Creating an OPSEC safe loader for Red Team Operations
https://labs.nettitude.com/blog/creating-an-opsec-safe-loader-for-red-team-operations
Tartarus-TpAllocInject: This is a simple loader that uses indirect syscalls via the Tartarus' Gate method.
This loader executes shellcode with an known WINAPI CreateThreadPoolWait but I have changed things a little bit and instead, I call the underlying Tp* APIs from Ntdll.dll
https://github.com/nettitude/Tartarus-TpAllocInject
Home Grown Red Team: Hosting Encrypted Stager Shellcode
https://assume-breach.medium.com/home-grown-red-team-hosting-encrypted-stager-shellcode-1dc5e06eaeb3
StageFright: is a staged payload framework that allows the user to run customized staged payloads over various protocols
https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/StageFright
Frida-Labs: The repo contains a series of challenges for learning Frida for Android Exploitation
https://github.com/DERE-ad2001/Frida-Labs
Highlighting case using Burp Suite Bambda
https://gist.github.com/irsdl/d9078390cb844d538f75a2fe4831cadf
TrueSightKiller: is a CPP AV/EDR Killer
This driver can be used in Windows 23H2 with HVCI enabled, loldrivers blocklist, or WDAC enabled
https://github.com/MaorSabag/TrueSightKiller
SharpRODC: To audit the security of read-only domain controllers
https://github.com/wh0amitz/SharpRODC
Browsers' cache smuggling
https://blog.whiteflag.io/blog/browser-cache-smuggling
Default Credentials, P1 with $$$$ Reward in a Bug Bounty Program
https://infosecwriteups.com/default-credentials-p1-with-reward-in-a-bug-bounty-program-1aad9c008619
InfoSec Black Friday Deals:
Friday Hack Fest 2023 Edition
https://github.com/0x90n/InfoSec-Black-Friday
Hide your files of any type inside a image of your choice
https://github.com/JoshuaKasa/van-gonography
Obfusheader.h is a portable header file for C++14 and higher which implements multiple features for compile-time obfuscation for example string & decimal encryption, control flow, call hiding
https://github.com/ac3ss0r/obfusheader.h
RunWithDll: A utility that can be used to launch an executable with a DLL injected
https://github.com/TimMisiak/RunWithDll
NtlmThief: This is a C++ implementation of the Internal Monologue attack. It allows to get NetNTLM hashes of users using SSPI
https://github.com/MzHmO/NtlmThief
HavocExploit: A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc
https://github.com/syncwithali/HavocExploit
Introducing the Best EDR Of The Market Project ⚔️
A Little AV/EDR Bypassing Lab for Training & Leaning Purposes
https://xacone.github.io/BestEdrOfTheMarket
BestEDROfTheMarket: is a naive user-mode EDR project, designed to serve as a testing ground for understanding and bypassing EDR's user-mode detection methods that are frequently used by these security solutions.
These techniques are mainly based on a dynamic analysis of the target process state (memory, API calls, etc.),
https://github.com/Xacone/BestEdrOfTheMarket
Behind the Scenes: The Daily Grind of Threat Hunter
https://kostas-ts.medium.com/behind-the-scenes-the-daily-grind-of-threat-hunter-8051de276597
Amnesiac: is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
https://github.com/Leo4j/Amnesiac
Abusing .NET Core CLR Diagnostic Features (+CVE-2023-33127)
https://bohops.com/2023/11/27/abusing-net-core-clr-diagnostic-features-cve-2023-33127
Custom GetProcAddress and GetModuleHandle parsing forwarded export
https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3
EvilSlackbot: A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces
https://github.com/Drew-Sec/EvilSlackbot
Powershell tools used for Red Team / Pentesting
https://github.com/gustanini/PowershellTools
Enumerating Logged-On Users on Remote Systems via RemoteRegistry / Winreg Named Pipe
https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1
Mass Hunting XSS vulnerabilities
https://infosecwriteups.com/mass-hunting-xss-vulnerabilities-5b53363dd3db
PenTesting Report Generation and Collaboration Engine
https://github.com/factionsecurity/faction
CVE-2023-4357 Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors
https://github.com/xcanwin/CVE-2023-4357-Chrome-XXE
matro7sh_loaders: this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)
https://github.com/matro7sh/matro7sh_loaders
DotNET XorCryptor: This is a .NET executable packer with payload encryption
https://github.com/DosX-dev/DotNET_XorCryptor
Давно думал, публиковать свой софт или нет... Вот и решил для начала переписать Rubeus (не весь конечно) на C и перевести в COF файлы. В общем, из коробки работает с Cobalt Strike и Havoc😁😁
https://github.com/RalfHacker/Kerbeus-BOF
#bof #git #soft #redteam #pentest
AESCrypt implementation of Microsoft Cryptography API, encrypt/decrypt with AES-256 from a passphrase
https://github.com/hackerhouse-opensource/AESCrypt
Threat Intelligence Malware Analysis: SolarMarker — To Jupyter and Back - SolarMarker uses process injection to run the hVNC and data staging payload. The actors behind SolarMarker primarily utilize .NET for the majority of their payloads
https://www.esentire.com/blog/solarmarker-to-jupyter-and-back
