Source Byte

Azure Attack Paths #Cloud #Azure

Also there's more things

LOLBin for Downloading Arbitrary Files C:\Windows\System32\IME\SHARED\IMEWDBLD.exe <URL> Find the downloaded file in %LocalAppData%\Microsoft\Windows\INetCache\<8_RANDOM_ALNUM_CHARS>/<FILENAME>[1].<EXTENSION> #windows #redteam #lolbin ——— @islemolecule_source

With thanks to https://twitter.com/br0k3ns0und For This collection

LOLOL Living Off the Living Off the Land https://br0k3nlab/lofp/ Living off the False Positive

an autogenerated collection of false positives sourced from some of the most popular rule sets. The information is categorized along with ATT&CK techniques, rule source, and data source.

https://loldrivers.io Living Off The

Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks

https://gtfobins.github.io

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

https://lolbas-project.github.io

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques

https://lots-project.com

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain

https://filesec.io

File extensions being used by attackers

https://hijacklibs.net

This project provides an curated list of DLL Hijacking candidates

https://wadcoms.github.io

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments

https://www.loobins.io

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes

https://lolapps-project.github.io

This project was made because exploitation isn’t limited to binaries using command line techniques. Both built-in and third-party applications have been used & abused for adversarial gain since the dawn of time, and knowing these methods can help when all else fail.

https://www.bootloaders.io

Curated list of known malicious bootloaders for various operating systems. The project aims to assist security professionals in staying informed and mitigating potential threats associated with bootloaders BYOL Bring Your Own Land (BYOL)

https://lothardware.com.tr

Living Off The Hardware is a resource collection that provides guidance on identifying and utilizing malicious hardware and malicious devices

https://wtfbins.wtf/

WTFBin is a binary that behaves exactly like malware, except, somehow, it’s not

https://lofl-project.github.io

Living Off the Foreign Land (LOFL) are LOFL Cmdlets and Binaries (LOFLCABs) that are capable of performing activities from the local (Offensive Windows) system to a REMOTE system.

https://persistence-info.github.io

This contains information about Windows persistence mechanisms to make the protection/detection more efficient.

https://github.com/WithSecureLabs/lolcerts

Threat actors are known to sign their malware using stolen, or even legally acquired, code signing certificates. This project aims at collecting the details of the certificates that are known to be abused in the wild by malicious actors.

https://boostsecurityio.github.io/lotp/

Inventory how development tools (typically CLIs), commonly used in CI/CD pipelines, have lesser-known RCE-By-Design features (“foot guns”), or more generally, can be used to achieve arbitrary code execution by running on untrusted code changes or following a workflow injection.

https://lolbins-ctidriven.vercel.app/

This project that aims to help cyber defenders understand how LOLBin binaries are used by threat actors during an intrusion in a graphical and digestible format.

https://lolesxi-project.github.io/LOLESXi/

This project features a comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations.

https://lolrmm.io/

This project is a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors.

#lolbins

🖨 Living Off The Land - https://lolapps-project.github.io - LOLAD - UNIX binaries - Windows binaries - A collection of resources to thrive off the land #lolbins

🖨 Living Off The Land - https://lolapps-project.github.io - LOLAD - UNIX binaries - Windows binaries - A collection of resources to thrive off the land

initial brokers now : 😋

WatchTowr POCs: CVE-2024-8068 & CVE-2024-8069 : Citrix Virtual Apps and Desktops (XEN) $versions - Unauthenticated Remote Code execution (Chain) POC/AN : https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit CVE-2024-47575 : Fortinet FortiManager 'Fgfmsd' $versions Unauthenticated Remote Code Execution (AKA FortiJump) POC/AN : https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575 CVE-2024-0012 & CVE-2024-9474 : PAN-OS $versions - Authentication Bypass LPE Root Command Injection (AKA Sslvpn _ Chain) POC/AN : https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012/ @APTIRAN

🔴 احتمالا شندید که میگن آنتی ویروسها از طریق یسری امضا (signatures) اقدام به شناسایی بدافزارها میکنن. در این ویدیو از hoagie hacks دقیقا توضیح میده که منظور از امضاء چیه و آنتی ویروسهایی مانند Microsoft Defender چطوری از اونا برای شناسایی بدافزارها استفاده میکنن. برای اینکه اینارو نشون بده، یدونه shellcode injection خیلی ساده در ++C پیاده سازی کرده و اومده امضاهایی که منجر به شناسایی بدافزار در Virus Total میشه رو شناسایی و حذف میکنه. این ویدیوها قراره بصورت مجموعه ارائه بشه و در قسمتهای بعدی تکنیکهای string/API hashing و metamorphic/polymorphic code رو هم پیاده سازی میکنه. هدف این ویدیوها، بهبود مهارتهای تیم قرمز و آشنایی و دفاع در تیم های آبی هستش. #تیم_قرمز #تیم_آبی #آنتی_ویروس #توسعه_بدافزار #redteam #Blueteam #MalwareDev #AV 🆔 @onhex_ir ➡️ ALL Link

How to Investigate Insider Threats (Forensic Methodology) https://www.inversecos.com/2022/10/how-to-investigate-insider-threats.html

Find their #ttp

COM Object - Part 1 Confirm the concept of COM objects through practice and Check how to find a vulnerable COM object. https://hackyboiz.github.io/2024/11/24/ogu123/COM_Object/

Cyber Threat Intelligence (CTI): A Clear Process for Data Ingestion and Distribution https://medium.com/@philiphristoff/cyber-threat-intelligence-cti-a-clear-process-for-data-ingestion-and-distribution-1889f6a2c5a8

Take a look into the depths of Windows kernels and reveal more than 60000 undocumented structures https://www.vergiliusproject.com/

Wayback Machine collection search twitter.com/BanPangar shared a method for finding emails/nicknames mentions in the text of web pages/docs with archive.org collection search. Help find a lot of things that don't show up in Google results. Don't forget the quotes. #osint

دنبال یه سری منبع در مورد golang internals بودم که با این repository آشنا شدم، به صورت موضوعی لینک های خوبی رو معرفی کرده، دوست داشتید بررسی کنید. A collection of articles and videos to understand Golang internals. https://github.com/emluque/golang-internals-resources @gocasts