Cyber Guardians

@ircyberguardians

RedTeaming TTPs
Bug Hunting
Web PenTest
Web Security
Binary Analysis
Exploit DEV
Malware DEV
Malware Analysis
BlueTeaming
Threat Hunting
SOC
CSIRT
FORENSICS
Open-Source Intelligence(OSINT)
Cybersec Tools

Cyber Guardians (English)

Are you passionate about cybersecurity and looking to expand your knowledge in the field? Look no further than the Telegram channel 'Cyber Guardians'! This channel, with the username '@ircyberguardians', is dedicated to all things related to cybersecurity, from Red Teaming TTPs to Bug Hunting, Web Penetration Testing to Binary Analysis, Exploit Development to Malware Analysis, and everything in between. Whether you're an experienced cybersecurity professional or just starting out in the field, 'Cyber Guardians' offers valuable resources, discussions, and insights to help you stay up-to-date with the latest trends and techniques in cybersecurity. The channel covers a wide range of topics, including Blue Teaming, Threat Hunting, SOC (Security Operations Center), CSIRT (Computer Security Incident Response Team), FORENSICS, Open-Source Intelligence (OSINT), and Cybersecurity Tools. Joining 'Cyber Guardians' provides you with the opportunity to connect with like-minded individuals, share knowledge, ask questions, and collaborate on cybersecurity projects. The channel serves as a platform for cybersecurity enthusiasts to come together to learn, grow, and contribute to the community. Whether you're interested in learning about new cybersecurity techniques, discussing best practices with industry professionals, or sharing your own expertise, 'Cyber Guardians' has something for everyone. Join today and become a part of a vibrant community of cybersecurity enthusiasts dedicated to protecting the digital world from threats and vulnerabilities. Stay informed, stay connected, and stay secure with 'Cyber Guardians'!

Cyber Guardians

23 Dec, 12:30

Pytune
Pytune is a post-exploitation tool for enrolling a fake device into Intune with mulitple platform support.
https://github.com/secureworks/pytune

@IRCyberGuardians

568

Cyber Guardians

23 Dec, 12:30

Databricks JDBC Attack via JAAS
https://blog.pyn3rd.com/2024/12/13/Databricks-JDBC-Attack-via-JAAS

@IRCyberGuardians

553

Cyber Guardians

23 Dec, 12:30

Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise
https://github.com/MWR-CyberSec/AD-CS-Forest-Exploiter

@IRCyberGuardians

495

Cyber Guardians

23 Dec, 12:30

Generate a proxy dll for arbitrary dll
https://github.com/namazso/dll-proxy-generator

@IRCyberGuardians

464

Cyber Guardians

23 Dec, 12:30

Testing JavaScript files for bug bounty hunters

https://www.intigriti.com/researchers/blog/hacking-tools/testing-javascript-files-for-bug-bounty-hunters

@IRCyberGuardians

443

Cyber Guardians

22 Dec, 12:30

A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
https://github.com/DualHorizon/blackpill

@IRCyberGuardians

818

Cyber Guardians

22 Dec, 12:30

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

https://github.com/alexandreborges/malwoverview

@IRCyberGuardians

1,211

Cyber Guardians

22 Dec, 12:30

Malware Packing Ways
https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
@IRCyberGuardians

648

Cyber Guardians

22 Dec, 12:30

It covers disabling EDR with WDAC and provides an overview of potential detection and mitigation techniques, as well as a custom tool to perform the attack remotely.

https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/

@IRCyberGuardians

655

Cyber Guardians

22 Dec, 12:30

LexiCrypt

Shellcode obfuscation and encoding tool that transforms raw #shellcode bytes into a "lexicon" of words derived from file names in the windows system32 directory. The resulting encoded output can then be embedded into a code template in various programming languages (e.g., C++, Rust, C#, Go, VBScript/WScript). This approach can help disguise shellcode and potentially #bypass naive detection mechanisms.

https://github.com/tehstoni/LexiCrypt

@IRCyberGuardians

657

Cyber Guardians

21 Dec, 12:30

Blind XXE with OOB Interaction via XML Parameter Entities

https://medium.com/the-first-digit/blind-xxe-with-oob-interaction-via-xml-parameter-entities-97244bf2b85e

@IRCyberGuardians

905

Cyber Guardians

21 Dec, 12:30

$750 Domain Hijacking Vulnerability

https://medium.com/@1-day/750-domain-hijacking-vulnerability-f6e4b4445711

@IRCyberGuardians

790

Cyber Guardians

21 Dec, 12:30

How an IDOR Vulnerability Led to User Profile Modification

https://www.hackerone.com/vulnerability-management/idor-vulnerability-deep-dive

@IRCyberGuardians

812

Cyber Guardians

21 Dec, 12:30

Exploiting Reflected Input Via the Range Header

https://attackshipsonfi.re/p/exploiting-reflected-input-via-the

@IRCyberGuardians

763

Cyber Guardians

21 Dec, 12:30

#Research
"Magnifier: Detecting Network Access via Lightweight Traffic-based Fingerprints", 2024.
]-> https://github.com/SecTeamPolaris/Magnifier

791

Cyber Guardians

19 Dec, 12:31

#tools
#MLSecOps
#Red_Team_Tactics
"Guide to Red Teaming Methodology on AI Safety", Ver. 1.0, 2024.

