More cheatsheets

linux/virtualbox.md

@@ -38,7 +38,7 @@ VBoxLinuxAdditions.run/VBoxLinuxAdditions.run
 
 ###  Fix error "Can not register the hard disk"
 ```
-vboxmanage closemedium disk <id>"
+vboxmanage closemedium disk <id>
 ```
 
 ### Install developer build

snippet/js/base64.js

@@ -0,0 +1,23 @@
+function encodeBase64(input)
+{
+    const utf8Bytes = new TextEncoder().encode(input);
+    let binaryString = '';
+    utf8Bytes.forEach(byte => binaryString += String.fromCharCode(byte));
+    return btoa(binaryString);
+}
+
+
+function decodeBase64(base64Str)
+{
+    const binaryString = atob(base64Str);
+    const len = binaryString.length;
+    const bytes = new Uint8Array(len);
+
+    for (let i = 0; i < len; i++)
+    {
+        bytes[i] = binaryString.charCodeAt(i);
+    }
+
+    return new TextDecoder().decode(bytes);
+}
+

snippet/js/sendGetRequest.js

@@ -0,0 +1,16 @@
+async function sendGetRequest()
+{
+    const url = 'http://<url>';
+
+    const response = await fetch(url, {
+        method: 'GET',
+    });
+
+    if (!response.ok)
+    {
+        throw new Error(`Error: ${response.statusText}`);
+    }
+
+    return await response.json();
+}
+

snippet/py/flaskCors.py

@@ -0,0 +1,7 @@
+from flask_cors import CORS
+
+app = Flask(__name__)
+
+# enable Cross-Origin-Ressource-Sharing
+CORS(app)
+

snippet/py/flaskReceiveGetRequest.py

@@ -0,0 +1,6 @@
+@app.route('/receiveGet', methods=['GET'])
+def receiveGet():
+    parameter = request.args.get('parameter')
+    print(parameter)
+    return response, 200;
+

snippet/py/flaskReceivePostRequest.py

@@ -0,0 +1,5 @@
+@app.route('/receivePost', methods=['POST'])
+def receivePost():
+    incomingJson = request.get_json()
+    return jsonify({"message": "Data successfully received"}), 20
+

url/git-tools

@@ -301,6 +301,9 @@ A C# Command & Control framework
 https://github.com/Drew-Sec/EvilSlackbot
 A Slack bot phishing framework for Red Teaming exercises
 
+https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
+Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...
+
 https://github.com/EncodeGroup/Gopher
 C# tool to discover low hanging fruits
 
@@ -553,6 +556,9 @@ A simple worker that acts as proxy to tunnel requests over the internet, forward
 https://github.com/MWR-CyberSec/PXEThief
 PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager 
 
+https://github.com/MaLDAPtive/Invoke-Maldaptive
+MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.
+
 https://github.com/Macmod/goblob
 A fast enumeration tool for publicly exposed Azure Storage blobs.
 
@@ -1027,6 +1033,9 @@ Another tool to perform minidump of LSASS process using few technics to avoid de
 https://github.com/Yara-Rules/rules
 Repository of yara rules
 
+https://github.com/Yaxxine7/ASRepCatcher
+Make everyone in your VLAN ASRep roastable. ASRepCatcher uses ARP spoofing to catch AS-REP messages returned by the Domain Controller to the clients and prints out the hash to crack.
+
 https://github.com/YosfanEilay/ForensicMiner
 A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
 
@@ -1075,6 +1084,9 @@ Tunneling Internet traffic over Whatsapp
 https://github.com/alexandreborges/malwoverview
 Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
 
+https://github.com/alexdhital/Infiltrax
+Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, and install AnyDesk for persistent remote access.
+
 https://github.com/ambionics/phpggc
 PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
 
@@ -1621,6 +1633,9 @@ List of known AWS accounts
 https://github.com/g0h4n/REC2
 REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.
 
+https://github.com/gajos112/RegRipperPlugins
+In this repository you can find all RegRipper plugins that I have created. We encourage you to improve them and update these changes!
+
 https://github.com/garrettfoster13/sccmhunter
 SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.
 
@@ -1855,6 +1870,9 @@ Harvest passwords automatically from OpenSSH server
 https://github.com/joaoviictorti/RustRedOps
 RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust
 
+https://github.com/joe-desimone/rep-research
+Windows Smart App Control and SmartScreen bypass
+
 https://github.com/joeavanzato/Trawler
 PowerShell script to help Incident Responders discover adversary persistence mechanisms.
 
