From 537cdec2575a4c34ef57a376b7ac883f6669d484 Mon Sep 17 00:00:00 2001 From: r1cksec <77610058+r1cksec@users.noreply.github.com> Date: Tue, 13 Aug 2024 14:59:52 +0200 Subject: [PATCH] More cheatsheets --- linux/virtualbox.md | 2 +- snippet/js/base64.js | 23 +++++++++++++++ snippet/js/sendGetRequest.js | 16 ++++++++++ snippet/py/flaskCors.py | 7 +++++ snippet/py/flaskReceiveGetRequest.py | 6 ++++ snippet/py/flaskReceivePostRequest.py | 5 ++++ url/git-tools | 42 +++++++++++++++++++++++++++ url/news.md | 2 +- url/tagged-urls.md | 5 ++++ 9 files changed, 106 insertions(+), 2 deletions(-) create mode 100644 snippet/js/base64.js create mode 100644 snippet/js/sendGetRequest.js create mode 100644 snippet/py/flaskCors.py create mode 100644 snippet/py/flaskReceiveGetRequest.py create mode 100644 snippet/py/flaskReceivePostRequest.py diff --git a/linux/virtualbox.md b/linux/virtualbox.md index 3ec9924..a6375bb 100644 --- a/linux/virtualbox.md +++ b/linux/virtualbox.md @@ -38,7 +38,7 @@ VBoxLinuxAdditions.run/VBoxLinuxAdditions.run ### Fix error "Can not register the hard disk" ``` -vboxmanage closemedium disk " +vboxmanage closemedium disk ``` ### Install developer build diff --git a/snippet/js/base64.js b/snippet/js/base64.js new file mode 100644 index 0000000..3c52b51 --- /dev/null +++ b/snippet/js/base64.js @@ -0,0 +1,23 @@ +function encodeBase64(input) +{ + const utf8Bytes = new TextEncoder().encode(input); + let binaryString = ''; + utf8Bytes.forEach(byte => binaryString += String.fromCharCode(byte)); + return btoa(binaryString); +} + + +function decodeBase64(base64Str) +{ + const binaryString = atob(base64Str); + const len = binaryString.length; + const bytes = new Uint8Array(len); + + for (let i = 0; i < len; i++) + { + bytes[i] = binaryString.charCodeAt(i); + } + + return new TextDecoder().decode(bytes); +} + diff --git a/snippet/js/sendGetRequest.js b/snippet/js/sendGetRequest.js new file mode 100644 index 0000000..d89f0fa --- /dev/null +++ b/snippet/js/sendGetRequest.js @@ -0,0 +1,16 @@ +async function sendGetRequest() +{ + const url = 'http://'; + + const response = await fetch(url, { + method: 'GET', + }); + + if (!response.ok) + { + throw new Error(`Error: ${response.statusText}`); + } + + return await response.json(); +} + diff --git a/snippet/py/flaskCors.py b/snippet/py/flaskCors.py new file mode 100644 index 0000000..999a644 --- /dev/null +++ b/snippet/py/flaskCors.py @@ -0,0 +1,7 @@ +from flask_cors import CORS + +app = Flask(__name__) + +# enable Cross-Origin-Ressource-Sharing +CORS(app) + diff --git a/snippet/py/flaskReceiveGetRequest.py b/snippet/py/flaskReceiveGetRequest.py new file mode 100644 index 0000000..7664ddd --- /dev/null +++ b/snippet/py/flaskReceiveGetRequest.py @@ -0,0 +1,6 @@ +@app.route('/receiveGet', methods=['GET']) +def receiveGet(): + parameter = request.args.get('parameter') + print(parameter) + return response, 200; + diff --git a/snippet/py/flaskReceivePostRequest.py b/snippet/py/flaskReceivePostRequest.py new file mode 100644 index 0000000..964322d --- /dev/null +++ b/snippet/py/flaskReceivePostRequest.py @@ -0,0 +1,5 @@ +@app.route('/receivePost', methods=['POST']) +def receivePost(): + incomingJson = request.get_json() + return jsonify({"message": "Data successfully received"}), 20 + diff --git a/url/git-tools b/url/git-tools index 5c8b366..03625d0 100644 --- a/url/git-tools +++ b/url/git-tools @@ -301,6 +301,9 @@ A C# Command & Control framework https://github.com/Drew-Sec/EvilSlackbot A Slack bot phishing framework for Red Teaming exercises +https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode +Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode... + https://github.com/EncodeGroup/Gopher C# tool to discover low hanging fruits @@ -553,6 +556,9 @@ A simple worker that acts as proxy to tunnel requests over the internet, forward https://github.com/MWR-CyberSec/PXEThief PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager +https://github.com/MaLDAPtive/Invoke-Maldaptive +MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. + https://github.com/Macmod/goblob A fast enumeration tool for publicly exposed Azure Storage blobs. @@ -1027,6 +1033,9 @@ Another tool to perform minidump of LSASS process using few technics to avoid de https://github.com/Yara-Rules/rules Repository of yara rules +https://github.com/Yaxxine7/ASRepCatcher +Make everyone in your VLAN ASRep roastable. ASRepCatcher uses ARP spoofing to catch AS-REP messages returned by the Domain Controller to the clients and prints out the hash to crack. + https://github.com/YosfanEilay/ForensicMiner A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals. @@ -1075,6 +1084,9 @@ Tunneling Internet traffic over Whatsapp