Bore - CLI tool for making tunnel in localhost written in Rust
https://news.1rj.ru/str/sysadm_in_channel/3936
https://news.1rj.ru/str/sysadm_in_channel/3936
Telegram
Sys-Admin & InfoSec Channel
/ Bore - is a simple CLI tool for making tunnels to localhost
https://github.com/ekzhang/bore
https://github.com/ekzhang/bore
Detecting Spring4Shell (CVE-2022-22965) with Wazuh
https://wazuh.com/blog/detecting-spring4shell-cve-2022-22965-with-wazuh/
https://wazuh.com/blog/detecting-spring4shell-cve-2022-22965-with-wazuh/
Wazuh
Detecting Spring4Shell (CVE-2022-22965) with Wazuh | Wazuh | The Open Source Security Platform
A remote code execution (RCE) vulnerability that affects the Spring Java framework has been discovered. The vulnerability is dubbed Spring4Shell or In this blog post, you will learn to detect Spring4Shell exploitation attempts with Wazuh
A blueprint for evading industry leading endpoint protection in 2022
In this post, I’d like to lay out a collection of techniques that together can be used to bypassed industry leading enterprise endpoint protection solutions. This is purely for educational purposes for (ethical) red teamers and alike, so I’ve decided not to publicly release the source code. The aim for this post is to be accessible to a wide audience in the security industry, but not to drill down to the nitty gritty details of every technique. Instead, I will refer to writeups of others that deep dive better than I can:
https://vanmieghem.io/blueprint-for-evading-edr-in-2022/
In this post, I’d like to lay out a collection of techniques that together can be used to bypassed industry leading enterprise endpoint protection solutions. This is purely for educational purposes for (ethical) red teamers and alike, so I’ve decided not to publicly release the source code. The aim for this post is to be accessible to a wide audience in the security industry, but not to drill down to the nitty gritty details of every technique. Instead, I will refer to writeups of others that deep dive better than I can:
https://vanmieghem.io/blueprint-for-evading-edr-in-2022/
Vincent Van Mieghem
A blueprint for evading industry leading endpoint protection in 2022
Bypassing CrowdStrike and Microsoft Defender for Endpoint
Implementing Global Injection and Hooking in Windows
https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
M417Z
Implementing Global Injection and Hooking in Windows
A couple of weeks ago, Windhawk, the customization marketplace for Windows programs, was released. You can read the announcement for more details and for the motivation behind creating it. In this post, I’ll focus on my journey in implementing the technical…
Make phishing great again. VSTO office files are the new macro nightmare?
Visual Studio Tools for Office (VSTO) has the capability to export an Add-In which is embedded inside an Office document file (such as a Word DOCX). If this document is delivered in the right way (to avoid some inbuilt mitigations) it provides rich capabilities for attackers to phish users and gain code execution on a remote machine through the installation of a word Add-In:
https://medium.com/@airlockdigital/make-phishing-great-again-vsto-office-files-are-the-new-macro-nightmare-e09fcadef010
Visual Studio Tools for Office (VSTO) has the capability to export an Add-In which is embedded inside an Office document file (such as a Word DOCX). If this document is delivered in the right way (to avoid some inbuilt mitigations) it provides rich capabilities for attackers to phish users and gain code execution on a remote machine through the installation of a word Add-In:
https://medium.com/@airlockdigital/make-phishing-great-again-vsto-office-files-are-the-new-macro-nightmare-e09fcadef010
Medium
Make phishing great again. VSTO office files are the new macro nightmare?
Intro to the Office VSTO format, a capability that provides rich capabilities for attackers to phish users and gain code execution
Limited Linux user creation noscript
Few time ago I needed create few limited users in my Linux distos, with limits - user can run only several commands - curl, ping…
Ok, I created simple noscript for this task… in short - sharing for you:
https://github.com/m0zgen/create-limited-user
P.S. All commands you can add in to
Few time ago I needed create few limited users in my Linux distos, with limits - user can run only several commands - curl, ping…
Ok, I created simple noscript for this task… in short - sharing for you:
https://github.com/m0zgen/create-limited-user
P.S. All commands you can add in to
commands.txt, all functionality described in the README.md, enjoy)GitHub
GitHub - m0zgen/create-limited-user: Create or modify existing user permissions to limited executable commands in Linux
Create or modify existing user permissions to limited executable commands in Linux - GitHub - m0zgen/create-limited-user: Create or modify existing user permissions to limited executable commands i...
