CVE-2024-48990: Linux LPE via needrestart
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
GitHub
GitHub - makuga01/CVE-2024-48990-PoC: PoC for CVE-2024-48990
PoC for CVE-2024-48990. Contribute to makuga01/CVE-2024-48990-PoC development by creating an account on GitHub.
A #Mythic Agent written in fully position independent (#PIC) C (plus a tiny bit of C++). It is based off the Stardust template created by C5pider.
https://github.com/MythicAgents/Hannibal
Articles:
• https://silentwarble.com/posts/making-monsters-1/
• https://silentwarble.com/posts/making-monsters-2/
• https://silentwarble.com/posts/making-monsters-3/
https://github.com/MythicAgents/Hannibal
Articles:
• https://silentwarble.com/posts/making-monsters-1/
• https://silentwarble.com/posts/making-monsters-2/
• https://silentwarble.com/posts/making-monsters-3/
GitHub
GitHub - Cracked5pider/Stardust: A modern 32/64-bit position independent implant template
A modern 32/64-bit position independent implant template - GitHub - Cracked5pider/Stardust: A modern 32/64-bit position independent implant template
ShadowHound: A SharpHound Alternative Using Native PowerShell
https://github.com/Friends-Security/ShadowHound
blog:
https://blog.fndsec.net/2024/11/25/shadowhound/
https://github.com/Friends-Security/ShadowHound
blog:
https://blog.fndsec.net/2024/11/25/shadowhound/
GitHub
GitHub - Friends-Security/ShadowHound: PowerShell noscripts for alternative SharpHound enumeration, including users, groups, computers…
PowerShell noscripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP). - ...
KrbRelayEx is a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It listens for incoming SMB connections and forwards the AP-REQ to the target host, enabling access to SMB shares or HTTP ADCS (Active Directory Certificate Services) endpoints on behalf of the targeted identity.
https://github.com/decoder-it/KrbRelayEx
https://github.com/decoder-it/KrbRelayEx
Test & upgrade your Linux security with:
- 31 persistence modules & 50+ techniques
- Easily revert changes post-testing
- Map to MITRE ATT&CK
- 10+ fresh additions: LD_PRELOAD, PAM backdoors, rootkits, and more!
https://github.com/Aegrah/PANIX
- 31 persistence modules & 50+ techniques
- Easily revert changes post-testing
- Map to MITRE ATT&CK
- 10+ fresh additions: LD_PRELOAD, PAM backdoors, rootkits, and more!
https://github.com/Aegrah/PANIX
GitHub
GitHub - Aegrah/PANIX: Customizable Linux Persistence Tool for Security Research and Detection Engineering.
Customizable Linux Persistence Tool for Security Research and Detection Engineering. - Aegrah/PANIX
kapersky open-sourced GReAT’s plugin for the IDA Pro decompiler - an indispensable set of tools for analyzing malware, shellcodes, etc. Grab our secret ingredient for reverse engineering and check out the GIFs demonstrating its usage
https://github.com/KasperskyLab/hrtng
https://github.com/KasperskyLab/hrtng
GitHub
GitHub - KasperskyLab/hrtng: IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition…
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations - KasperskyLab/hrtng
Boot Execute allows native applications—executables with the NtProcessStartup entry point and dependencies solely on ntdll.dll—to run prior to the complete initialization of the Windows operating system.
https://github.com/rad9800/BootExecuteEDR
https://github.com/rad9800/BootExecuteEDR
GitHub
GitHub - rad9800/BootExecuteEDR
Contribute to rad9800/BootExecuteEDR development by creating an account on GitHub.
take ovet microsoft sccm
https://github.com/subat0mik/Misconfiguration-Manager/blob/main/attack-techniques/TAKEOVER/TAKEOVER-1/takeover-1_denoscription.md
https://github.com/subat0mik/Misconfiguration-Manager/blob/main/attack-techniques/TAKEOVER/TAKEOVER-1/takeover-1_denoscription.md
GitHub
Misconfiguration-Manager/attack-techniques/TAKEOVER/TAKEOVER-1/takeover-1_denoscription.md at main · subat0mik/Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance. - subat0mik/Misconfiguration-Manager
An advanced lateral movement technique to upload and execute custom payloads on remote targets.
Blog: https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
https://github.com/deepinstinct/DCOMUploadExec
Blog: https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
https://github.com/deepinstinct/DCOMUploadExec
Deep Instinct
Forget PSEXEC: DCOM Upload & Execute Backdoor
Join Deep Instinct Security Researcher Eliran Nissan as he exposes a powerful new DCOM lateral movement attack that remotely writes custom payloads to create an embedded backdoor.
PendingFileRenameOperations + Junctions EDR Disable
https://github.com/rad9800/FileRenameJunctionsEDRDisable
https://github.com/rad9800/FileRenameJunctionsEDRDisable
GitHub
GitHub - rad9800/FileRenameJunctionsEDRDisable
Contribute to rad9800/FileRenameJunctionsEDRDisable development by creating an account on GitHub.
A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.
https://github.com/safedv/RustSoliloquy
https://github.com/safedv/RustSoliloquy
GitHub
GitHub - safedv/RustSoliloquy: A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS,…
A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations. - safedv/RustSoliloquy
A BloodHound collector for Microsoft Configuration Manager
https://github.com/CrowdStrike/sccmhound
https://github.com/CrowdStrike/sccmhound
GitHub
GitHub - CrowdStrike/sccmhound: A BloodHound collector for Microsoft Configuration Manager
A BloodHound collector for Microsoft Configuration Manager - CrowdStrike/sccmhound
A repository of credential stealer formats
https://github.com/MalBeacon/what-is-this-stealer
https://github.com/MalBeacon/what-is-this-stealer
GitHub
GitHub - MalBeacon/what-is-this-stealer: A repository of credential stealer formats
A repository of credential stealer formats . Contribute to MalBeacon/what-is-this-stealer development by creating an account on GitHub.
CVE-2024-27397
https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-27397_mitigation/docs/exploit.md
https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-27397_mitigation/docs/exploit.md
GitHub
security-research/pocs/linux/kernelctf/CVE-2024-27397_mitigation/docs/exploit.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468) exploit
https://github.com/synacktiv/CVE-2024-43468
https://github.com/synacktiv/CVE-2024-43468
GitHub
GitHub - synacktiv/CVE-2024-43468
Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.