https://github.com/alexandreborges/malwoverview Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT. +https://github.com/alexdhital/Infiltrax +Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, and install AnyDesk for persistent remote access. + https://github.com/ambionics/phpggc PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically. @@ -1621,6 +1633,9 @@ List of known AWS accounts https://github.com/g0h4n/REC2 REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust. +https://github.com/gajos112/RegRipperPlugins +In this repository you can find all RegRipper plugins that I have created. We encourage you to improve them and update these changes! + https://github.com/garrettfoster13/sccmhunter SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. @@ -1855,6 +1870,9 @@ Harvest passwords automatically from OpenSSH server https://github.com/joaoviictorti/RustRedOps RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust +https://github.com/joe-desimone/rep-research +Windows Smart App Control and SmartScreen bypass + https://github.com/joeavanzato/Trawler PowerShell script to help Incident Responders discover adversary persistence mechanisms. @@ -1900,6 +1918,9 @@ Tool for enumerating Active Directory environments https://github.com/kevin-mizu/domloggerpp A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations. +https://github.com/keydet89/RegRipper3.0 +Instead, select the hive to parse, and the output directory and the GUI will automatically run all applicable plugins against the hive. + https://github.com/kfosaaen/Get-LAPSPasswords Powershell function to pull the local admin passwords from LDAP, stored there by LAPS. @@ -2035,6 +2056,9 @@ SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt https://github.com/m4ll0k/infoga Infoga - Email OSINT +https://github.com/magisterquis/alpt4ats +A Lazy Programmer's Tips for Avoiding the SOC ~ BSides Belfast 2024 + https://github.com/magisterquis/chromecookiestealer Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol. @@ -2284,6 +2308,9 @@ gRPC-Web Pentesting Suite + Burp Suite Extension https://github.com/nyancrimew/goop Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases. +https://github.com/nyxgeek/cloudkicker +self-hosted Azure OSINT tool + https://github.com/nyxgeek/guestlist tool for identifying guest relationships between companies @@ -2338,6 +2365,9 @@ ScareCrow - Payload creation framework designed around EDR bypass. https://github.com/optiv/rustyIron This tool represents a communication framework for navigating MobileIron's MDM authentication methods, allowing for account enumeration, single-factor authentication attacks, and message decryption. +https://github.com/orhun/binsider +Analyze ELF binaries like a boss + https://github.com/outflanknl/C2-Tool-Collection A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques. @@ -2653,6 +2683,9 @@ Solve Google reCAPTCHA in less than 5 seconds! https://github.com/saw-your-packet/EC2StepShell EC2StepShell is an AWS post-exploitation tool for getting high privileges reverse shells in public or private EC2 instances. +https://github.com/sec-consult/msiscan +Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers + https://github.com/secretsquirrel/SigThief Stealing Signatures and Making One Invalid Signature at a Time @@ -2677,6 +2710,9 @@ A windows token impersonation tool https://github.com/sensepost/ruler A tool to abuse Exchange services +https://github.com/shaddy43/BrowserSnatch +This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer + https://github.com/shellphish/how2heap A repository for learning various heap exploitation techniques. @@ -2770,6 +2806,9 @@ Protected Process Dumper Tool https://github.com/tb0hdan/domains World’s single largest Internet domains dataset +https://github.com/techBrandon/CAPs +Scripts to enumerate and report on Entra Conditional Access + https://github.com/techjacker/repo-security-scanner CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys @@ -2902,6 +2941,9 @@ Use smb2 protocol to detect remote computer os version, support win7/server2008- https://github.com/waelmas/frameless-bitb A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx. +https://github.com/watchtowrlabs/CVE-2024-40711 +Pre-Auth Exploit for CVE-2024-40711 + https://github.com/wavestone-cdt/EDRSandblast EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. diff --git a/url/news.md b/url/news.md index 13236a1..dda7d6d 100644 --- a/url/news.md +++ b/url/news.md @@ -12,7 +12,7 @@ * https://www.breaches.cloud * https://www.golem.de/specials/security * https://www.ransomlook.io/recent -* https://www.ransomware.live/#/recent +* https://www.ransomware.live * https://www.reddit.com/r/redteamsec * https://www.sixgen.io/news * https://www.threatable.io