PowerView.py is an alternative for the awesome original PowerView.ps1 noscript. Most of the modules used in PowerView are available in this project ( some of the flags are changed ).
Interesting Features
Embedded user session
Mini PowerView.py console to make you feel at home when using PowerView in Powershell
Auto-completer, so no more memorizing commands
Cross-Domain interactions
https://github.com/aniqfakhrul/powerview.py
#powerview
Interesting Features
Embedded user session
Mini PowerView.py console to make you feel at home when using PowerView in Powershell
Auto-completer, so no more memorizing commands
Cross-Domain interactions
https://github.com/aniqfakhrul/powerview.py
#powerview
GitHub
GitHub - aniqfakhrul/powerview.py: Just another Powerview alternative but on steroids
Just another Powerview alternative but on steroids - aniqfakhrul/powerview.py
LPE exploit for CVE-2022-34918. This exploit has been written for the kernel Linux ubuntu 5.15.0-39-generic
Blog:
https://www.randorisec.fr/crack-linux-firewall/
POC:
https://github.com/randorisec/CVE-2022-34918-LPE-PoC
#Linux #LPE
Blog:
https://www.randorisec.fr/crack-linux-firewall/
POC:
https://github.com/randorisec/CVE-2022-34918-LPE-PoC
#Linux #LPE
Mandiant Azure Workshop For Redteaming and detection
Requirements
Azure tenant
Azure CLI
Terafform version 1.2.2 or above
Azure User with Global Admin role in the AAD tenant
add your external IP on lines 248-249 in kc1.tf
https://lnkd.in/g752YaTa
#Azure #redteam
Requirements
Azure tenant
Azure CLI
Terafform version 1.2.2 or above
Azure User with Global Admin role in the AAD tenant
add your external IP on lines 248-249 in kc1.tf
https://lnkd.in/g752YaTa
#Azure #redteam
GitHub
GitHub - mandiant/Azure_Workshop
Contribute to mandiant/Azure_Workshop development by creating an account on GitHub.
Detectree is a data visualisation tool for blue teams. It provides a graphical representation of detection data, which allows an analyst to generate almost instant opinions about the nature of the underlying activity and to understand complex relationships between the data points. Ultimately, this can help reduce response time, reduce alert fatigue and facilitate communication between analysts within the teams.
https://lnkd.in/dE5b-P62
https://lnkd.in/dE5b-P62
GitHub
GitHub - countercept/detectree: Data visualization for blue teams
Data visualization for blue teams. Contribute to countercept/detectree development by creating an account on GitHub.
Open Sourcing Pulsar, the Runtime Security Observability Tool for IoT, Powered by eBPF
blog.exein.io/pulsar
Tool website: pulsar.sh
GitHub: github.com/exein-io/pulsar
blog.exein.io/pulsar
Tool website: pulsar.sh
GitHub: github.com/exein-io/pulsar
blog.exein.io
Open Sourcing Pulsar, the Runtime Security Observability Tool for IoT | Exein Blog
Fleet of Pulsar devices
Reading an arbitrary ThinkPHP 5.X file
Nuclei Template :https://github.com/momika233/TP5_Arbitrary_file_read/blob/main/TP5_Arbitrary_file_read.yaml
PoCs: {{BaseURL}}/?s=index/think\\Error/appError&errno=1&errstr=1&errline=1&errfile=../../../etc/passwd
Dork for Shodan: "X-Powered By: ThinkPHP"
Nuclei Template :https://github.com/momika233/TP5_Arbitrary_file_read/blob/main/TP5_Arbitrary_file_read.yaml
PoCs: {{BaseURL}}/?s=index/think\\Error/appError&errno=1&errstr=1&errline=1&errfile=../../../etc/passwd
Dork for Shodan: "X-Powered By: ThinkPHP"
GitHub
TP5_Arbitrary_file_read/TP5_Arbitrary_file_read.yaml at main · momika233/TP5_Arbitrary_file_read
Contribute to momika233/TP5_Arbitrary_file_read development by creating an account on GitHub.
A standalone noscript that adds information about unpatched vulnerabilities to BloodHound based on parsed vulnerability scanners reports. Security teams can then use this data to define starting points for paths (e.g. paths to Domain Admins from vulnerable hosts) or write queries that consider lateral movement to vulnerable hosts.
