15 matches found
Decepticon
⚡ Decepticon — Autonomous Multi-Agent Offensive Security !L...
kexploitbinary
DarkSword Red Team Framework Framework Python com CLI para en...
rami-kali-MCP
Red Team MCP Server MCP Model Context Protocol server that...
tempest-c2
⚡ Tempest C2 Framework Advanced Post-Exploitation & Comma...
HTMLSmuggler - HTML Smuggling Generator And Obfuscator For Your Red Team Operations
The full explanation what is HTML Smuggling may be found here. The primary objective of HTML smuggling is to bypass network security controls, such as firewalls and intrusion detection systems, by disguising malicious payloads within seemingly harmless HTML and JavaScript code. By exploiting the...
MS Enterprise app management service RCE. CVE-2022-35841
TL;DR A remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September’s patch Tuesday. The vulnerability, filed under CVE-2022-35841, affects the Enterprise App Management Service which handles the installation of enterprise applications...
Domain Persistence – Machine Account
Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading - Domain Persistence - Machine Account...
ImpulsiveDLLHijack - C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries
C based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during RedTeam Operations to evade EDR's. 1. Methodological Approach : The tool basically acts on automating following stages performed for...
Red-Teaming-Toolkit
This repository is an offensive tool for Red Teaming/Adversary Simulation. It contains a collection of open source and commercial tools that aid in red team operations. The primary target product/service or framework is not explicitly stated, but the tools are designed to be used in various stage...
Live Cybersecurity Webinar — Deconstructing Cobalt Strike
Organizations' cybersecurity capabilities have improved over the past decade, mostly out of necessity. As their defenses get better, so do the methods, tactics, and techniques malicious actors devise to penetrate their environments. Instead of the standard virus or trojan, attackers today will...
Boomerang - A Tool To Expose Multiple Internal Servers To Web/Cloud
Boomerang is a tool to expose multiple internal servers to web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports on the Cloud. One will be where tools like proxychains can connect over socks, another will be for the agent to connect. The agent can be executed on any internal host. Th...
Targeted ransomware: it’s not just about encrypting your data!
When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data – its primarily about data exfiltration. After that, its about data encryption and leaving convincing proof that the attack...
Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation
In September 2019, MITRE evaluated Microsoft Threat Protection MTP and other endpoint security solutions. The ATT&CK evaluation lasted for three days, with a professional red team from MITRE emulating many advanced attack behaviors used by the nation-state threat group known as YTTRIUM APT29. Aft...
PowerTools
This repository is an offensive tool for PowerShell exploitation. It contains a collection of scripts that utilize a common pattern to host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server, and then...
Persistence – New Service
Services in a Windows environment can lead to privilege escalation if these are not configured properly or can be used as a persistence method. Creating a new service requires Administrator level privileges and it is not considered the stealthier of persistence techniques. However in red team...