reza.duty rezaduty

## orgChart.json
[{"nodeId":"O-1","parentNodeId":null,"width":342,"height":146,"borderWidth":1,"borderRadius":5,"borderColor":{"red":15,"green":140,"blue":121,"alpha":1},"backgroundColor":{"red":51,"green":182,"blue":208,"alpha":1},"nodeImage":{"url":"https://raw.githubusercontent.com/bumbeishvili/Assets/master/Projects/D3/Organization%20Chart/cto.jpg","width":100,"height":100,"centerTopDistance":0,"centerLeftDistance":0,"cornerShape":"CIRCLE","shadow":false,"borderWidth":0,"borderColor":{"red":19,"green":123,"blue":128,"alpha":1}},"nodeIcon":{"icon":"https://to.ly/1yZnX","size":30},"template":"<div>\n                  <div style=\"margin-left:70px;\n                              margin-top:10px;\n                              font-size:20px;\n                              font-weight:bold;\n                         \">Ian Devling </div>\n                 <div style=\"margin-left:70px;\n                              margin-top:3px;\n                              font-size:16px;\n                         \">Cheaf Executive Off

## lockbit_macos_string_decryption.py
'''
Author: Mohamed Ashraf (@X__Junior)

tested samples:
0be6f1e927f973df35dad6fc661048236d46879ad59f824233d757ec6e722bde
3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79

usage:
python3 lockbit_macos_string_decryption.py sample.bin
'''

## 20230331-TLP-WHITE_3CX-event.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rezaduty
                / 20230331-TLP-WHITE_3CX-event.md
            
            
              Created
              April 3, 2023 06:55
                — forked from SwitHak/20230331-TLP-WHITE_3CX-event.md
            
              
                BlueTeam CheatSheet *3CX-Event-March2023* | Last updated: 2023-03-31 1955 UTC
              
          
    Security Advisories / Bulletins / vendors Responses linked to 3CX compromise event
General

What's 3CX?


3CX evolved from its roots as a PBX phone system to a complete communications platform, offering customers a simple, flexible, and affordable solution to call, video and live chat.

What's happening?


Per several report the building environment of 3CX for the DesktopApp (MAC & Windows) has been compromised
The recent releases (details given below) have been compromised to include malicious code inside it
More details available regarding the compromise with the graphics by Thomas Roccia:


## TabExpansion.ps1


function TabExpansion {
param($line, $lastWord)
#$line = "go to"
#$lastWord = "to"
& {

	function Write-Members ($sep='.')
	{

## Red-Team-notes
# Enumeration

# Credential Injection

runas.exe /netonly /user:<domain>\<username> cmd.exe


# enumeration users
users
net user /domain

## h1-pivate-invitation
curl 'https://hackerone.com/graphql' \
  -H 'authority: hackerone.com' \
  -H 'pragma: no-cache' \
  -H 'cache-control: no-cache' \
  -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"' \
  -H 'accept: */*' \
  -H 'x-auth-token: [TOKEN]' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36' \
  -H 'dnt: 1' \

## pipeline-1412
# This is an example Starter pipeline configuration
# Use a skeleton to build, test and deploy using manual and parallel steps
# -----
# You can specify a custom docker image from Docker Hub as your build environment.
image: atlassian/default-image:2

pipelines:
  default:
    - parallel:
      - step:

## gist:01486dd6abc2b516d7de90d8f44ec78c
From: http://redteams.net/bookshelf/
Techie

    Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
    Social Engineering: The Art of Human Hacking by Christopher Hadnagy
    Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
    The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
    Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
    Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
    The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors

## EQgroup.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rezaduty
                / EQgroup.md
            
            
              Created
              December 25, 2020 14:20
                — forked from bontchev/EQgroup.md
            
              
                Curated list of links describing the leaked Equation Group tools for Windows
              
          
    Links describing the leaked EQ Group tools for Windows

Repositories and ports


Lost in Translation - A repository of the leaked tools


MS17-010 - Port of some of the exploits to Windows 10


Installation and usage guides


## vmmon
#!/bin/bash
# BY VMware Community
VMWARE_VERSION=workstation-15.5.1
TMP_FOLDER=/tmp/patch-vmware
rm -fdr $TMP_FOLDER
mkdir -p $TMP_FOLDER
cd $TMP_FOLDER
git clone https://github.com/mkubecek/vmware-host-modules.git
cd $TMP_FOLDER/vmware-host-modules
git checkout $VMWARE_VERSION
	'''
	Author: Mohamed Ashraf (@X__Junior)

	tested samples:
	0be6f1e927f973df35dad6fc661048236d46879ad59f824233d757ec6e722bde
	3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79

	usage:
	python3 lockbit_macos_string_decryption.py sample.bin
	'''


	function TabExpansion {
	param($line, $lastWord)
	#$line = "go to"
	#$lastWord = "to"
	& {

	function Write-Members ($sep='.')
	{
	# Enumeration

	# Credential Injection

	runas.exe /netonly /user:<domain>\<username> cmd.exe


	# enumeration users
	users
	net user /domain
	curl 'https://hackerone.com/graphql' \
	-H 'authority: hackerone.com' \
	-H 'pragma: no-cache' \
	-H 'cache-control: no-cache' \
	-H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"' \
	-H 'accept: /' \
	-H 'x-auth-token: [TOKEN]' \
	-H 'sec-ch-ua-mobile: ?0' \
	-H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36' \
	-H 'dnt: 1' \
	# This is an example Starter pipeline configuration
	# Use a skeleton to build, test and deploy using manual and parallel steps
	# -----
	# You can specify a custom docker image from Docker Hub as your build environment.
	image: atlassian/default-image:2

	pipelines:
	default:
	- parallel:
	- step:
	From: http://redteams.net/bookshelf/
	Techie

	Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
	Social Engineering: The Art of Human Hacking by Christopher Hadnagy
	Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
	The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
	Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
	Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
	The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
	#!/bin/bash
	# BY VMware Community
	VMWARE_VERSION=workstation-15.5.1
	TMP_FOLDER=/tmp/patch-vmware
	rm -fdr $TMP_FOLDER
	mkdir -p $TMP_FOLDER
	cd $TMP_FOLDER
	git clone https://github.com/mkubecek/vmware-host-modules.git
	cd $TMP_FOLDER/vmware-host-modules
	git checkout $VMWARE_VERSION