APT

Resolve domains into IP address: while read l; do ip=$(dig +short $l | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|head -1);echo "[+] '$l' => $ip";echo $ip >> ips.txt;done < domains.txt #cybersecuritytips #bugbounty

https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/ #news #nightmare

DEF CON 29 Main Stage Presentations: 1-Babak Javadi, Nick Draffen, Eric Bettse, Anze Jensterle - The PACS man Comes For Us All https://www.youtube.com/watch?v=NARJrwX_KFY 2-Reza Soosahabi, Chuck McAuley - SPARROW: A Novel Covert Communication Scheme https://www.youtube.com/watch?v=oaLIo9HwW-g 3-Tomer Bar, Eran Segal - 2021 Our Journey Back To The Future Of Windows Vulnerabilities https://www.youtube.com/watch?v=VxNi5pVDZU0 4-Sick Codes - The Agricultural Data Arms Race Exploiting a Tractor Load of Vulns https://www.youtube.com/watch?v=zpouLO-GXLo 5-Shir Tamari, Ami Luttwak - New class of DNS Vulns Affecting DNS-as-Service Platforms https://www.youtube.com/watch?v=72uzIZPyVjI 6-Sheila A Berta - The Unbelievable Insecurity of the Big Data Stack https://www.youtube.com/watch?v=vl9hk4fQdos 7-Roy Davis - No Key No PIN No Combo No Problem Pwning ATMs For Fun and Profit https://www.youtube.com/watch?v=9cG-JL0LHYw 8-Rotem Bar - Abusing SAST tools When scanners do more than just scanning https://www.youtube.com/watch?v=Jl-CU6G4Ofc 9-Richard Thieme AKA neuralcowboy - UFOs: Misinformation, Disinfo, and the Basic Truth https://www.youtube.com/watch?v=mExktWB0qz4 10-Richard Henderson - Old MacDonald Had a Barcode, E I E I CAR https://www.youtube.com/watch?v=cIcbAMO6sxo 11-Rex Guo, Junyuan Zeng - Phantom Attack: Evading System Call Monitoring https://www.youtube.com/watch?v=yaAdM8pWKG8 12-Paz Hameiri - TEMPEST Radio Station https://www.youtube.com/watch?v=m9WkEwshNKc 13-Patrick Wardle - Bundles of Joy: Breaking MacOS via Subverted Applications Bundles https://www.youtube.com/watch?v=raSTgFqYaoc 14-PatH - Warping Reality: Creating and Countering the Next Generation of Linux Rootkits https://www.youtube.com/watch?v=g6SKWT7sROQ 15-Orange Tsai - ProxyLogon Just Tip of the Iceberg, New Attack Surface on Exchange Server-@onhex_ir https://www.youtube.com/watch?v=5mqid-7zp8k 16-Matthew Bryant - Hacking G Suite: The Power of Dark Apps Script Magic https://www.youtube.com/watch?v=6AsVUS79gLw 17-Mars Cheng, Selmon Yang - Taking Apart and Taking Over ICS & SCADA Ecosystems https://www.youtube.com/watch?v=L0w_aE4jRFw 18-Laura Abbott, Rick Altherr -Breaking TrustZone M: Privilege Escalation on LPC55S69 https://www.youtube.com/watch?v=eKKgaGbcq4o 19-Justin Perdok - Hi Im DOMAIN Steve, Please Let Me Access VLAN2 https://www.youtube.com/watch?v=lDCoyxIhTN8 20-Jenko Hwong - New Phishing Attacks Exploiting OAuth Authentication Flows https://www.youtube.com/watch?v=9slRYvpKHp4 21-Jeff Dileo - Instrument and Find Out: Parasitic Tracers for High Level Languages https://www.youtube.com/watch?v=Iy1BNywebpY 22-James Kettle - HTTP2: The Sequel is Always Worse https://www.youtube.com/watch?v=rHxVVeM9R-M 23-Jacob Baines - Bring Your Own Print Driver Vulnerability https://www.youtube.com/watch?v=vdesswZYz-8 24-Ian Coldwater, Chad Rikansrud - Real Life Story of the 1st Mainframe Container Breakout https://www.youtube.com/watch?v=7DXF7YDBf-g 25-hyp3ri0n aka Alejandro Caceres Jason Hopper - PunkSPIDER and IOStation: Making a Mess-@onhex_ir https://www.youtube.com/watch?v=DlS_sl4hTWg 26-Hao Xing, Zekai Wu - How I use a JSON 0day to Steal Your Money on the Blockchain https://www.youtube.com/watch?v=pUexrXOGCkE 27-David Dworken - Worming through IDEs https://www.youtube.com/watch?v=pzqu_qaoNuY 28-Cory Doctorow - Privacy Without Monopoly https://www.youtube.com/watch?v=deRRR5B1hwI 29-Christopher Wade - Breaking Secure Bootloaders https://www.youtube.com/watch?v=z4gIxdFfJDg 30-Chad Seaman - UPnProxyPot: Fake the Funk, Become a Blackhat Proxy, MITM their TLS... https://www.youtube.com/watch?v=mHCGNUsrTf0 31-Brian Hong - Sleight of ARM: Demystifying Intel Houdini https://www.youtube.com/watch?v=9oQ5XjA1aq0 32-Bill Graydon - Defeating Physical Intrusion Detection Alarm Wires https://www.youtube.com/watch?v=Liz9R_QxSgk 33-Ben Kurtz - Offensive Golang Bonanza: Writing Golang Malware https://www.youtube.com/watch?v=3RQb05ITSyk

