APT

Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses https://v3ded.github.io/redteam/utilizing-programmatic-identifiers-progids-for-uac-bypasses #uac #bypass #progid

Jira Unauthenticated Access to Screens Exploit:

jira.example.com/rest/api/2/screens 

Note: Depends on the Program, some accept it and some consider this Informational. #jira #bugbounty

LOLBAS WorkFolders.exe "C:\Windows\System32\WorkFolders.exe" (signed by MS) can be used to run arbitrary executables in the current working directory with the name control.exe. It's like a new rundll32.exe lolbin but for EXEs! #lolbin #lolbas

ZipExec Is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms. https://github.com/Tylous/ZipExec #redteam #netsec

Shellcode Injection Techniques A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. https://github.com/plackyhacker/Shellcode-Injection-Techniques #inject #shellcode #csharp

Kubernetes Security Checklist and Requirements https://github.com/Vinum-Security/kubernetes-security-checklist #kubernetes #checklist

LSASS Encrypted Dump https://sp00ks-git.github.io/posts/LSASS-Encrypted-Dump/ #lsass #dump

Offensive WMI - Active Directory Enumeration (Part 5) https://0xinfection.github.io/posts/wmi-ad-enum/ #wmi

VirusTotal Enterprise free API Key API Key:

859b88dbbd798a5093089e0455a3d44e9fcb411603041f447f1161be3b96fb18

Example: curl 'https://www.virustotal.com/vtapi/v2/file/download?apikey=859b88dbbd798a5093089e0455a3d44e9fcb411603041f447f1161be3b96fb18&hash=76f52cba288145242a77a8762282d8d0e6d8fb3160b5fefb7b92649e503c62a1' --location --output wannacry.exe Source UPD 2022: This key has been revoked #virustotal #enterprise #apikey #free

LDAP Monitor Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object. https://github.com/p0dalirius/LDAPmonitor #ldap #monitor

K8s takeover cases sample https://github.com/Slurmio/webinar-seck8s/

#bugbounty Something interesting from our friends https://medium.com/@i.safronov/mini-ctf-including-android-reverse-engineering-deobfuscation-antidebug-evasion-with-prizes-d32acc4a190c

ScareCrow Payload creation framework designed around EDR bypass. https://github.com/optiv/ScareCrow #edr #bypass #av #fud

Red Team Tutorials # https://crypt0jan.medium.com/red-team-tutorials-1-fcc509da20c4 # https://crypt0jan.medium.com/red-team-tutorials-2-e1b86016e231 # https://crypt0jan.medium.com/red-team-tutorials-3-351e76ea796d # https://crypt0jan.medium.com/red-team-tutorials-4-616c565ccec9 #redteam #metasploit

0-Day Hunting (Chaining Bugs/Methodology) https://blog.riotsecurityteam.com/0day-chains #0day #methodology

#meme

Conf-thief A Red Team tool for exfiltrating sensitive data from Confluence pages https://github.com/antman1p/Conf-Thief #confluence #redteam

Jir-thief A Red Team tool for exfiltrating sensitive data from Jira tickets. https://github.com/antman1p/Jir-Thief #jira #redteam

HandleKatz https://github.com/codewhitesec/HandleKatz #mimikatz #lsass #dump