1,428

Cyber Guardians

19 Dec, 12:30

Uncovering GStreamer secrets
https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/

1,142

Cyber Guardians

19 Dec, 12:30

How To Find Broken Access Control Vulnerabilities in the Wild

https://www.hackerone.com/community/find-broken-access-control-vulnerabilities

@IRCyberGuardians

1,333

Cyber Guardians

19 Dec, 12:30

Diving into ADB protocol internals (2/2)
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-22.html

@IRCyberGuardians

1,116

Cyber Guardians

19 Dec, 12:30

The hidden network https://research.cert.orangecyberdefense.com/hidden-network/report.html

@IRCyberGuardians

1,075

Cyber Guardians

04 Dec, 12:30

VOIDMAW bypass technique for memory scanners
https://github.com/vxCrypt0r/Voidmaw
@IRCyberGuardians

905

Cyber Guardians

04 Dec, 12:30

tgtdelegation - Beacon Object File to obtain a usable TGT via the "TGT delegation trick"
https://github.com/connormcgarr/tgtdelegation

@IRCyberGuardians

862

Cyber Guardians

04 Dec, 12:30

Extracting Account Connectivity Credentials (ACCs) from Symantec Management Agent

https://www.mdsec.co.uk/2024/12/extracting-account-connectivity-credentials-accs-from-symantec-management-agent-aka-altiris/

@IRCyberGuardians

665

Cyber Guardians

04 Dec, 12:30

Obfuscating Office Macros to Evade Defender
https://medium.com/@luisgerardomoret_69654/obfuscating-office-macros-to-evade-defender-468606f5790c

679

Cyber Guardians

04 Dec, 12:30

NativeBypassCredGuard - Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
https://github.com/ricardojoserf/NativeBypassCredGuard

@IRCyberGuardians

595

Cyber Guardians

03 Dec, 12:30

This post summarises how to tie Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs.

https://rastamouse.me/udrl-sleepmask-and-beacongate/

@IRCyberGuardians

876

Cyber Guardians

03 Dec, 12:30

OtterRoot: Netfilter Universal Root 1-day
https://osec.io/blog/2024-11-25-netfilter-universal-root-1-day
PoC: https://github.com/otter-sec/OtterRoot/blob/master/universal/exploit.c
@IRCyberGuardians

653

Cyber Guardians

03 Dec, 12:30

Windows Firewall and WFP are only two ways to silence an #EDR agent.

In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it.

https://cloudbrothers.info/en/edr-silencers-exploring-methods-block-edr-communication-part-1/

@IRCyberGuardians

793

Cyber Guardians

03 Dec, 12:30

Pentesting Salesforce Communities

https://0xbro.red/writeups/web-hacking/salesforce-hacking/

@IRCyberGuardians

615

Cyber Guardians

03 Dec, 12:30

Android Flutter malware analysis by Axelle Apvrille (Fortinet)
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf

@IRCyberGuardians

661

Cyber Guardians

02 Dec, 12:30

BeeXSS is a specialized automated tool designed to detect Blind XSS (Cross-Site Scripting) vulnerabilities in web applications.
https://github.com/AnonKryptiQuz/BeeXSS

@IRCyberGuardians

1,058

Cyber Guardians

02 Dec, 12:30

Bypass Apache Superset restrictions to perform SQL injections
https://blog.quarkslab.com/bypass-apache-superset-restrictions-to-perform-sql-injections.html

@IRCyberGuardians

875

Cyber Guardians

02 Dec, 12:30

Introduction to Windows Kernel Exploitation
https://wetw0rk.github.io/posts/0x00-introduction-to-windows-kernel-exploitation/
@IRCyberGuardians

960

Cyber Guardians

02 Dec, 12:30

MSSQL Identified as Vulnerable to Emoji String Exploitation

https://decrypt.lol/posts/2024/11/29/mssql-identified-as-vulnerable-to-emoji-string-exploitation/

@IRCyberGuardians

876

Cyber Guardians

02 Dec, 12:30

Invivo Fuzzing by Amplifying Actual Executions - https://mboehme.github.io/paper/ICSE25-invivo.pdf / https://github.com/OctavioGalland/afllive

@IRCyberGuardians

904

Cyber Guardians

30 Nov, 12:30

Exploring the DOMPurify library: Bypasses and Fixes
https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes

@IRCyberGuardians

1,488

Cyber Guardians

30 Nov, 12:30

Introduction to Fuzzing Android Native Components using tools like AFL++ and QEMU
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/

@IRCyberGuardians

984

Cyber Guardians

30 Nov, 12:30

Eclipse is a PoC that performs Activation Context hijack to load and run an arbitrary DLL in any desired process. Initially, this technique was created as a more flexible alternative to DLL Sideloading + DLL proxying that can be leveraged to inject arbitrary code in a trusted process, altought it has proven to have other applications

https://github.com/Kudaes/Eclipse

@IRCyberGuardians

1,373

Cyber Guardians

30 Nov, 12:30

In a somewhat recent project we used a vulnerable driver, which worked fine...

