reza.duty rezaduty

## cses.json
[
  {
    "label": "GEOSINTsearch",
    "tooltip": "Searches within posts from Twitter, Reddit and 4Chan and presents anything that contains a Google Maps link",
    "value": "https://cse.google.com/cse?cx=015328649639895072395:sbv3zyxzmji"
  },
  {
    "label": "Pasted tekst",
    "tooltip": "Look if any specifc text has been posted before",
    "value": "https://cse.google.com/cse/publicurl?cx=013991603413798772546:nxs552dhq8k"

## lockbit_macos_string_decryption.py
'''
Author: Mohamed Ashraf (@X__Junior)

tested samples:
0be6f1e927f973df35dad6fc661048236d46879ad59f824233d757ec6e722bde
3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79

usage:
python3 lockbit_macos_string_decryption.py sample.bin
'''

## 20230331-TLP-WHITE_3CX-event.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rezaduty
                / 20230331-TLP-WHITE_3CX-event.md
            
            
              Created
              April 3, 2023 06:55
                — forked from SwitHak/20230331-TLP-WHITE_3CX-event.md
            
              
                BlueTeam CheatSheet *3CX-Event-March2023* | Last updated: 2023-03-31 1955 UTC
              
          
    Security Advisories / Bulletins / vendors Responses linked to 3CX compromise event
General

What's 3CX?


3CX evolved from its roots as a PBX phone system to a complete communications platform, offering customers a simple, flexible, and affordable solution to call, video and live chat.

What's happening?


Per several report the building environment of 3CX for the DesktopApp (MAC & Windows) has been compromised
The recent releases (details given below) have been compromised to include malicious code inside it
More details available regarding the compromise with the graphics by Thomas Roccia:


## TabExpansion.ps1


function TabExpansion {
param($line, $lastWord)
#$line = "go to"
#$lastWord = "to"
& {

	function Write-Members ($sep='.')
	{

## Red-Team-notes
# Enumeration

# Credential Injection

runas.exe /netonly /user:<domain>\<username> cmd.exe


# enumeration users
users
net user /domain

## gist:01486dd6abc2b516d7de90d8f44ec78c
From: http://redteams.net/bookshelf/
Techie

    Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
    Social Engineering: The Art of Human Hacking by Christopher Hadnagy
    Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
    The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
    Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
    Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
    The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors

## EQgroup.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rezaduty
                / EQgroup.md
            
            
              Created
              December 25, 2020 14:20
                — forked from bontchev/EQgroup.md
            
              
                Curated list of links describing the leaked Equation Group tools for Windows
              
          
    Links describing the leaked EQ Group tools for Windows

Repositories and ports


Lost in Translation - A repository of the leaked tools


MS17-010 - Port of some of the exploits to Windows 10


Installation and usage guides


## List of API endpoints & objects
0
00
01
02
03
1
1.0
10
100
1000

## index.php
<?php
// See: http://blog.ircmaxell.com/2013/02/preventing-csrf-attacks.html

// Start a session (which should use cookies over HTTP only).
session_start();

// Create a new CSRF token.
if (! isset($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = base64_encode(openssl_random_pseudo_bytes(32));
}

## Finding vulnerabilities in PHP scripts FULL
Name : Finding vulnerabilities in PHP scripts FULL ( with examples )
Author : SirGod
Email : sirgod08@gmail.com
Contents :

 1) About
 2) Some stuff
 3) Remote File Inclusion
    3.0 - Basic example
	3.1 - Simple example
	[
	{
	"label": "GEOSINTsearch",
	"tooltip": "Searches within posts from Twitter, Reddit and 4Chan and presents anything that contains a Google Maps link",
	"value": "https://cse.google.com/cse?cx=015328649639895072395:sbv3zyxzmji"
	},
	{
	"label": "Pasted tekst",
	"tooltip": "Look if any specifc text has been posted before",
	"value": "https://cse.google.com/cse/publicurl?cx=013991603413798772546:nxs552dhq8k"
	'''
	Author: Mohamed Ashraf (@X__Junior)

	tested samples:
	0be6f1e927f973df35dad6fc661048236d46879ad59f824233d757ec6e722bde
	3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79

	usage:
	python3 lockbit_macos_string_decryption.py sample.bin
	'''


	function TabExpansion {
	param($line, $lastWord)
	#$line = "go to"
	#$lastWord = "to"
	& {

	function Write-Members ($sep='.')
	{
	# Enumeration

	# Credential Injection

	runas.exe /netonly /user:<domain>\<username> cmd.exe


	# enumeration users
	users
	net user /domain
	From: http://redteams.net/bookshelf/
	Techie

	Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
	Social Engineering: The Art of Human Hacking by Christopher Hadnagy
	Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
	The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
	Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
	Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
	The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
	<?php
	// See: http://blog.ircmaxell.com/2013/02/preventing-csrf-attacks.html

	// Start a session (which should use cookies over HTTP only).
	session_start();

	// Create a new CSRF token.
	if (! isset($_SESSION['csrf_token'])) {
	$_SESSION['csrf_token'] = base64_encode(openssl_random_pseudo_bytes(32));
	}
	Name : Finding vulnerabilities in PHP scripts FULL ( with examples )
	Author : SirGod
	Email : sirgod08@gmail.com
	Contents :

	1) About
	2) Some stuff
	3) Remote File Inclusion
	3.0 - Basic example
	3.1 - Simple example