Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
Analyze mode with --analyze, which only lists the vulnerable protocols and functions listening, without performing a coerced authentication.
Perform coerce attack on a list of targets from a file with --targets-file
https://github.com/p0dalirius/Coercer

Security firm SpectreOps has open-sourced a new tool called Koh that can be used to capture Windows account authentication tokens for new logon sessions and reuse them for future attacks
https://github.com/GhostPack/Koh
https://posts.specterops.io/koh-the-token-stealer-41ca07a40ed6

Microsoft Threat Intelligence Python Security Tools.

msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to:

query log data from multiple sources
enrich the data with Threat Intelligence, geolocations and Azure resource data
extract Indicators of Activity (IoA) from logs and unpack encoded data
perform sophisticated analysis such as anomalous session detection and time series decomposition
visualize data using interactive timelines, process trees and multi-dimensional Morph Charts
It also includes some time-saving notebook tools such as widgets to set query time boundaries, select and display items from lists, and configure the notebook environment.

https://github.com/microsoft/msticpy

Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket (e.g., golden ticket) of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target server.

https://github.com/netero1010/RDPHijack-BOF

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
https://github.com/h3xduck/TripleCross

BokuLoader : Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities
Stomp MZ Magic Bytes
Find-Self EggHunter
Direct NT Syscalls via HellsGate & HalosGate
PE Header Obfuscation
PE String Replacement
NOHEADERCOPY - Loader will not copy headers over to beacon. Decommits the first memory page which would normally hold the headers
NoRWX - The Reflective loader writes beacon with Read & Write permissions and after resolving Beacons Import Table & Relocations, changes the .TEXT code section of Beacon to Read & Execute permissions
XGetProcAddress for resolving symbols
100k UDRL Size
Caesar Cipher for string obfuscation
Prepend ASM Instructions
https://github.com/xforcered/BokuLoader

SeBackupPrivilegePoC
https://github.com/daem0nc0re/PrivFu/blob/main/PrivilegedOperations/SeBackupPrivilegePoC/SeBackupPrivilegePoC.cs

All About Bug Bounty

Collection of notes about on the most important BugBounty-related topics.

https://github.com/daffainfo/AllAboutBugBounty

#bugbounty