SeBackupPrivilegePoC
https://github.com/daem0nc0re/PrivFu/blob/main/PrivilegedOperations/SeBackupPrivilegePoC/SeBackupPrivilegePoC.cs

All About Bug Bounty

Collection of notes about on the most important BugBounty-related topics.

https://github.com/daffainfo/AllAboutBugBounty

#bugbounty

RDLL (requires SeDebugPrivilege privilege) will automatically locate sysmon process and patch its EtwEventWrite API, causing sysmon malfunctioning while the process and its threads are still running.

https://github.com/ScriptIdiot/SysmonQuiet
#redteam

hijagger
This tool checks every maintainer from every package in the NPM and Python Pypi registry for unregistered domains or unregistered MX records on those domains. If a domain is unregistered you can grab the domain and initiate a password reset on the account if it has no 2 factor auth enabled. This enables you to hijack a package and do whatever you want with it.

https://github.com/firefart/hijagger

simple rust stealer

https://github.com/luca364/rust-stealer

Android remote administration tool with C2 server codebase

https://github.com/Tomiwa-Ot/moukthar

tor_ip_switcher is useful for making any DoS attack look like a DDoS attack. Works with toriptables2.

https://github.com/ruped24/tor_ip_switcher

Abusing forgotten permissions on computer objects in Active Directory for lateral movement :

tl;dr:

first should run BloodHound and use ACL noscript to find the misconfigured Computer accounts in Active Directory and then use Resource-Based Constrained Delegation Attack for dumping credentials (use impacket tool).

https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/

#redteam #activedirectory

Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser! :
https://binary.ninja/2022/07/13/introducing-decompiler-explorer.html
https://dogbolt.org/
https://github.com/decompiler-explorer/decompiler-explorer

The iscsicpl.exe binary is vulnerable to a DLL Search Order hijacking vulnerability when running 32bit Microsoft binary on a 64bit host via SysWOW64. The 32bit binary, will perform a search within user %Path% for the DLL iscsiexe.dll. This can be exploited using a Proxy DLL to execute code via "iscsicpl.exe" as autoelevate is enabled.

https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC

#UACbypass #redteaming

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
https://github.com/optiv/Mangle

pretender, a cross-platform tool to obtain a machine-in-the-middle position inside Windows networks in the spirit of Responder and mitm6.

https://blog.redteam-pentesting.de/2022/introducing-pretender/

https://github.com/RedTeamPentesting/pretender

​​Randy

This is a pre-authenticated RCE exploit for Inductive Automation Ignition that impacts versions <= 8.1.16. We failed to exploit the bugs at Pwn2Own Miami 2022 because we had a sloppy exploit and no debug environment, but since then we have found the time and energy to improve it!

https://github.com/sourceincite/randy

Apache Spark rce

https://github.com/W01fh4cker/cve-2022-33891

#apache #spark #rce

Intercepter-NG 1.2

* SSL MiTM rewritten (SNI support)
* SSL Strip updated
* X-Scan updated
+ Forced capturing on PPP interfaces

********
+ Captive Portal test template
- eXtreme mode, iOS killer
- Heartbleed exploit
- DHCP\RAW Mode
* WayBack Mode (restores hidden modes)
* OUI db updated
* Fixes, improvements, optimizations
********

http://sniff.su/download.html

PowerView.py is an alternative for the awesome original PowerView.ps1 noscript. Most of the modules used in PowerView are available in this project ( some of the flags are changed ).

Interesting Features

Embedded user session

Mini PowerView.py console to make you feel at home when using PowerView in Powershell

Auto-completer, so no more memorizing commands

Cross-Domain interactions

https://github.com/aniqfakhrul/powerview.py

#powerview

LPE exploit for CVE-2022-34918. This exploit has been written for the kernel Linux ubuntu 5.15.0-39-generic

Blog:

https://www.randorisec.fr/crack-linux-firewall/

POC:

https://github.com/randorisec/CVE-2022-34918-LPE-PoC

#Linux #LPE

Mandiant Azure Workshop For Redteaming and detection
Requirements
Azure tenant
Azure CLI
Terafform version 1.2.2 or above
Azure User with Global Admin role in the AAD tenant
add your external IP on lines 248-249 in kc1.tf

https://lnkd.in/g752YaTa
#Azure #redteam

Detectree is a data visualisation tool for blue teams. It provides a graphical representation of detection data, which allows an analyst to generate almost instant opinions about the nature of the underlying activity and to understand complex relationships between the data points. Ultimately, this can help reduce response time, reduce alert fatigue and facilitate communication between analysts within the teams.
https://lnkd.in/dE5b-P62

Open Sourcing Pulsar, the Runtime Security Observability Tool for IoT, Powered by eBPF

blog.exein.io/pulsar

Tool website: pulsar.sh
GitHub: github.com/exein-io/pulsar