Except: The customer had a custom rule that caused an alert when a service is created!

Decided to write a tool that creates the registry keys and calls into NtLoadDriver:
https://github.com/ioncodes/SilentLoad

@IRCyberGuardians

965

Cyber Guardians

30 Nov, 12:30

Goad v3 merged into the main branch

GitHub:
https://github.com/Orange-Cyberdefense/GOAD

Doc:
https://orange-cyberdefense.github.io/GOAD/
@IRCyberGuardians

897

Cyber Guardians

21 Nov, 12:30

PanGPA Extractor

Tool to extract username and password of current user from PanGPA in plaintext under Windows. Palo Alto Networks GlobalProtect client queries the GlobalProtect Service for your username and password everytime you log on or refresh the connection.

https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

https://github.com/t3hbb/PanGP_Extractor
@IRCyberGuardians

219

Cyber Guardians

21 Nov, 12:30

One Sock Fits All: The use and abuse of the NSOCKS botnet https://blog.lumen.com/one-sock-fits-all-the-use-and-abuse-of-the-nsocks-botnet/

@IRCyberGuardians

188

Cyber Guardians

21 Nov, 12:30

A deep dive into Linux’s new mseal syscall https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/
@IRCyberGuardians

172

Cyber Guardians

21 Nov, 12:30

Linux Kernel Exploitation - ret2usr
https://scoding.de/linux-kernel-exploitation-buffer_overflow

@IRCyberGuardians

171

Cyber Guardians

21 Nov, 12:30

Leveling Up Fuzzing: Finding more vulnerabilities with AI

http://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html

@IRCyberGuardians

175

Cyber Guardians

20 Nov, 12:30

From HTTP to RCE. How to leave backdoor in IIS

https://cicada-8.medium.com/from-http-to-rce-how-to-leave-backdoor-in-iis-cbef8249eba9

@IRCyberGuardians

730

Cyber Guardians

20 Nov, 12:30

EDR Internals for macOS and Linux

https://www.outflank.nl/blog/2024/06/03/edr-internals-macos-linux/

@IRCyberGuardians

678

Cyber Guardians

20 Nov, 12:30

Reverse Engineering iOS 18:
Inactivity Reboot
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html

@IRCyberGuardians

561

Cyber Guardians

20 Nov, 12:30

Making a Powershell Shellcode Downloader that Evades Defender (Without Amsi Bypass)

https://medium.com/@luisgerardomoret_69654/making-a-powershell-shellcode-downloader-that-evades-defender-without-amsi-bypass-d2cf13f18409

@IRCyberGuardians

587

Cyber Guardians

20 Nov, 12:30

GPUAF - Two ways of Rooting All Qualcomm based Android phones
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf

@IRCyberGuardians

558

Cyber Guardians

18 Nov, 12:30

Sensitive Data Exposure in a Moodle Config File

https://medium.com/@mrcix/sensitive-data-exposure-in-a-moodle-config-file-648ca3d54676

@IRCyberGuardians

1,190

Cyber Guardians

18 Nov, 12:30

Malware and cryptography: encrypt payload via DFC algorithm. Simple C example
https://cocomelonc.github.io/malware/2024/11/10/malware-cryptography-34.html

@IRCyberGuardians

1,151

Cyber Guardians

18 Nov, 12:30

Wrote a small C# tool that is able to make a network token using a certificate. Comes handy in RTs
https://github.com/nettitude/TokenCert

@IRCyberGuardians

849

Cyber Guardians

18 Nov, 12:30

https://powerofcommunity.net/poc2024/Meysam%20Firouzi,%20Pishi%20-%20Coverage-Guided%20Fuzzing%20of%20the%20XNU%20Kernel%20and%20Arbitrary%20KEXT.pdf

@IRCyberGuardians

856

Cyber Guardians

18 Nov, 12:30

Introducing PowerHuntShares 2.0 Release

introduces new insights, charts, graphs, & LLM capabilities that can be used to map the relationships & risks being exposed through the network shares:
https://www.netspi.com/blog/technical-blog/network-pentesting/powerhuntshares-2-0-release/

@IRCyberGuardians

785

Cyber Guardians

17 Nov, 12:30

Fuzzing for complex bugs across languages in JavaScript Engines - https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf

@IRCyberGuardians

1,174

Cyber Guardians

17 Nov, 12:30

URLFinder - passive URL discovery tool
https://github.com/projectdiscovery/urlfinder

@IRCyberGuardians

1,131

Cyber Guardians

17 Nov, 12:30

Advanced Fuzzing With LibAFL @ Ekoparty 2024 - https://docs.google.com/presentation/d/1ILXdsBx6JJbsf3uq-_hSeYux-a0DRRPxebOY65EDE5o/edit?usp=sharing