Scope Based Recon https://www.xmind.net/m/hKKexj/ #AppSec #hacking #bugbountytips #websecurity #xmind

Cookie Based Auth Vulnerabilities https://www.xmind.net/m/2FwJ7D/ #AppSec #hacking #bugbountytips #websecurity #xmind

Forget Password Vulns https://www.xmind.net/m/nZwbdk/ #AppSec #hacking #bugbountytips #websecurity #xmind

AppSec Ezine https://pathonproject.com/zb/?da0fdd7f7fd0d09c#bod4fYcp6Zbxi3iRKuTDAGQgWNFHbJ/JwPjWjd/Veaw= #AppSec #Security

Search JS using Gau gau -subs DOMAIN |grep -iE '\.js'|grep -iEv '(\.jsp|\.json)' >> js.txt #bugbounty #bugbountytips

Git-Secret Go scripts for finding an API key / some keywords in a github repository https://github.com/daffainfo/Git-Secret #bugbounty #bugbountytips #pentest #api #infosec

Site-wide CSRF using the GraphQL API

Malware Development Resources A tale of EDR bypass methods # https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/ Antivirus Artifacts # https://github.com/D3VI5H4/Antivirus-Artifacts Windows X86-64 System Call Table (XP/2003/Vista/2008/7/2012/8/10) # https://j00ru.vexillium.org/syscalls/nt/64/ SysWhisoers # https://github.com/jthuraisamy/SysWhispers SysWhispers2 # https://github.com/jthuraisamy/SysWhispers2 SysWhispers2_x86 # https://github.com/mai1zhi2/SysWhispers2_x86 Dynamic Invocation in .NET to bypass hooks # https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/ Dynamic-Invoke # https://thewover.github.io/Dynamic-Invoke/ Offensive P/Invoke: Leveraging the Win32 API from Managed Code # https://posts.specterops.io/offensive-p-invoke-leveraging-the-win32-api-from-managed-code-7eef4fdef16d Syscalls with D/Invoke # https://offensivedefence.co.uk/posts/dinvoke-syscalls/ Shellycoat # https://github.com/slaeryan/AQUARMOURY/tree/master/Shellycoat Defeating Antivirus Real-time Protection From The Inside # https://breakdev.org/defeating-antivirus-real-time-protection-from-the-inside/ Preventing 3rd Party DLLs from Injecting into your Malware # https://www.ired.team/offensive-security/defense-evasion/preventing-3rd-party-dlls-from-injecting-into-your-processes Lets Create An EDR… And Bypass It! # https://ethicalchaos.dev/2020/05/27/lets-create-an-edr-and-bypass-it-part-1/ # https://ethicalchaos.dev/2020/06/14/lets-create-an-edr-and-bypass-it-part-2/ Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs # https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis Red Team Tactics: Utilizing Syscalls in C# # https://jhalon.github.io/utilizing-syscalls-in-csharp-1/ # https://jhalon.github.io/utilizing-syscalls-in-csharp-2/ Art of Anti Detection # https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/ # https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/ # https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/ #edr #av #evasion #maldev

Kubernetes Hardening Guidance The NSA and CISA have published today a Kubernetes security-hardening guide https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF #kubernetes #hardening #security

IDOR Techniques https://www.xmind.net/m/CSKSWZ/ #IDOR #bugbountytips

RedTeam n00b Tip: If you're on a Linux box and need to port scan without nmap, try netcat.

nc -zv 10.11.12.13 1-65535 2>&1 | grep succeeded

Or loop through a list of targets: for target in $(cat targets.txt); do nc -zv $target 1-65535 2>&1 | grep succeeded; done #redteam #scan #pentest

The path to code execution in the era of EDR, Next-Gen AVs, and AMSI https://klezvirus.github.io/RedTeaming/AV_Evasion/CodeExeNewDotNet/ #av #bypass #EDR #AMSI

EfsPotato Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability). https://github.com/zcgonvh/EfsPotato #windows #privesc #pentest

Active Directory ACEs abuse mindmap #pentest #redteam #ad #mindmap

purpleteam - CLI component of OWASP PurpleTeam https://github.com/purpleteam-labs/purpleteam #PurpleTeam #OWASP

#BurpHacksForBounties - Day 29/30 No Collaborator No worries Burp Suite Collaborator is part of pro, so use requestbin.net - Exactly same as collaborator - Free 20 requests without login - HTTP bin - DNS bin #infosec #appsec #bugbountytips #bugbountytip #burp