Smuggling via Windows services display name – Lateral movement

Introduction During red teaming operation, Lateral movement or known as an east-west movement refers to the technique to move deeper into a network. Such an attack allows a threat actor to avoid detection and retain persistent access. This newly published research explains how to take advantage of windows services, it details how to mimic windows … Read more

Local administrator is not just with Razer.. it is possible for ALL

There is more? Recently a Security researcher @jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly. by plugging the Razer mouse into the system, windows 10 will download the suitable software and start the process of driver installation. Since the process … Read more

Gophish on Digital Ocean with Blacklist Range

Intro Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. This user guide introduces Gophish and shows how to use the software, building a complete campaign from start to finish. the usage of gophish and very neat installation procedures inspired by note post on ired.team blog … Read more

Defeat the Castle – Bypass AV & Advanced XDR solutions.

Introduction This research paper will demonstrate the unique process hollowing technique used to bypass and divert detection analysis. the following research has been introduced first on CrestCon Asia 2021, and you may watch it on Youtube(https://www.youtube.com/watch?v=H7EMBz7GLMk) With an advanced newer security defense solution (e.g., EDR, XDR, NGAV), it becomes much harder for offensive security experts to … Read more

red team cheatsheet

Recon Elevation of Privileges General Kerberoast – For kerberos to work, times have to be within 5 minutes between attacker and victim. Juicy Potato Exploit https://github.com/ohpe/juicy-potato/releases Pick one CLSID from here according to your system https://github.com/ohpe/juicy-potato/tree/master/CLSID Required tokens SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Stored Credential Impersonating Tokens with meterpreter Lateral Movement PsExec, SmbExec, WMIExec, RDP, PTH in general. … Read more

Red Teaming Toolkit Collection

Red Teaming/Adversary Simulation Toolkit [√] please join our telegram channel Telegram Channel Reconnaissance Active Intelligence Gathering EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. https://github.com/jordanpotti/AWSBucketDump AQUATONE is a set … Read more

Privilege Escalation cheatsheet

Windows Kernel Exploits system info -> look up missing kb’s systeminfo | findstr /B /C:”OS Name” /C:”OS * Version” sherlock -> Find-AllVulns PowerShell 0xsp Mongoose Common Kernel Exploits [MS16-014](https://www.exploit-db.com/exploits/40039) – applies to: Windows 7 SP1 x86 [MS16-016](https://www.exploit-db.com/exploits/39432) – ‘WebDAV’ applies to Windows 7 SP1 x86 (Build 7601) [MS16-032](https://www.exploit-db.com/exploits/39719) – applies to: Windows 7 x86/x64, Windows … Read more