Supported Scanners
Tenable Nessus
Qualys
Greenbone OpenVAS
Nmap Vuln NSE Script
https://github.com/zeronetworks/BloodHound-Tools/tree/main/VulnerabilitiesDataImport
Supported Scanners
Tenable Nessus
Qualys
Greenbone OpenVAS
Nmap Vuln NSE Script
https://github.com/zeronetworks/BloodHound-Tools/tree/main/VulnerabilitiesDataImport
GitHub
BloodHound-Tools/VulnerabilitiesDataImport at main · zeronetworks/BloodHound-Tools
Collection of tools that reflect the network dimension into Bloodhound's data - zeronetworks/BloodHound-Tools
Stealer in just 3 lines with sending to telegram
https://github.com/FallenAstaroth/stink
https://github.com/FallenAstaroth/stink
GitHub
GitHub - FallenAstaroth/stink: Nulla eu sem non metus ullamcorper feugiat. Proin eget magna eu massa pretium pharetra.
Nulla eu sem non metus ullamcorper feugiat. Proin eget magna eu massa pretium pharetra. - FallenAstaroth/stink
Apache Spark Shell Command Injection CVE-2022-33891
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. An authentication filter checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
https://github.com/AmoloHT/CVE-2022-33891
#Apache #spark
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. An authentication filter checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
https://github.com/AmoloHT/CVE-2022-33891
#Apache #spark
GitHub
GitHub - AmoloHT/CVE-2022-33891: 「💥」CVE-2022-33891 - Apache Spark Command Injection
「💥」CVE-2022-33891 - Apache Spark Command Injection - AmoloHT/CVE-2022-33891
CVE-2022-26712: The POC for SIP-Bypass
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/
jhftss.github.io
CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable
I found some new attack surfaces in the macOS PackageKit.framework, and successfully disclosed 15+ critical SIP-Bypass vulnerabilities. Apple has addressed 12 of them with CVE assigned so far. There are still some reports in the Apple’s processing queue.…
wget-root :
If the wget binary has the SUID bit set, It does not drop the elevated privileges and may be abused to access the file system. It may be used to do privileged writes or write files outside a restricted file system. This noscript automates the rewriting of the passwd file of the victim's machine.
https://github.com/CopernicusPY/wget-root
If the wget binary has the SUID bit set, It does not drop the elevated privileges and may be abused to access the file system. It may be used to do privileged writes or write files outside a restricted file system. This noscript automates the rewriting of the passwd file of the victim's machine.
https://github.com/CopernicusPY/wget-root
GitHub
GitHub - lil-skelly/wget-root: This is a python noscript that exploits wget when being set with a SUID bit, and overwrites the root…
This is a python noscript that exploits wget when being set with a SUID bit, and overwrites the root password. - lil-skelly/wget-root
Apache Tomcat Vulnerability Scanner:
https://github.com/p0dalirius/ApacheTomcatScanner
https://github.com/p0dalirius/ApacheTomcatScanner
GitHub
GitHub - p0dalirius/ApacheTomcatScanner: A python noscript to scan for Apache Tomcat server vulnerabilities.
A python noscript to scan for Apache Tomcat server vulnerabilities. - GitHub - p0dalirius/ApacheTomcatScanner: A python noscript to scan for Apache Tomcat server vulnerabilities.
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.
https://github.com/last-byte/PersistenceSniper/
https://github.com/last-byte/PersistenceSniper/
GitHub
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...
Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
https://github.com/ly4k/Certipy
https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
https://github.com/ly4k/Certipy
Medium
Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
A new version of Certipy has been released along with a forked BloodHound GUI that has PKI support! In this blog post, we will look at…
This noscript allows to find MySQLi vulnerabilities Based on Errors with nuclei
https://github.com/HernanRodriguez1/ScanMySQLiErrorBased-Nuclei
https://github.com/HernanRodriguez1/ScanMySQLiErrorBased-Nuclei
GitHub
GitHub - HernanRodriguez1/ScanMySQLiErrorBased-Nuclei
Contribute to HernanRodriguez1/ScanMySQLiErrorBased-Nuclei development by creating an account on GitHub.
PersistAssist is a fully modular persistence framework written in C#. All persistence techniques contain a cleanup method which will server to remove the persistence aside from the persistence code. This is a WIP so there are many empty classes, the main object of this project initially was to build out a fully modular framework meant to make adding new features as simple as inheriting a class and adding the code.
https://github.com/FortyNorthSecurity/PersistAssist
https://github.com/FortyNorthSecurity/PersistAssist
GitHub
GitHub - RedSiege/PersistAssist: Fully modular persistence framework
Fully modular persistence framework. Contribute to RedSiege/PersistAssist development by creating an account on GitHub.