RTU NEWS

@RedTeamUnited

Channel's geo and language: not specified, not specified

Category: not specified

Channel's geo and language

not specified, not specified

RTU NEWS

20 Nov, 12:11

SmuggleShield - A cross platform browser extension which aims to block basic HTML smuggling attack.
https://ift.tt/pUq5zAZ

GitHub - RootUp/SmuggleShield: Basic protection against HTML smuggling attempts.

Basic protection against HTML smuggling attempts. Contribute to RootUp/SmuggleShield development by creating an account on GitHub.

402 0 5

RTU NEWS

20 Nov, 12:08

#tools
#Red_Team_Tactics
1. Embed a payload inside a PNG file
https://github.com/Maldev-Academy/EmbedPayloadInPng
2. Early Cascade Injection: From Windows Process Creation to Stealthy Injection
https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection
3. Concealing payloads in URL credentials
https://portswigger.net/research/concealing-payloads-in-url-credentials

GitHub - Maldev-Academy/EmbedPayloadInPng: Embed a payload inside a PNG file

Embed a payload inside a PNG file. Contribute to Maldev-Academy/EmbedPayloadInPng development by creating an account on GitHub.

287 0 4

RTU NEWS

20 Nov, 11:59

💉 Awesome Sqlmap Tampers.

• SQLMap Tamper List;
• space2comment.py;
• randomcase.py;
• between.py;
• charencode.py;
• equaltolike.py;
• appendnullbyte.py;
• base64encode.py;
• chardoubleencode.py;
• commalesslimit.py;
• halfversionedmorekeywords.py;
• modsecurityversioned.py;
• space2hash.py;
• overlongutf8.py;
• randomcomments.py;
• unionalltounion.py;
• versionedkeywords.py;
• space2dash.py;
• multiplespaces.py;
• nonrecursivereplacement.py;
• space2comment.py;
• equaltolike.py;
• space2tab.py;
• between.py;
• charencode.py;
• space2dash.py;
• lowercase.py;
• How to write Tamper Script for SQLMap.

#Sqlmap

Awesome Sqlmap Tampers

SQLMap tamper scripts are widely used to bypass Web Application Firewalls (WAFs) during SQL injection attacks. Each script alters the SQL payload to avoid detection by WAFs from vendors like FortiWAF, F5, Barracuda, Akamai, Cloudflare, and Imperva. T...

207 0 3

WordPress EC2 Instance: A Step-by-Step Guide

Step 1: Identify a Vulnerable Plugin
🕵️‍♀️ Vulnerability Discovery:

Research: Use vulnerability databases like CVE Details or exploit databases to find known vulnerabilities in popular WordPress plugins.
Plugin Scanning: Employ vulnerability scanners or manual techniques to identify outdated or vulnerable plugins on the target WordPress site.
Step 2: Exploit the Vulnerability
🥷 Exploitation:

Unauthenticated Privilege Escalation:
If you've found a plugin like "Essential Addons for Elementor" with known vulnerabilities, exploit it to gain unauthorized access to the WordPress admin panel.
This could involve sending crafted HTTP requests or exploiting insecure input validation and sanitization.
Step 3: Upload a Web Shell
🛡 Payload Delivery:

Web Shell Upload:
Once you have gained access to the WordPress admin panel, upload a malicious PHP file (e.g., b374k shell) to the server.
This shell will provide a backdoor for remote code execution.
Step 4: Access AWS Metadata Service (IMDSv2)
🔑 Credential Retrieval:

Leverage Instance Metadata:
Use the uploaded web shell to access the AWS Instance Metadata Service (IMDSv2).
This service provides information about the EC2 instance, including IAM roles and security credentials.
Step 5: Configure a Profile
⚙️ Profile Configuration:

Create a New Profile:
Use the retrieved credentials to create a new AWS profile.
This profile will allow you to access other AWS services associated with the EC2 instance.
Step 6: Retrieve the Flag from S3 Bucket
🏆 Flag Retrieval:

Access S3 Bucket:
Use the newly created AWS profile to access the S3 bucket where the flag is stored.
Download the flag file and analyze its contents.

150 0 1

RTU NEWS

20 Nov, 11:54

https://github.com/cxnturi0n/convoC2

GitHub - cxnturi0n/convoC2: C2 infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams.

C2 infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams. - GitHub - cxnturi0n/convoC2: C2 infrastructure that allows Red Teamers to execut...

123 0 1

RTU NEWS

20 Nov, 11:53

Active Directory Attacks.pdf

529.3Kb

Active Directory Attacks

118 0 1

RTU NEWS

20 Nov, 11:53

Here’s a list of 10 Github dorks to find secret and access tokens:

"http://target.com" send_keys
"http://target.com" password
"http://target.com" api_key
"http://target.com" apikey
"http://target.com" jira_password
"http://target.com" root_password
"http://target.com" access_token
"http://target.com" config
"http://target.com" client_secret
"http://target.com" user auth

Target : Expect More. Pay Less.

Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.

137 0 3

RTU NEWS

20 Nov, 11:51

🛡️ Palo Alto PAN-OS Pre-Auth RCE Chain (CVE-2024-0012 & CVE-2024-9474)

A critical vulnerability chain in Palo Alto PAN-OS, combining an authentication bypass (CVE-2024-0012) and a command injection flaw (CVE-2024-9474) in the management web interface, allows unauthenticated attackers to execute arbitrary code with root privileges.

🛠 Affected Versions:
— PAN-OS 11.2 (up to and including 11.2.4-h1)
— PAN-OS 11.1 (up to and including 11.1.5-h1)
— PAN-OS 11.0 (up to and including 11.0.6-h1)
— PAN-OS 10.2 (up to and including 10.2.12-h2)

🔗 Research:
https://labs.watchtowr.com/pots-and-pans-ssl-vpn-palo-alto-pan-os-cve-2024-0012-cve-2024-9474/

🔗 PoC:
https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012

126 0 1

RTU NEWS

25 Oct, 08:50

EmbedPayloadInPng

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections. Each section is encrypted individually using its own 16-byte key with the RC4 encryption algorithm.

215 0 2 3

RTU NEWS

23 Oct, 05:28

https://t.me/kivir_rss cloud security articles worth giving a read.

Riley's CloudSec RSSex Feed

Not an actual RSS feed but shit I just find interesting. Run by @hawkpooah

4.6k 1 4

RTU NEWS

22 Oct, 04:44

SCCMVNC

A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.

Blog: Abuse SCCM Remote Control as Native VNC

P.S. This technique could then be useful for lateral movement or shadow monitoring through ports 135 and 2701.

3.2k 0 3

RTU NEWS

22 Oct, 04:44

Psudohash

A password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers (leet), using char-case variations, adding a common padding before or after the main passphrase and more. It is keyword-based and highly customizable. Generates millions of keyword-based password mutations in seconds.

3.2k 0 2