NiceRath

#!/bin/bash

# target: squid-openssl 4.13 with listener "http_port 127.0.0.1:3129 tproxy"

# see also:
#   https://docs.kernel.org/networking/tproxy.html
#   https://blog.cloudflare.com/mmproxy-creative-way-of-preserving-client-ips-in-spectrum/
#   https://latest.gost.run/en/tutorials/redirect/#forwarding-chain_1

# you might need to enable some iptables/nftables kernel modules:

NiceRath

#!/usr/sbin/nft -f

# see also:
#  https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks
#  https://docs.kernel.org/networking/tproxy.html
#  https://powerdns.org/tproxydoc/tproxy.md.html
#  http://git.netfilter.org/nftables/commit/?id=2be1d52644cf77bb2634fb504a265da480c5e901
#  http://wiki.squid-cache.org/Features/Tproxy4
#  https://serverfault.com/questions/1052717/how-to-translate-ip-route-add-local-0-0-0-0-0-dev-lo-table-100-to-systemd-netw
#  https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/net/netfilter/nft_tproxy.c

D3Ext

AMSI Bypass

To perform all this techniques you can simply try them by typing "Invoke-Mimikatz" into your powershell terminal, you'll notice that even if you haven't imported Mimikatz it will detect that as malicious. But if the AMSI is off or you avoid it, it just will say that "it's not recognized as the name of a cmdlet", so you could say that you've bypassed the AMSI

However some methods may be detected by the AV but most of them actually work without problem

Powershell downgrade

The first and worst way to bypass AMSI is downgrading powershell version to 2.0.

tin-z

Roadmap to learn fuzzing

Index

1. Sanitizers
2. Intro-to-fuzzing

n1snt

Oh my zsh.

Install ZSH.

sudo apt install zsh-autosuggestions zsh-syntax-highlighting zsh

Install Oh my ZSH.

tin-z

refs

• portswigger academy + blog

• OWASP Web Security Testing Guide

• OWASP Juice Shop

• HackTricks - Pentesting Web Methodology

• natas wargame

• pwnfunction youtube channel

• learn365 github

• learn-web-hacking github

djhohnstein

Let's turn Any .NET Application into an LOL Bin

We can do this by experimenting with .config files.

Many defenders catch/detect files that are renamed, they do this by matching Original Filename to Process Name

In this example, we don't have to rename anything. We simple coerce a trusted signed app to load our Assembly.

We do this by directing the application to read a config file we provide.

insdavm

WireGuard Site-to-Site

Accessing a subnet that is behind a WireGuard client using a site-to-site setup

Problem Summary

We want to access a local subnet remotely, but it is behind a NAT firewall and we can't setup port forwarding. Outgoing connections work, but all incoming connections get DROPPED by the ISP's routing policy.

Solution Summary

evilJazz

### hostapd configuration file, loosely based on http://pisarenko.net/blog/2015/02/01/beginners-guide-to-802-dot-11ac-setup/
### for Realtek RTL8812AU via driver https://github.com/abperiasamy/rtl8812AU_8821AU_linux
### and hostap 2.5
### Operates at 135 Mbps in 802.11n/ht mode. iperf measures ~8.00 MBytes/sec  67.1 Mbits/sec
### I was not able to get 802.11ac/vht mode with additional side-channels configured with the driver.

ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
interface=wlan2
driver=nl80211

robinsmidsrod

@echo off

rem Figure out path to plink.exe
set putty_dir_key="HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PuTTY_is1"
for /f "tokens=3*" %%x in ('reg query %putty_dir_key% /v "InstallLocation"') do set putty_dir=%%x %%y
if not defined putty_dir (
    echo Please install PuTTY using Windows installer from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
    exit /b 1
)
set plink="%putty_dir%\plink.exe"