@IRCyberGuardians

849

Cyber Guardians

17 Nov, 12:30

Mythic C2 Agent with PowerShell
https://youtu.be/3M_1Q65s57g

@IRCyberGuardians

1,010

Cyber Guardians

17 Nov, 12:30

x64 Assembly & Shellcoding 101

Part 1: https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101/

Part 2: https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-2/

Part 3: https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-3/

Part 4: https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-4/

Part 5: https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-5/

Part 6: https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-6/

@IRCyberGuardians

843

Cyber Guardians

14 Nov, 12:30

ProxyAlloc: evading NtAllocateVirtual Memory detection ft. Elastic Defend & Binary Ninja
https://blog.cryptoplague.net/main/research/windows-research/proxyalloc-evading-ntallocatevirtualmemory-detection-ft.-elastic-defend-and-binary-ninja

@IRCyberGuardians

342

Cyber Guardians

14 Nov, 12:30

Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024 https://www.synacktiv.com/publications/exploiting-a-blind-format-string-vulnerability-in-modern-binaries-a-case-study-from

@IRCyberGuardians

257

Cyber Guardians

14 Nov, 12:30

ScoutSuite - Multi-Cloud Security Auditing Tool (AWS/Azure/GCP/Aliyun/OCI)
https://github.com/nccgroup/ScoutSuite

@IRCyberGuardians

301

Cyber Guardians

14 Nov, 12:30

Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1

https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2

https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3

@IRCyberGuardians

268

Cyber Guardians

14 Nov, 12:30

prctl anon_vma_name: An Amusing Linux Kernel Heap Spray https://starlabs.sg/blog/2023/07-prctl-anon_vma_name-an-amusing-heap-spray/
@IRCyberGuardians

273

Cyber Guardians

13 Nov, 12:30

STUBborn: Activate and call DCOM objects without proxy
https://blog.exatrack.com/STUBborn/
@IRCyberGuardians

719

Cyber Guardians

13 Nov, 12:30

7 Ways to achieve remote code execution

https://blog.intigriti.com/hacking-tools/7-ways-to-achieve-remote-code-execution-rce

@IRCyberGuardians

713

Cyber Guardians

13 Nov, 12:30

Cracking into a Just Eat / Takeaway.com terminal with an NFC card https://blog.mgdproductions.com/justeat-takeaway-terminal/

@IRCyberGuardians

644

Cyber Guardians

13 Nov, 12:30

CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight - https://link.springer.com/article/10.1007/s41635-023-00133-3

@IRCyberGuardians

598

Cyber Guardians

13 Nov, 12:30

Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE
https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit
@IRCyberGuardians

575

Cyber Guardians

10 Nov, 12:30

CVE-2024-49328
WP REST API FNS <= 1.0 - Privilege Escalation
https://github.com/RandomRobbieBF/CVE-2024-49328
@IRCyberGuardians

1,485

Cyber Guardians

10 Nov, 12:30

Automating Deobfuscation of XorStringsNet
https://eversinc33.com/posts/unxorstringsnet.html
https://github.com/eversinc33/UnXorStringsNet
@IRCyberGuardians

1,354

Cyber Guardians

10 Nov, 12:30

There are some interesting detections for U2U/UnPAC the hash in certipy/rubues/mimiktaz/impacket based on TGS ticket options. Did some tinkering and by removing a few flags you can shake detection while still recovering the NT hash from a TGT.

https://medium.com/falconforce/falconfriday-detecting-unpacing-and-shadowed-credentials-0xff1e-2246934247ce

@IRCyberGuardians

1,006

Cyber Guardians

10 Nov, 12:30

Pishi: Coverage guided macOS KEXT fuzzing.

https://r00tkitsmm.github.io/fuzzing/2024/11/08/Pishi.html

@IRCyberGuardians

837

Cyber Guardians

10 Nov, 12:30

A short and light post on one of my favorite topics: spotting and exploiting GPO misconfigurations, nothing too technical, just the basics!

https://decoder.cloud/2024/11/08/group-policy-security-nightmares-pt-1/
@IRCyberGuardians

968

Cyber Guardians

09 Nov, 12:30

Spoofing Internal Packets for Multihomed Linux Devices https://www.anvilsecure.com/blog/spoofing-internal-packets-for-multihomed-linux-devices.html
@IRCyberGuardians

1,130

Cyber Guardians

09 Nov, 12:30

Using Nix to Fuzz Test a PDF Parser (Part One) https://mtlynch.io/nix-fuzz-testing-1/

@IRCyberGuardians

1,120

Cyber Guardians

09 Nov, 12:30

Breaking Down Multipart Parsers: File upload validation bypass

https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/

@IRCyberGuardians

854

Cyber Guardians

09 Nov, 12:30

Triage Insights: TgToxic is back
https://hatching.io/blog/triage-insights-ep3/

@IRCyberGuardians

928

Cyber Guardians

09 Nov, 12:30

Evil-M5Project is an innovative tool developed for ethical testing and exploration of WiFi networks. It's compatible with Cardputer, Atoms3, Fire, core2. You can scan, monitor, and interact with WiFi networks in a controlled environment. This project is designed for educational purposes, aiding in understanding network security and vulnerabilities.
https://github.com/7h30th3r0n3/Evil-M5Core2

