SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet (CVE-2020-1147)
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Hunting for bugs in VirtualBox
http://blog.paulch.ru/2020-07-26-hunting-for-bugs-in-virtualbox-first-take.html
http://blog.paulch.ru/2020-07-26-hunting-for-bugs-in-virtualbox-first-take.html
Applied Purple Teaming Threat Optics Lab - Azure Terraform
https://github.com/DefensiveOrigins/APT-Lab-Terraform
https://github.com/DefensiveOrigins/APT-Lab-Terraform
GitHub
GitHub - DefensiveOrigins/APT-Lab-Terraform: Purple Teaming Attack & Hunt Lab - Terraform
Purple Teaming Attack & Hunt Lab - Terraform. Contribute to DefensiveOrigins/APT-Lab-Terraform development by creating an account on GitHub.
CVE-2020-11518 Unauthenticated RCE in ADSelfService Plus
https://honoki.net/2020/08/10/cve-2020-11518-how-i-bruteforced-my-way-into-your-active-directory/
https://honoki.net/2020/08/10/cve-2020-11518-how-i-bruteforced-my-way-into-your-active-directory/
Noctilucent, tool for Domain Fronting using TLS 1.3
https://github.com/SixGenInc/Noctilucent
DEF CON Safe Mode Talk:
https://youtu.be/TDg092qe50g
https://github.com/SixGenInc/Noctilucent
DEF CON Safe Mode Talk:
https://youtu.be/TDg092qe50g
GitHub
GitHub - SixGenInc/Noctilucent: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise
Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise - SixGenInc/Noctilucent
CVE-2020-1048, CVE-2020-1337. Bugs in Windows Print Spooler
https://github.com/SafeBreach-Labs/Spooler
DEF CON Safe Mode Talk by SafeBreach Labs:
https://youtu.be/RvABLQpiZks
https://github.com/SafeBreach-Labs/Spooler
DEF CON Safe Mode Talk by SafeBreach Labs:
https://youtu.be/RvABLQpiZks
GitHub
SafeBreach-Labs/Spooler
Contribute to SafeBreach-Labs/Spooler development by creating an account on GitHub.
Windows Print Spooler patch bypass re-enables persistent backdoor
https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor
https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor
Zero Day Initiative
Zero Day Initiative — Windows Print Spooler Patch Bypass Re-Enables Persistent Backdoor
In May 2020, Microsoft patched CVE-2020-1048 , a critical privilege escalation bug in Windows. Through this vulnerability, an attacker with the ability to execute low-privileged code on a Windows machine can easily establish a persistent backdoor, allowing…
Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
Medium
Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins
This is a detailed overview of the bugs found while reviewing the source code of WordPress plugins. I cover 3 reported vulnerabilities…
PowerSharpPack. Many usefull offensive CSharp Projects wraped into Powershell
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
GitHub
GitHub - S3cur3Th1sSh1t/PowerSharpPack
Contribute to S3cur3Th1sSh1t/PowerSharpPack development by creating an account on GitHub.
FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking
https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/
https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/
MDSec
FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking - MDSec
Introduction During red team engagements, it is not uncommon to encounter Endpoint Defence & Response (EDR) / Prevention (EDP) products that implement user-land hooks to gain insight in to a...
👍1
Death from Above: Lateral Movement from Azure to On-Prem AD
https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d
https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d
Medium
Death from Above: Lateral Movement from Azure to On-Prem AD
I’ve been looking into Azure attack primitives over the past couple of months to gain a better understanding of how the system works, what…
Introduction to Windows tokens for security practitioners
https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners
https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners
Elastic Blog
Introduction to Windows tokens for security practitioners
Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals. In this blog post, we demystify h...
Malware Development Pt. 1: Dynamic Module Loading in Go
https://posts.specterops.io/malware-development-pt-1-dynamic-module-loading-in-go-1121f07f3a5a
https://posts.specterops.io/malware-development-pt-1-dynamic-module-loading-in-go-1121f07f3a5a
Medium
Malware Development Pt. 1: Dynamic Module Loading in Go
Loading and managing shared libraries in memory.
A Voyage to Uncovering Telemetry: Identifying RPC Telemetry for Detection Engineers
https://ipc-research.readthedocs.io/en/latest/subpages/RPC.html
https://ipc-research.readthedocs.io/en/latest/subpages/RPC.html
DRAKVUF™ is a virtualization based agentless black-box binary analysis system. DRAKVUF™ allows for in-depth execution tracing of arbitrary binaries (including operating systems), all without having to install any special software within the virtual machine used for analysis.
https://drakvuf.com
https://drakvuf.com