Forwarded from 1N73LL1G3NC3
OWA Pentest Guide
В статье разобраны все основные атаки и уязвимости OWA и MS Exchange:
Thx: @pentestnotes
В статье разобраны все основные атаки и уязвимости OWA и MS Exchange:
• OSINT
• Password spraying
• GAL/OAB
• Архитектура работы
• ZDI-CAN-22101
• OWA CAP Bypass
• CVE-2020-0688
• ProxyLogon
• CVE-2021-26855 - Pre-auth SSRF
• CVE-2021-27065 - Post-auth Arbitrary-File-Write
• ProxyOracle
• CVE-2021-31196 - The Padding Oracle
• CVE-2021-31195 - XSS
• Обход HttpOnly
• ProxyShell
• CVE-2021-34473 - Pre-auth Path Confusion leads to ACL Bypass
• CVE-2021-34523 - Exchange PowerShell Backend Elevation-of-Privilege
• CVE-2021-31207 - Post-auth Arbitrary-File-Write
• ProxyNotShell
• ProxyRelay
• Relay атаки
Thx: @pentestnotes
👾6
FileJacking – Initial Access with File System API
browser-based backdooring: FileJacking-PoC (GitHub)
browser-based backdooring: FileJacking-PoC (GitHub)
print3m.github.io
FileJacking – Initial Access with File System API
FileJacking – Malware Initial Access technique with File System API. Backdoor files, read / write folders directly from the browser – no downloads.
👾7
Breaking Control Flow Flattening: A Deep Technical Analysis
https://zerotistic.blog/posts/cff-remover/
advanced obfuscation with LLVM and template metaprogramming
https://0xpat.github.io/Malware_development_part_6/
basic Ultility To Generate C++ Codes That Applies Some Sort Of Control Flow Flattening Obfuscation On Your Projects.
https://github.com/PaulNorman01/Control-Flow-Flattening-Ultility
Building a Compile-Time Obfuscation Tool
https://medium.com/@bu19akov/building-a-compile-time-obfuscation-tool-c757effe19b5
Angr Control Flow Deobfuscation
https://research.openanalysis.net/angr/symbolic%20execution/deobfuscation/research/2022/03/26/angr_notes.html
https://zerotistic.blog/posts/cff-remover/
advanced obfuscation with LLVM and template metaprogramming
https://0xpat.github.io/Malware_development_part_6/
basic Ultility To Generate C++ Codes That Applies Some Sort Of Control Flow Flattening Obfuscation On Your Projects.
https://github.com/PaulNorman01/Control-Flow-Flattening-Ultility
Building a Compile-Time Obfuscation Tool
https://medium.com/@bu19akov/building-a-compile-time-obfuscation-tool-c757effe19b5
Angr Control Flow Deobfuscation
https://research.openanalysis.net/angr/symbolic%20execution/deobfuscation/research/2022/03/26/angr_notes.html
1👾7
I wannabe Red Team Operator, so what Now?
Tools won’t make you a Red Teamer any more than a stethoscope makes you a doctor. What matters is knowing why, when, and how to use them. Surgically.
Tools won’t make you a Red Teamer any more than a stethoscope makes you a doctor. What matters is knowing why, when, and how to use them. Surgically.
👾10
executing shellcode from non-executable memory and "bypassing" DEP/NX.
A proof-of-concept implementation demonstrating how to execute code from non-executable memory on Windows x64 systems by combining hardware breakpoints, vectored exception handling (VEH), and instruction emulation—bypassing DEP/NX protection without modifying memory permissions.
A proof-of-concept implementation demonstrating how to execute code from non-executable memory on Windows x64 systems by combining hardware breakpoints, vectored exception handling (VEH), and instruction emulation—bypassing DEP/NX protection without modifying memory permissions.
👾6
Meet the Malware: Extension
#stealer
TigerJack's Extensions Continue to Rob Developers Blind Across Different Marketplaces
#stealer
👾2
Bypassing Web Filters - SNI spoofing
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
#Infra
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
#Infra
👾7
👾4
Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
#stealer
Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
#stealer
👾6
Forwarded from 1N73LL1G3NC3
Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
🔗 DumpGuard
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
P.S. Previously, crack.sh operated a free service for performing rainbow table lookups to recover NT hashes from NTLMv1 responses, but was recently shut down due to maintenance issues. In its absence, a new free service was published at ntlmv1.com.
Please open Telegram to view this post
VIEW IN TELEGRAM
👾9