@IRCyberGuardians

936

Cyber Guardians

06 Nov, 12:30

The Challenges of Collecting IIS Logs
https://www.musectech.com/2024/10/collecting-iis-logs.html
https://github.com/OMENScan/OMENS
https://github.com/OMENScan/AChoirX

@IRCyberGuardians

1,472

Cyber Guardians

06 Nov, 12:30

IDOR Exploit: Gaining Unauthorized Control Over Users’ Shopping Baskets

https://medium.com/@0xmatrix/idor-exploit-gaining-unauthorized-control-over-users-shopping-baskets-122650091cf5

@IRCyberGuardians

1,115

Cyber Guardians

06 Nov, 12:30

The OAuth Oversight: When Configuration Errors Turn into Account Hijacks

https://medium.com/@nightcoders0/the-oauth-oversight-when-configuration-errors-turn-into-account-hijacks-5ed1f9c83d16

@IRCyberGuardians

1,488

Cyber Guardians

06 Nov, 12:30

Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802

@IRCyberGuardians

912

Cyber Guardians

06 Nov, 12:30

Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow.

https://github.com/0xHossam/KernelCallbackTable-Injection-PoC

@IRCyberGuardians

1,094

Cyber Guardians

04 Nov, 12:30

Want to move laterally from C2 on an Intune admin's workstation to any Intune-enrolled device? Check out Maestro, a new(ish) tool I wrote for those situations, and this blog post to walk you through how:

https://github.com/Mayyhem/Maestro

https://posts.specterops.io/maestro-9ed71d38d546
@IRCyberGuardians

1,484

Cyber Guardians

04 Nov, 12:30

https://www.youtube.com/watch?v=bww1HkBiYpA

@IRCyberGuardians

1,330

Cyber Guardians

04 Nov, 12:30

Template Engines Injection 101

https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756

@IRCyberGuardians

1,054

Cyber Guardians

04 Nov, 12:30

Curious about Cobalt Strike's #UDRL capabilities? Get a walkthrough on how to easily develop custom loaders.

https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-1-simplifying-development
@IRCyberGuardians

1,298

Cyber Guardians

04 Nov, 12:30

It is designed to bypass AV/EDR security tools using various evasive techniques.

https://github.com/0xHossam/Killer

@IRCyberGuardians

1,149

Cyber Guardians

02 Nov, 12:30

Sophos Firewall hardening best practices
https://news.sophos.com/en-us/2024/10/25/sophos-firewall-hardening-best-practices/

@IRCyberGuardians

691

Cyber Guardians

02 Nov, 12:30

An LLM-based, fully automated fuzzing tool for option combination testing.

https://github.com/NASP-THU/ProphetFuzz

@IRCyberGuardians

530

Cyber Guardians

02 Nov, 12:30

Silencing the EDR Silencers
https://www.huntress.com/blog/silencing-the-edr-silencers

@IRCyberGuardians

664

Cyber Guardians

02 Nov, 12:30

graphinder: Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce.

https://github.com/Escape-Technologies/graphinder
@IRCyberGuardians

529

Cyber Guardians

02 Nov, 12:30

Fresh meat! We've created a new Evil-WinRM branch with integrated multiple AI LLM support. New docker image, new gem (gem install evil-winrm-ai) and new possibilities.

https://github.com/Hackplayers/evil-winrm/tree/ai

@IRCyberGuardians

459

Cyber Guardians

01 Nov, 12:30

Autonomous Discovery of Critical Zero-Days

https://zeropath.com/blog/0day-discoveries

@IRCyberGuardians

740

Cyber Guardians

01 Nov, 12:30

Bypassed an Admin Panel Using SQL Payloads
https://th3m4rk5man.medium.com/bypassed-an-admin-panel-using-sql-payloads-37529331aa1c

@IRCyberGuardians

716

Cyber Guardians

01 Nov, 12:30

How I Accessed Microsoft’s ServiceNow — Exposing ALL Microsoft Employee emails, Chat Support Transcripts & Attachments

https://medium.com/@moblig/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-5f8d535eb63b

@IRCyberGuardians

651

Cyber Guardians

01 Nov, 12:30

[Cracking Windows Kernel with HEVD] Chapter 0: Where do I start?
https://mdanilor.github.io/posts/hevd-0/
@IRCyberGuardians

602

Cyber Guardians

01 Nov, 12:30

The PrintNightmare is not Over Yet
https://itm4n.github.io/printnightmare-not-over/
@IRCyberGuardians

537

Cyber Guardians

31 Oct, 12:30

Pwning LLaMA.cpp RPC Server https://pwner.gg/2024/10/03/llama-cpp-cves/
@IRCyberGuardians

754

Cyber Guardians

31 Oct, 12:30

New crazy payloads in the URL Validation Bypass Cheat Sheet
https://portswigger.net/research/new-crazy-payloads-in-the-url-validation-bypass-cheat-sheet

@IRCyberGuardians

812

Cyber Guardians

31 Oct, 12:30

BOFHound

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel.

