Skip to content

Instantly share code, notes, and snippets.

View RedTeams's full-sized avatar

RedTeams

179 followers · 21 following
View GitHub Profile
@RedTeams
RedTeams / bof_headers.py
Created August 15, 2022 16:46 — forked from analyticsearch/bof_headers.py
This script do most of the heavy lifting for generating C headers for Cobalt Strike BOF, but this is not 100% accurate.
import os
import sys
try:
import pefile
import argparse
import requests
from bs4 import BeautifulSoup
except ImportError as e:
print("[-] One of the following module is not installed:")
print("\t- bs4")
@RedTeams
RedTeams / EnumCLR.c
Created August 12, 2022 11:50 — forked from G0ldenGunSec/EnumCLR.c
Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.
#include <string.h>
#include <stdio.h>
#include <windows.h>
#include <psapi.h>
#include "beacon.h"
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD);
DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD);
@RedTeams
RedTeams / sccmdecryptpoc.cs
Created August 12, 2022 11:48 — forked from xpn/sccmdecryptpoc.cs
SCCM Account Password Decryption POC
// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;)
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work.
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
namespace SCCMDecryptPOC
{
internal class Program
@RedTeams
RedTeams / EmbeddedAssembly.cs
Created August 10, 2022 22:01 — forked from decay88/EmbeddedAssembly.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
/// <summary>
/// A class for loading an Embedded Assembly
/// </summary>
/// <remarks>
@RedTeams
RedTeams / gist:9e4b114a053514183169c24631110881
Created August 5, 2022 16:35 — forked from pryorda/gist:7f832c90db23a4e13f6f0aa5bc5202e2
CVE-2019-0708 Commands
# Get Computer List
# Get-ADComputer -Filter {(OperatingSystem -like "*windows*")} | select DNSHostName | ConvertTo-Csv -NoTypeInformation | % { $_ -replace '"', ''} | out-file .\ComputerList.txt
# Download Checker : https://github.com/fourtwizzy/CVE-2019-0708-Check-Device-Patch-Status
#. ./Get-TermDDVersion.ps1
# $Servers = Get-Content .\ComputerList.txt
# Get-TermDDVersion -ComputerName $Servers | select Computer,FQDN,OS,Patched,ExpectedVersion,ActualVersion,UpTime,Message | Export-Csv .\$(Get-Date -Format "yyyy-MMdd")-CVE-2019-0708-PatchStatus.csv -NoTypeInformation
@RedTeams
RedTeams / github_bugbountyhunting.md
Created August 5, 2022 16:35 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@RedTeams
RedTeams / configure_sshd.sh
Created August 3, 2022 16:10 — forked from jtattermusch/configure_sshd.sh
Configure sshd on MSYS2 and run it as a Windows service
#!/bin/sh
#
# sshd setup script for gRPC Jenkins windows worker.
#
# Prerequisites:
# — MSYS2 itself: http://sourceforge.net/projects/msys2/
# — admin tools: pacman -S openssh cygrunsrv mingw-w64-x86_64-editrights
#
# This script is a cleaned up and improved version of the procedure initially
# found at https://ghc.haskell.org/trac/ghc/wiki/Building/Windows/SSHD
@RedTeams
RedTeams / ActiveDirectory.md
Created August 3, 2022 15:59 — forked from indented-automation/ActiveDirectory.md
Active Directory

A small collection specialised scripts for Active Directory.

Includes:

  • Compare-ADMemberOf
  • Get-ADSystemInfo
  • Get-GroupMemberTree
  • Get-LdapObject
  • Get-MemberOfTree
  • Test-LdapSslConnection
@RedTeams
RedTeams / Prevent_Relay_RPC_Filter.txt
Created August 3, 2022 15:27 — forked from jsecurity101/Prevent_Relay_RPC_Filter.txt
rpc
filter
add rule layer=um actiontype=permit
add condition field=if_uuid matchtype=equal data=<uuidguid>
add condition field=auth_type matchtype=equal data=16
add condition field=auth_level matchtype=equal data=6
add filter
add rule layer=um actiontype=block
add condition field=if_uuid matchtype=equal data=<uuidguid>
add filter
@RedTeams
RedTeams / dllmain.c
Created July 11, 2022 22:08
//sample dll
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpData)
{
switch(dwReason)
{
case DLL_PROCESS_ATTACH: