Active Directory Enumeration for Red Teams
In this post, we will explore how defenders can monitor for suspicious LDAP activity, as well as operational security approaches for red teams conducting LDAP reconnaissance.
credits : Dominic Chell
https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/
you should not miss this blog :)
In this post, we will explore how defenders can monitor for suspicious LDAP activity, as well as operational security approaches for red teams conducting LDAP reconnaissance.
credits : Dominic Chell
https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/
Forwarded from Offensive Xwitter
😈 [ eversinc33 🩸🗡️ @eversinc33 ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
*смешной срач в треде*👍3🔥1
Forwarded from white2hack 📚
System32 Important Files.pdf
33.4 MB
System32 Important Files by Hadess, 2024
Cloud-Based Identity to Exfiltration Attack Part1
As I've divided this blog into two parts, this part focuses on Part 1, examining cloud-based identity attacks leading to successful logins to Outlook activities.
https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part1.md
As I've divided this blog into two parts, this part focuses on Part 1, examining cloud-based identity attacks leading to successful logins to Outlook activities.
https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part1.md
👍7
Cloud-Based Identity to Exfiltration Attack Part2
Today, I would like to showcase some detection insights regarding attacks, starting from cloud-based identity attacks and extending to compromised Office 365 environment.
https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part2.md
Today, I would like to showcase some detection insights regarding attacks, starting from cloud-based identity attacks and extending to compromised Office 365 environment.
https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part2.md
Forwarded from گروه بایت امن (SecureByte)
Persian Generic Unpacking.rar
7.2 MB
#Tutorial #Unpacking #Persian
مجموعه آموزشی آنپکینگ به زبان فارسی از دوست خوب و قدیمی امیر گوران ( 256 صفحه )
برای آنپکینگ دانش خوبی از ساختار فایل، مهندسی معکوس، تحلیل استاتیک و داینامیک و برنامه نویسی نیاز دارید
مطالبی که میبینید برای آشنایی کلی هست و نیاز دارید برای ادامه تمرین کنید و بدون دانش پیشنیاز تو این زمینه پیشرفتی حاصل نمیشه .
فایل های Unpack Me رو میتونید از سایت Tuts4you دانلود و تمرین کنید
Password : @securebyte
https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
مجموعه آموزشی آنپکینگ به زبان فارسی از دوست خوب و قدیمی امیر گوران ( 256 صفحه )
برای آنپکینگ دانش خوبی از ساختار فایل، مهندسی معکوس، تحلیل استاتیک و داینامیک و برنامه نویسی نیاز دارید
مطالبی که میبینید برای آشنایی کلی هست و نیاز دارید برای ادامه تمرین کنید و بدون دانش پیشنیاز تو این زمینه پیشرفتی حاصل نمیشه .
فایل های Unpack Me رو میتونید از سایت Tuts4you دانلود و تمرین کنید
Password : @securebyte
https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
REA Unpacking eBook.rar
106.2 MB
#Tutorial #Unpacking #English
REA Unpacking eBook
Pages : 2342
Password : @securebyte
https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
REA Unpacking eBook
Pages : 2342
Password : @securebyte
https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
Forwarded from Source Chat (Friend)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from $ᴘ3ᴅʏʟ1👾
Golang Virus Example
[ GitHub ]
Process Injection Techniques with Golang
[ GitHub ]
Proof of concept SMB C2 using named pipes in Golang
[ GitHub ]
DLL creation and injection with Golang
[ Medium ]
ColdFire II(Golang malware development library)
[ GitHub ]
A POC Windows crypto-ransomware (Academic). Now Ransom:Win32/MauriCrypt.MK!MTB
[ GitHub ]
Windows Botnet written in Golang
[ GitHub ]
@source_byte
#malware_dev #go
ExfilDocs
Searches drive for specific file extensions
Uploads files to C2 via SSH
Outlook Exfil
Asks for Outlook Credentials
Authenticates via IMAP, searches attachments and uploads files to C2 via SSH TO DO: Fix Windows Compilation
Screen Shotter
Uploads screenshot every 20 seconds to C2 via SSH
Dropper
Hosts 3 files, downloads them from itself then executes them.
[ GitHub ]
Process Injection Techniques with Golang
[ GitHub ]
Proof of concept SMB C2 using named pipes in Golang
[ GitHub ]
DLL creation and injection with Golang
[ Medium ]
ColdFire II(Golang malware development library)
[ GitHub ]
A POC Windows crypto-ransomware (Academic). Now Ransom:Win32/MauriCrypt.MK!MTB
[ GitHub ]
Windows Botnet written in Golang
[ GitHub ]
@source_byte
#malware_dev #go
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
TrollUAC
• .NET library that serves as a UAC bypass for x64
• Any* process with the uiAccess flag enabled can "Send Keystrokes" to high integrity processes even from medium integrity
• We steal the token of On Screen Keyboard (uiAccess enabled) to spawn a new process that does GUI automation
• The GUI automation simply sends keystrokes to taskmgr (auto elevate) to spawn our new desired process in high integrity
• *Refer to tiraniddo's article for requirements, although they can easily be conjured up
• .NET library that serves as a UAC bypass for x64
• Any* process with the uiAccess flag enabled can "Send Keystrokes" to high integrity processes even from medium integrity
• We steal the token of On Screen Keyboard (uiAccess enabled) to spawn a new process that does GUI automation
• The GUI automation simply sends keystrokes to taskmgr (auto elevate) to spawn our new desired process in high integrity
• *Refer to tiraniddo's article for requirements, although they can easily be conjured up
Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
[ GitHub ]
#malware_dev
#windows
[ GitHub ]
#malware_dev
#windows
Unorthodox and stealthy way to inject a DLL into the explorer using icons
[ GitHub ]
@source_byte
#malware_dev
#windows
[ GitHub ]
@source_byte
#malware_dev
#windows
This media is not supported in your browser
VIEW IN TELEGRAM
Malware for education
https://github.com/reveng007/DarkWidow.git
Honourable Mentions:
BlackHat Asia, 2024 - Call For Tools
BlackHat USA, 2024 - Call For Tools
@source_byte
#malware_dev
#windows
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
https://github.com/reveng007/DarkWidow.git
Honourable Mentions:
BlackHat Asia, 2024 - Call For Tools
BlackHat USA, 2024 - Call For Tools
@source_byte
#malware_dev
#windows
🦀 | RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language.
https://github.com/joaoviictorti/RustRedOps.git
@source_byte
#malware_dev #rust
https://github.com/joaoviictorti/RustRedOps.git
@source_byte
#malware_dev #rust
Writing an Independent Malware
https://captmeelo.com//redteam/maldev/2022/10/17/independent-malware.html
@source_byte
#malware_dev #compile
There’s no greater feeling when the malware (or any project/tool) you’re developing works as expected. Until suddenly you realized it only works on your dev machine but not on any other machine.
https://captmeelo.com//redteam/maldev/2022/10/17/independent-malware.html
@source_byte
#malware_dev #compile