Blog Posts:
• BOFHound: AD CS Integration
• BOFHound: Session Integration
• Granularize Your AD Recon Game
• Granularize Your AD Recon Game Part 2

@IRCyberGuardians

638

Cyber Guardians

31 Oct, 12:30

LightSpy: Implant for iOS
https://www.threatfabric.com/blogs/lightspy-implant-for-ios

@IRCyberGuardians

617

Cyber Guardians

31 Oct, 12:30

SSD ADVISORY – COMMON LOG FILE SYSTEM (CLFS) DRIVER PE
https://ssd-disclosure.com/ssd-advisory-common-log-file-system-clfs-driver-pe/

@IRCyberGuardians

633

Cyber Guardians

30 Oct, 12:30

Emulating Android native libraries using unidbg #Unidbg y https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
@IRCyberGuardians

784

Cyber Guardians

30 Oct, 12:30

Tool to decrypt App-Bound encrypted keys in Chrome 127+, using the IElevator COM interface with path validation and encryption protections.
https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption
@IRCyberGuardians

686

Cyber Guardians

30 Oct, 12:30

Anatomy of an LLM RCE

https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce

@IRCyberGuardians

687

Cyber Guardians

30 Oct, 12:30

Did you know attackers can register scheduled tasks configured with a custom handler (COM) to hide the full path of their payload? In my revisited post I explore (source code) how it is possible to register a task using the IComHandlerAction interface:

https://stmxcsr.com/persistence/scheduled-tasks.html#programmatically-register-a-scheduled-task-using-com-icomhandleraction
@IRCyberGuardians

712

Cyber Guardians

29 Oct, 12:30

Bypassing noexec and executing arbitrary binaries
https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries
https://github.com/hackerschoice/memexec
@IRCyberGuardians

717

Cyber Guardians

29 Oct, 12:30

Persist through the NVRAM
https://theevilbit.github.io/beyond/beyond_0035

@IRCyberGuardians

657

Cyber Guardians

29 Oct, 12:30

Vulnhuntr - tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis
https://github.com/protectai/vulnhuntr

@IRCyberGuardians

572

Cyber Guardians

29 Oct, 12:30

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections. Each section is encrypted individually using its own 16-byte key with the RC4 encryption algorithm.

https://github.com/Maldev-Academy/EmbedPayloadInPng

@IRCyberGuardians

556

Cyber Guardians

29 Oct, 12:30

A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.

https://www.netero1010-securitylab.com/red-team/abuse-sccm-remote-control-as-native-vnc

https://github.com/netero1010/SCCMVNC

@IRCyberGuardians

527

Cyber Guardians

28 Oct, 12:30

Here's my journey/blog of an entire wasted day on reversing the NTAPI call and the internals of ntdll!LdrpVectorHandlerList to write my own RtlpAddVectoredExceptionHandler from scratch. The code is hosted on my git.

https://bruteratel.com/research/2024/10/20/Exception-Junction/

https://github.com/paranoidninja/Exception-Junction

@IRCyberGuardians

763

Cyber Guardians

28 Oct, 12:30

Introducing Early Cascade Injection, a stealthy process injection technique that targets Windows process creation, avoids cross-process APCs, and evades top-tier EDRs.

Learn how it combines Early Bird APC Injection & EDR-Preloading:

https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection/
@IRCyberGuardians

718

Cyber Guardians

28 Oct, 12:30

I was interested in better understanding a specific detection mechanism of an EDR, focusing on fake DLLs, page guard hooking, PEB manipulation, and vectored exception handling - techniques inspired by the game hacking community.

I'm not a reverse engineer, but in this blog post I tried my best to explain in detail how the detection logic (probably) works and how it could be "bypassed" from an attacker's (red team's) perspective.

By bypassing I mean avoiding prevention and detection by the respective EPP/EDR based on active alerts, it does not include all the telemetry related stuff. I just want to mention this because in general I think the term bypassing should be used very sensitively, carefully and precisely.

In general, in this case the focus was not primarily on finding a "bypass", I was much more interested in learning a bit about reverse engineering in the context of EDRs.

If there are any mistakes or if something is not described correctly, please let me know. Also feel free to give constructive feedback at any time.

