CVE-2021-22555: Turning \x00\x00 into 10000$
This is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution
# Technical details — https://github.com/google/security-research/blob/master/pocs/linux/cve-2021-22555/writeup.md
# PoC — https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
#CVE #BoF #Vulns
This is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution
# Technical details — https://github.com/google/security-research/blob/master/pocs/linux/cve-2021-22555/writeup.md
# PoC — https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
#CVE #BoF #Vulns
GitHub
security-research/pocs/linux/cve-2021-22555/writeup.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
https://github.com/Sh0ckFR/InlineWhispers2
#cobaltstrike #BOF #syswhispers
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
https://github.com/Sh0ckFR/InlineWhispers2
#cobaltstrike #BOF #syswhispers
GitHub
GitHub - Sh0ckFR/InlineWhispers2: Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2 - Sh0ckFR/InlineWhispers2
😡 Brute-Ratel-C4-Community-Kit
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4. Anything which is added in the deprecated folder will not be a part of the latest release of BRc4.
https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit
#c2 #bof #shellcode #injection
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4. Anything which is added in the deprecated folder will not be a part of the latest release of BRc4.
https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit
#c2 #bof #shellcode #injection
GitHub
GitHub - paranoidninja/Brute-Ratel-C4-Community-Kit: This repository contains scripts, configurations and deprecated payload loaders…
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/) - paranoidninja/Brute-Ratel-C4-Community-Kit
⚙️ Meterpreter BOFLoader
In this guide, you'll learn how the new BOFLoader extension allows BOFs to be used from a Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors.
https://www.trustedsec.com/blog/operators-guide-to-the-meterpreter-bofloader
#msf #meterpreter #bof #loader
In this guide, you'll learn how the new BOFLoader extension allows BOFs to be used from a Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors.
https://www.trustedsec.com/blog/operators-guide-to-the-meterpreter-bofloader
#msf #meterpreter #bof #loader
👍8👎1
🎭 BOFMask
BOFMask is a tool designed to conceal Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF). By applying a XOR mask and modifying memory protection settings, BOFMask enables users to execute BOFs without exposing Beacon, thereby avoiding detection by EDR products that scan system memory.
Research:
https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
Source:
https://github.com/xforcered/bofmask
#cobaltstrike #bof #sleepmask #redteam
BOFMask is a tool designed to conceal Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF). By applying a XOR mask and modifying memory protection settings, BOFMask enables users to execute BOFs without exposing Beacon, thereby avoiding detection by EDR products that scan system memory.
Research:
https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
Source:
https://github.com/xforcered/bofmask
#cobaltstrike #bof #sleepmask #redteam
Security Intelligence
Your BOFs are gross, put on a mask: How to hide beacon during BOF execution
Explore a simple technique developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon.
❤🔥4
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Давно думал, публиковать свой софт или нет... Вот и решил для начала переписать Rubeus (не весь конечно) на C и перевести в COF файлы. В общем, из коробки работает с Cobalt Strike и Havoc😁😁
https://github.com/RalfHacker/Kerbeus-BOF
#bof #git #soft #redteam #pentest
https://github.com/RalfHacker/Kerbeus-BOF
#bof #git #soft #redteam #pentest
🔥15❤1
This is an offline BloodHound ingestor and LDAP result parser. BOFHound allows operators to utilize BloodHound's beloved interface while maintaining full control over the LDAP queries being run and the spped at which they are executed. This leaves room for operator discretion to account for potential honeypot accounts, expensive LDAP query thresholds and other detection mechanisms designed with the traditional, automated BloodHound collectors in mind.
Tools:
🔗 https://github.com/coffeegist/bofhound
Research:
🔗 https://posts.specterops.io/bofhound-session-integration-7b88b6f18423
#c2 #bof #cobaltstrike #redteam
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - coffeegist/bofhound: Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's…
Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel - coffeegist/bofhound
🔥7❤1👍1
This media is not supported in your browser
VIEW IN TELEGRAM
🔑 RdpStrike
The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs, ultimately capturing any clear-text credentials and then saving them to a file.
🔗 Source:
https://github.com/0xEr3bus/RdpStrike
#rdp #creds #bof #cobaltstrike
The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs, ultimately capturing any clear-text credentials and then saving them to a file.
🔗 Source:
https://github.com/0xEr3bus/RdpStrike
#rdp #creds #bof #cobaltstrike
👍9❤🔥7❤3👎2
🔍 Exploring WinRM plugins for lateral movement
In this blog, the process of leveraging WinRM plugins to perform lateral movement to other systems is explored. Additionally, the use of the
🔗 Research:
https://falconforce.nl/exploring-winrm-plugins-for-lateral-movement/
🔗 Source:
https://github.com/FalconForceTeam/bof-winrm-plugin-jump
#ad #winrm #cobaltstrike #bof #redteam
In this blog, the process of leveraging WinRM plugins to perform lateral movement to other systems is explored. Additionally, the use of the
CIM_LogicFile WMI class to bypass certain tricky detections by Microsoft Defender is examined. Finally, all the logic is incorporated into a Cobalt Strike BOF.🔗 Research:
https://falconforce.nl/exploring-winrm-plugins-for-lateral-movement/
🔗 Source:
https://github.com/FalconForceTeam/bof-winrm-plugin-jump
#ad #winrm #cobaltstrike #bof #redteam
FalconForce
Exploring WinRM plugins for lateral movement - FalconForce
We explore how to leverage WinRM plugins to perform lateral movement to other systems and put all the logic in a Cobalt Strike BOF.
🔥6❤3👍3🤔1