HiveNightmare CVE-2021-36934
Descripción y PoC con mimikatz https://www.flu-project.com/2021/07/cve-2021-36934-microsoft-no-gana-para.html PoC github https://github.com/GossiTheDog/HiveNightmare
OSINT – Pwn cuentas
https://intelx.io/https://breachdirectory.tk/https://github.com/khast3x/h8mail http://pwndb2am4tzkvold.onion/https://onion.live/site/pwndbhttp://onion.ws/
Raspberry Pi 4 – Kali arm
INSTALACIÓN HABILITAR EL AUTOLOGIN PARA KALI ARM, EN UN RASPBERRY PI 4 edited this file and change root user by the user to use./etc/lightdm/lightdm.conf After uncommenting and changing the other 2 rows under section [Seat:*] now KALI XFCE autologins to… Read more ›
Instalar powershell en Kali Linux
wget http://old.kali.org/kali/pool/main/i/icu/libicu57_57.1-9_amd64.debsudo dpkg -i libicu57_57.1-9_amd64.debsudo apt-get install -y curl gnupg apt-transport-httpscurl https://packages.microsoft.com/keys/microsoft.asc | apt-key add –sudo echo “deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch main” | tee /etc/apt/sources.list.d/powershell.listsudo apt updatesudo apt install gss-ntlmsspsudo apt install powershellpwsh Nota: Es importante usar el repo de… Read more ›
PoC SIGRED
https://www.bleepingcomputer.com/news/security/windows-dns-sigred-bug-gets-first-public-rce-poc-exploit/ https://www.hackplayers.com/2021/03/poc-para-explotar-sigred-cve-2020-1350.html
Ejecución de Powershell arbitrario a través de C# compilado
https://github.com/Mr-B0b/SpaceRunner SpaceRunner This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace. AMSI is patched using @_xpn_ and @_RastaMouse technique.
Máquinas Virtuales Vulnerables + Wripeup
https://vvmlist.github.io/#
Magic numbers – Forense
https://asecuritysite.com/forensics/magic https://en.wikipedia.org/wiki/List_of_file_signatures