The blog post is available in English and German, just switch from EN to DE on the website.

https://redops.at/en/blog/edr-analysis-leveraging-fake-dlls-guard-pages-and-veh-for-enhanced-detection

@IRCyberGuardians

609

Cyber Guardians

28 Oct, 12:30

I just published a blog post focused on details of using offensive .NET for both enumeration and exploitation of #activedirectory environments! Including some customized code examples from a tool I've been developing!

https://logan-goins.com/2024-10-11-Dotnet-AD/
https://github.com/logangoins/Cable
@IRCyberGuardians

562

Cyber Guardians

28 Oct, 12:30

Reverse Engineering a Kernel Driver chall https://pwner.gg/2024/09/22/kernel-driver-pwn/
@IRCyberGuardians

584

Cyber Guardians

27 Oct, 12:30

PowerShell script, also available as an installable module through the PowerShell Gallery, designed to impersonate the NT AUTHORITY/SYSTEM user and execute commands or launch interactive processes without relying on third-party tools. It achieves this using only native Windows build-in features.

https://github.com/PhrozenIO/PowerRunAsSystem

@IRCyberGuardians

910

Cyber Guardians

27 Oct, 12:30

Concealing payloads in URL credentials

https://portswigger.net/research/concealing-payloads-in-url-credentials

@IRCyberGuardians

869

Cyber Guardians

27 Oct, 12:30

A Journey From sudo iptables To Local Privilege Escalation https://www.shielder.com/blog/2024/09/a-journey-from-sudo-iptables-to-local-privilege-escalation/

@IRCyberGuardians

813

Cyber Guardians

27 Oct, 12:30

Applying Security Engineering to Make Phishing Harder - A Case Study https://blog.doyensec.com/2024/09/19/phishing-case-study.html
@IRCyberGuardians

784

Cyber Guardians

27 Oct, 12:30

Revisiting MiniFilter Abuse Technique to Blind EDR https://tierzerosecurity.co.nz/2024/09/18/blind-edr-revisited.html
@IRCyberGuardians

801

Cyber Guardians

23 Oct, 12:30

Attacking APIs using JSON Injection

https://danaepp.com/attacking-apis-using-json-injection
@IRCyberGuardians

940

Cyber Guardians

23 Oct, 12:30

A curated list of awesome LOLBins, GTFO projects, and similar 'Living Off the Land' security resources.

https://github.com/sheimo/awesome-lolbins-and-beyond

@IRCyberGuardians

916

Cyber Guardians

23 Oct, 12:30

Hijack the TypeLib. New COM persistence technique
https://cicada-8.medium.com/hijack-the-typelib-new-com-persistence-technique-32ae1d284661
https://github.com/CICADA8-Research/TypeLibWalker

@IRCyberGuardians

722

Cyber Guardians

23 Oct, 12:30

Obfuscating a Mimikatz Downloader to Evade Defender (2024)
https://medium.com/@luisgerardomoret_69654/obfuscating-a-mimikatz-downloader-to-evade-defender-2024-b3a9098f0ae7
@IRCyberGuardians

673

Cyber Guardians

23 Oct, 12:30

bedevil: Dynamic Linker Patching
https://dfir.ch/posts/bedevil_dynamic_linker_patching/
@IRCyberGuardians

611

Cyber Guardians

21 Oct, 12:30

Exploit for Grafana arbitrary file-read (CVE-2024-9264)

https://github.com/nollium/CVE-2024-9264

@IRCyberGuardians

1,152

Cyber Guardians

21 Oct, 12:30

Call and Register — Relay Attack on WinReg RPC Client

A critical vulnerability (CVE-2024-43532) has been identified in Microsoft’s Remote Registry client. This flaw allows attackers to exploit insecure fallback mechanisms in the WinReg client, enabling them to relay authentication details and make unauthorized certificate requests through Active Directory Certificate Services (ADCS).

https://www.akamai.com/blog/security-research/winreg-relay-vulnerability
https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit/rpc_visibility
https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532
@IRCyberGuardians

1,095

Cyber Guardians

21 Oct, 12:30

Exploiting Windows Kernel via Kernel Streaming Proxying

An in-depth look at CVE-2024-30090, a vulnerability in Kernel Streaming, allowing privilege escalation via malformed IOCTL requests. By leveraging KS Event mishandling during 32-bit to 64-bit conversions, can exploit the bug pattern to gain arbitrary kernel mode access.
Proxying to Kernel - Part I
Proxying to Kernel - Part II
https://github.com/Dor00tkit/CVE-2024-30090

@IRCyberGuardians

846

Cyber Guardians

21 Oct, 12:30

PoC for the Untrusted Pointer Dereference in the ks.sys driver
https://github.com/varwara/CVE-2024-35250

@IRCyberGuardians

797

Cyber Guardians

21 Oct, 12:30

Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey https://sec-consult.com/blog/detail/msi-installer-repair-to-system-a-detailed-journey/
@IRCyberGuardians

730

Cyber Guardians

20 Oct, 12:30

Bypass YARA Rule f0b627fc for CobaltStrike to Evade EDRs

https://wafflesexploits.github.io/posts/Bypass-YARA-Rule-Windows_Trojan_CobaltStrike_f0b627fc-to-Evade-EDRs/

@IRCyberGuardians

939

Cyber Guardians

20 Oct, 12:30

Read the latest blog on It's Not Your Grandfather's Empire! If you haven't used it in some time come take a look at just how it's grown into a multi-language powerhouse:

https://bc-security.org/not-your-grandfathers-empire/

@IRCyberGuardians

923

Cyber Guardians

20 Oct, 12:30

CellGuard is a research project that analyzes how cellular networks are operated and possibly surveilled.
The CellGuard app for iOS can uncover cellular attacks targeting your iPhone
https://github.com/seemoo-lab/CellGuard