@@ -1900,6 +1918,9 @@ Tool for enumerating Active Directory environments
 https://github.com/kevin-mizu/domloggerpp
 A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
 
+https://github.com/keydet89/RegRipper3.0
+Instead, select the hive to parse, and the output directory and the GUI will automatically run all applicable plugins against the hive.
+
 https://github.com/kfosaaen/Get-LAPSPasswords
 Powershell function to pull the local admin passwords from LDAP, stored there by LAPS.
 
@@ -2035,6 +2056,9 @@ SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt
 https://github.com/m4ll0k/infoga
 Infoga - Email OSINT
 
+https://github.com/magisterquis/alpt4ats
+A Lazy Programmer's Tips for Avoiding the SOC ~ BSides Belfast 2024
+
 https://github.com/magisterquis/chromecookiestealer
 Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol.
 
@@ -2284,6 +2308,9 @@ gRPC-Web Pentesting Suite + Burp Suite Extension
 https://github.com/nyancrimew/goop
 Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.
 
+https://github.com/nyxgeek/cloudkicker
+self-hosted Azure OSINT tool
+
 https://github.com/nyxgeek/guestlist
 tool for identifying guest relationships between companies
 
@@ -2338,6 +2365,9 @@ ScareCrow - Payload creation framework designed around EDR bypass.
 https://github.com/optiv/rustyIron
 This tool represents a communication framework for navigating MobileIron's MDM authentication methods, allowing for account enumeration, single-factor authentication attacks, and message decryption.
 
+https://github.com/orhun/binsider
+Analyze ELF binaries like a boss
+
 https://github.com/outflanknl/C2-Tool-Collection
 A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
 
@@ -2653,6 +2683,9 @@ Solve Google reCAPTCHA in less than 5 seconds!
 https://github.com/saw-your-packet/EC2StepShell
 EC2StepShell is an AWS post-exploitation tool for getting high privileges reverse shells in public or private EC2 instances.
 
+https://github.com/sec-consult/msiscan
+Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers
+
 https://github.com/secretsquirrel/SigThief
 Stealing Signatures and Making One Invalid Signature at a Time
 
@@ -2677,6 +2710,9 @@ A windows token impersonation tool
 https://github.com/sensepost/ruler
 A tool to abuse Exchange services
 
+https://github.com/shaddy43/BrowserSnatch
+This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer
+
 https://github.com/shellphish/how2heap
 A repository for learning various heap exploitation techniques.
 
@@ -2770,6 +2806,9 @@ Protected Process Dumper Tool
 https://github.com/tb0hdan/domains
 World’s single largest Internet domains dataset
 
+https://github.com/techBrandon/CAPs
+Scripts to enumerate and report on Entra Conditional Access
+
 https://github.com/techjacker/repo-security-scanner
 CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
 
@@ -2902,6 +2941,9 @@ Use smb2 protocol to detect remote computer os version, support win7/server2008-
 https://github.com/waelmas/frameless-bitb
 A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.
 
+https://github.com/watchtowrlabs/CVE-2024-40711
+Pre-Auth Exploit for CVE-2024-40711
+
 https://github.com/wavestone-cdt/EDRSandblast
 EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
 

url/news.md

@@ -12,7 +12,7 @@
 * https://www.breaches.cloud
 * https://www.golem.de/specials/security
 * https://www.ransomlook.io/recent
-* https://www.ransomware.live/#/recent
+* https://www.ransomware.live
 * https://www.reddit.com/r/redteamsec
 * https://www.sixgen.io/news
 * https://www.threatable.io