Extracting Cobalt Strike from Windows Error Reporting
https://bmcder.com/blog/extracting-cobalt-strike-from-windows-error-reporting
https://bmcder.com/blog/extracting-cobalt-strike-from-windows-error-reporting
lexical - an extensible text editor framework that does things differently
https://lexical.dev
GH - https://github.com/facebook/lexical
https://lexical.dev
GH - https://github.com/facebook/lexical
BLINDING SNORT: BREAKING THE MODBUS OT PREPROCESSOR
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
Claroty
Blinding Snort IDS/IPS: Breaking the Modbus OT Preprocessor
Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. Learn more with Claroty.
8 Software engineering principles to live by
KISS, DRY, YAGNI, SOLID, SRP, OCP, LSP, ISP, DIP:
https://www.callicoder.com/software-development-principles/
KISS, DRY, YAGNI, SOLID, SRP, OCP, LSP, ISP, DIP:
https://www.callicoder.com/software-development-principles/
CalliCoder
8 Software engineering principles to live by
Software engineering principles are a list of approaches, styles, philosophies, and best practices introduced by some of the noted software engineers, and authors in our industry.
Intercept traffic with light open projects
- ad-mitm - https://github.com/epitron/mitm-adblock
- ad-proxy - https://github.com/threedaymonk/adproxy
- goward - https://golangrepo.com/repo/chdav-GoWard
- execrcise for develeporr with mitm-play - https://www.npmjs.com/package/mitm-play
- ad-mitm - https://github.com/epitron/mitm-adblock
- ad-proxy - https://github.com/threedaymonk/adproxy
- goward - https://golangrepo.com/repo/chdav-GoWard
- execrcise for develeporr with mitm-play - https://www.npmjs.com/package/mitm-play
GitHub
GitHub - epitron/mitm-adblock: A fast adblocking proxy server (which works on HTTPS connections)
A fast adblocking proxy server (which works on HTTPS connections) - epitron/mitm-adblock
Poland.Business Harbour - How to migrate you with new work in Poland
Russian/English, recommendations and etc., made from GOV.PL:
* https://www.gov.pl/web/poland-businessharbour-en
* [RU] Информация для русскоговорящих. ИТ специлисты которые могут уехать работать в Польшу, особенно двери отркыты для специлистов из: Армении, Грузии, Молдавии, Украины, Азербайджана, РФ… а вот КЗ например в пролете…
- https://www.gov.pl/web/poland-businessharbour-ru/itspecialist
#work #poland
Russian/English, recommendations and etc., made from GOV.PL:
* https://www.gov.pl/web/poland-businessharbour-en
* [RU] Информация для русскоговорящих. ИТ специлисты которые могут уехать работать в Польшу, особенно двери отркыты для специлистов из: Армении, Грузии, Молдавии, Украины, Азербайджана, РФ… а вот КЗ например в пролете…
- https://www.gov.pl/web/poland-businessharbour-ru/itspecialist
#work #poland
Poland.Business Harbour (Angielski)
Poland.Business Harbour - Poland.Business Harbour (Angielski) - Gov.pl website
Cyber Security University is a curated list of free educational resources that focuses on learn by doing.
(tryhackme links collection)
https://github.com/brootware/Cyber-Security-University
(tryhackme links collection)
https://github.com/brootware/Cyber-Security-University
GitHub
GitHub - brootware/awesome-cyber-security-university: 🎓 Because Education should be free. Contributions welcome! 🕵️
🎓 Because Education should be free. Contributions welcome! 🕵️ - GitHub - brootware/awesome-cyber-security-university: 🎓 Because Education should be free. Contributions welcome! 🕵️
SSH Tunnels SIMPLIFIED
Using SSH tunnels is the most magical, incredible, HORRIBLY CONFUSING thing you can do with SSH. But once you understand how they're actually redirecting traffic, using them becomes second nature. Plus you can do sneaky things like getting around a firewall and accessing servers that are supposed to be hidden…:
https://www.youtube.com/watch?v=Wp7boqm3Xts
Using SSH tunnels is the most magical, incredible, HORRIBLY CONFUSING thing you can do with SSH. But once you understand how they're actually redirecting traffic, using them becomes second nature. Plus you can do sneaky things like getting around a firewall and accessing servers that are supposed to be hidden…:
https://www.youtube.com/watch?v=Wp7boqm3Xts
YouTube
SSH Tunnels SIMPLIFIED!
Using SSH tunnels is the most magical, incredible, HORRIBLY CONFUSING thing you can do with SSH. But once you understand how they're actually redirecting traffic, using them becomes second nature. Plus you can do sneaky things like getting around a firewall…