@IRCyberGuardians

763

Cyber Guardians

20 Oct, 12:30

How a GraphQL Bug Resulted in Authentication Bypass

https://www.hackerone.com/vulnerability-management/graphql-authentication-bypass

@IRCyberGuardians

792

Cyber Guardians

20 Oct, 12:30

Use Case: Bypassing In-App Purchase By Payment Client-Side Validation
https://secfathy0x1.medium.com/use-case-bypassing-in-app-purchase-by-payment-client-side-validation-e87e2c775a9c

@IRCyberGuardians

703

Cyber Guardians

19 Oct, 12:30

Why Django’s [DEBUG=True] is a Goldmine for Hackers https://medium.com/@verylazytech/why-djangos-debug-true-is-a-goldmine-for-hackers-01486289607d

@IRCyberGuardians

950

Cyber Guardians

19 Oct, 12:30

FINDING VULNERABILITY VARIANTS AT SCALE - https://blackwinghq.com/blog/posts/finding-vulnerability-variants-at-scale
@IRCyberGuardians

967

Cyber Guardians

19 Oct, 12:30

SIMurai is software that emulates a SIM card, which helps in fuzzing modem firmware for vulnerabilities or testing SIM spyware. - https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf / https://github.com/tomasz-lisowski/simurai
@IRCyberGuardians

841

Cyber Guardians

19 Oct, 12:30

FOX: Coverage-guided Fuzzing as Online Stochastic Control - https://arxiv.org/pdf/2406.04517
@IRCyberGuardians

933

Cyber Guardians

19 Oct, 12:30

Fuzzing EV charging protocols: A deep dive into electric vehicle charging protocols (V2G) and a FOSS tool to find vulnerabilities in them — all in one research. - https://github.com/Cr0wTom/Conference-Talks/blob/main/2024/TROOPERS24%20-%20V2GEvil%20-%20Ghost%20in%20the%20wires.pdf / https://github.com/khuntpav/V2GEvil

@IRCyberGuardians

892

Cyber Guardians

18 Oct, 12:30

When Certificates Fail: A Story of Bypassed MFA in Remote Access https://edermi.github.io/post/2024/mfa_bypass_mtls/

@IRCyberGuardians

667

Cyber Guardians

18 Oct, 12:30

Bypassing PatchGuard at runtime https://hexderef.com/patchguard-bypass
@IRCyberGuardians

652

Cyber Guardians

18 Oct, 12:30

A journey through KiUserExceptionDispatcher https://momo5502.com/posts/2024-09-07-a-journey-through-kiuserexceptiondispatcher/
@IRCyberGuardians

644

Cyber Guardians

18 Oct, 12:30

Going Native - Malicious Native Applications https://www.protexity.com/post/going-native-malicious-native-applications
@IRCyberGuardians

604

Cyber Guardians

18 Oct, 12:30

LazyXss: Automation tool to testing and confirm the xss vulnerability. https://github.com/iamunixtz/LazyXss

@IRCyberGuardians

577

Cyber Guardians

14 Oct, 12:30

64-bit, position-independent implant template for Windows in Rust.

https://github.com/safedv/Rustic64

@IRCyberGuardians

1,689

Cyber Guardians

14 Oct, 12:30

Measuring Detection Coverage

https://ipurple.team/2024/10/10/measuring-detection-coverage/

@IRCyberGuardians

1,549

Cyber Guardians

14 Oct, 12:29

An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it.

https://github.com/amjcyber/pwnlook

@IRCyberGuardians

1,183

Cyber Guardians

14 Oct, 12:29

Mind the (air) gap: GoldenJackal gooses government guardrails

https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/

@IRCyberGuardians

1,137

Cyber Guardians

14 Oct, 12:29

Chaos-Rootkit
widows x64 Ring 0 rootkit

https://github.com/ZeroMemoryEx/Chaos-Rootkit

@IRCyberGuardians

944

Cyber Guardians

12 Oct, 12:30

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit https://thehackernews.com/2024/08/north-korean-hackers-deploy-fudmodule.html

@IRCyberGuardians

1,482

Cyber Guardians

12 Oct, 12:30

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

https://github.com/doyensec/CSPTPlayground

@IRCyberGuardians

1,306

Cyber Guardians

12 Oct, 12:30

Export to GBounty is a Burp Suite extension that enables users to export selected HTTP requests from Burp Suite into a compressed ZIP file. The exported ZIP file can be utilized with the GBounty scanner.

https://github.com/BountySecurity/export-to-gbounty

@IRCyberGuardians

983

Cyber Guardians

12 Oct, 12:30

Introduction to the Exploitation of Xamarin Apps
https://medium.com/@justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf

@IRCyberGuardians

960

Cyber Guardians

12 Oct, 12:30

SIMurai is software that emulates a SIM card, which helps in fuzzing modem firmware for vulnerabilities or testing SIM spyware
https://github.com/tomasz-lisowski/simurai
https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf
https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf

@IRCyberGuardians

970