url/tagged-urls.md

@@ -103,6 +103,7 @@
 * https://blog.nietaanraken.nl/posts/aur-packages-github-repo-jacking ; #supply-chain #arch #aur #threat-intelligence
 * https://blog.nviso.eu/2023/01/10/malware-based-attacks-on-atms-a-summary ; #threat-intelligence #malware-analyse #atm
 * https://blog.nviso.eu/2024/08/02/from-evidence-to-advantage-leveraging-incident-response-artifacts-for-red-team-engagements ; #windows-api #registry #forensic-artifacts
+* https://blog.orange.tw/posts/2024-08-confusion-attacks-en ; #web #apache #filename-confusion #acl-bypass #server-side-code-disclosure #handler-confusion #php
 * https://blog.phylum.io/attackers-repurposing-existing-python-based-malware-for-distribution-on-npm ; #supply-chain #npm #python #malware-analyse
 * https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3 ; #aws #bucket #s3 #storage #cognito
 * https://blog.projectdiscovery.io/guide-to-dns-takeovers ; #dns-takeover #nameserver #subdomain-takeover #osint #reconaissance
@@ -158,6 +159,7 @@
 * https://code-white.com/blog/2023-08-blindsiding-auditd-for-fun-and-profit ; #linux #audit-events #evasion #apollon #daphne #detection
 * https://codewhitesec.blogspot.com/2023/04/java-exploitation-restrictions-in.html ; #java #deserialization #jdk #ysoserial
 * https://csandker.io/2022/10/19/Untangling-Azure-Permissions.html ; #cloud #azure #entra #access-permission #app-roles #api-permissions
+* https://cyberdefnerd.com/2024/09/02/virtual-desktops-what-they-are-where-can-we-find-them ; #windows #registry #virtual-desktop #dfir #forensic
 * https://cyberdom.blog/2023/12/03/spotting-the-adversary-with-microsoft-defender-for-identity ; #azure #entra #microsoft-defender-for-identity #event-id #forensic #dfir #dcshadow #mdi
 * https://cyberdom.blog/2023/12/09/unmasking-the-shadows-the-art-of-threat-hunting-in-defender-for-identity ; #azure #entra #microsoft-defender-for-identity #forensic #dfir #threat-hunting #ldap #mdi
 * https://cybergladius.com/bash-code-obfuscation ; #obfuscation #bash #linux #backdoor
@@ -578,6 +580,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://www.blackhillsinfosec.com/introducing-graphrunner ; #azure #entra #microsoft365 #graphrunner
 * https://www.blackhillsinfosec.com/introducing-slackenum ; #slack #phishing
 * https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995 ; #phishing #microsoft-direct-send #spoofing #mail
+* https://www.blackhillsinfosec.com/wishing-webhook-phishing-in-teams ; #microsoft-teams #phishing #initial-access #webhook
 * https://www.blazeinfosec.com/post/tearing-amsi-with-3-bytes ; #windows #amsi #bypass #dll
 * https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Konfigurationsempfehlungen_zur_Haertung_von_Windows_10.pdf?__blob=publicationFile&v=3 ; #windows #hardening
 * https://www.cadosecurity.com/oracleiv-a-dockerised-ddos-botnet ; #malware #botnet #docker #threat-intelligence
@@ -595,6 +598,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://www.docguard.io/microsoft-compiled-html-help-chm-using-in-spearphishing-attack ; #threa-tinel #malware-analyse #chm
 * https://www.docguard.io/unraveling-obfuscated-macros-in-office-filesa-step-by-step-guide ; #threat-intelligence #malware #macro #obfuscation #vba
 * https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process ; #shellcode #process-injection #cheatsheets
+* https://www.elastic.co/security-labs/dismantling-smart-app-control ; #windows #initial-access #lnk-stomping #smart-screen-bypass
 * https://www.elastic.co/security-labs/grimresource ; #initial-access #msc #javascript #windows #mmc #dotNetToJScript
 * https://www.errno.fr/TTYPushback.html ; #linux #privesc #privilege-escalation #tty-pushback
 * https://www.example-code.com/vbscript/http.asp ; #vbscript #cheatsheets
@@ -726,6 +730,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://xret2pwn.github.io/Myths-About-External-C2 ; #c2 #command-and-control #infrastructure #sockets #named-pipes
 * https://xret2pwn.github.io/The-Art-of-Clipboard-Forensics-Recovering-Deleted-Data ; #clipboard #memory #dfir #forensic #history
 * https://xybytes.com/azure/Abusing-Azure-Arc ; #azure-arc #lateral-movement #service-principal
+* https://xybytes.com/windows/Exploiting-Azure-Arc-Management-Tool-to-Capture-NetNTLM-Hashes ; #azure-arg #windows #responder #ntlm-relaying
 * https://zer1t0.gitlab.io/posts/attacking_ad ; #active-directory #methodology #kerberos #trust #gpo #kerberoast #asreproast #logon-types #acl 
 * http://www.selfadsi.de ; #active-directory #ldap #wiki #documentation
 * http://www.webappsec.org/projects/articles/121106.shtml ; #smtp #imap #injection #http #mail