diff --git a/url/tagged-urls.md b/url/tagged-urls.md index 4c92f16..1b0a442 100644 --- a/url/tagged-urls.md +++ b/url/tagged-urls.md @@ -103,6 +103,7 @@ * https://blog.nietaanraken.nl/posts/aur-packages-github-repo-jacking ; #supply-chain #arch #aur #threat-intelligence * https://blog.nviso.eu/2023/01/10/malware-based-attacks-on-atms-a-summary ; #threat-intelligence #malware-analyse #atm * https://blog.nviso.eu/2024/08/02/from-evidence-to-advantage-leveraging-incident-response-artifacts-for-red-team-engagements ; #windows-api #registry #forensic-artifacts +* https://blog.orange.tw/posts/2024-08-confusion-attacks-en ; #web #apache #filename-confusion #acl-bypass #server-side-code-disclosure #handler-confusion #php * https://blog.phylum.io/attackers-repurposing-existing-python-based-malware-for-distribution-on-npm ; #supply-chain #npm #python #malware-analyse * https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3 ; #aws #bucket #s3 #storage #cognito * https://blog.projectdiscovery.io/guide-to-dns-takeovers ; #dns-takeover #nameserver #subdomain-takeover #osint #reconaissance @@ -158,6 +159,7 @@ * https://code-white.com/blog/2023-08-blindsiding-auditd-for-fun-and-profit ; #linux #audit-events #evasion #apollon #daphne #detection * https://codewhitesec.blogspot.com/2023/04/java-exploitation-restrictions-in.html ; #java #deserialization #jdk #ysoserial * https://csandker.io/2022/10/19/Untangling-Azure-Permissions.html ; #cloud #azure #entra #access-permission #app-roles #api-permissions +* https://cyberdefnerd.com/2024/09/02/virtual-desktops-what-they-are-where-can-we-find-them ; #windows #registry #virtual-desktop #dfir #forensic * https://cyberdom.blog/2023/12/03/spotting-the-adversary-with-microsoft-defender-for-identity ; #azure #entra #microsoft-defender-for-identity #event-id #forensic #dfir #dcshadow #mdi * https://cyberdom.blog/2023/12/09/unmasking-the-shadows-the-art-of-threat-hunting-in-defender-for-identity ; #azure #entra #microsoft-defender-for-identity #forensic #dfir #threat-hunting #ldap #mdi * https://cybergladius.com/bash-code-obfuscation ; #obfuscation #bash #linux #backdoor @@ -578,6 +580,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok * https://www.blackhillsinfosec.com/introducing-graphrunner ; #azure #entra #microsoft365 #graphrunner * https://www.blackhillsinfosec.com/introducing-slackenum ; #slack #phishing * https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995 ; #phishing #microsoft-direct-send #spoofing #mail +* https://www.blackhillsinfosec.com/wishing-webhook-phishing-in-teams ; #microsoft-teams #phishing #initial-access #webhook * https://www.blazeinfosec.com/post/tearing-amsi-with-3-bytes ; #windows #amsi #bypass #dll * https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Konfigurationsempfehlungen_zur_Haertung_von_Windows_10.pdf?__blob=publicationFile&v=3 ; #windows #hardening * https://www.cadosecurity.com/oracleiv-a-dockerised-ddos-botnet ; #malware #botnet #docker #threat-intelligence @@ -595,6 +598,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok * https://www.docguard.io/microsoft-compiled-html-help-chm-using-in-spearphishing-attack ; #threa-tinel #malware-analyse #chm * https://www.docguard.io/unraveling-obfuscated-macros-in-office-filesa-step-by-step-guide ; #threat-intelligence #malware #macro #obfuscation #vba * https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process ; #shellcode #process-injection #cheatsheets +* https://www.elastic.co/security-labs/dismantling-smart-app-control ; #windows #initial-access #lnk-stomping #smart-screen-bypass * https://www.elastic.co/security-labs/grimresource ; #initial-access #msc #javascript #windows #mmc #dotNetToJScript * https://www.errno.fr/TTYPushback.html ; #linux #privesc #privilege-escalation #tty-pushback * https://www.example-code.com/vbscript/http.asp ; #vbscript #cheatsheets @@ -726,6 +730,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok * https://xret2pwn.github.io/Myths-About-External-C2 ; #c2 #command-and-control #infrastructure #sockets #named-pipes * https://xret2pwn.github.io/The-Art-of-Clipboard-Forensics-Recovering-Deleted-Data ; #clipboard #memory #dfir #forensic #history * https://xybytes.com/azure/Abusing-Azure-Arc ; #azure-arc #lateral-movement #service-principal +* https://xybytes.com/windows/Exploiting-Azure-Arc-Management-Tool-to-Capture-NetNTLM-Hashes ; #azure-arg #windows #responder #ntlm-relaying * https://zer1t0.gitlab.io/posts/attacking_ad ; #active-directory #methodology #kerberos #trust #gpo #kerberoast #asreproast #logon-types #acl * http://www.selfadsi.de ; #active-directory #ldap #wiki #documentation * http://www.webappsec.org/projects/articles/121106.shtml ; #smtp #imap #injection #http #mail