Data breach revealed,
Malware lurks, silent, stealthy -
OSINT tracks the thread.
URLs I post may contain malware – be careful and check yourself before running anything.
A new ClickFix variant dubbed "CrashFix" that intentionally crashes the browser then baits users into running malicious commands
https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke
#infosec #cybersecurity #threatintel #phishing #malware #redteam
GitPhish is a comprehensive security research tool designed to perform GitHub's device code authentication flow.
This post describes how to execute code on every Pod in many Kubernetes clusters when using a service account with nodes/proxy GET permissions
A lightweight command sandbox for Linux, secure-by-default, built on Landlock
The Mimikatz Missing Manual (a deep-dive guide to Windows Identity, Kerberos, and PKI Research)
An entertaining post on how TaskHound was refactored to fix real‑world issues
Project for generating and identifying deceptive LNK files
A Bloodhound alternative. BloodBash will ingest the same files bloodhound does but no server is required to use this tool. It's great for quick AD enumeration
Ax Framework is a free and open-source tool utilized by Bug Hunters and Penetration Testers to efficiently operate in multiple cloud environments. It helps build and deploy repeatable infrastructure tailored for offensive security purposes
The project also contains a tool to manipulate the msDS-KeyCredentialLink LDAP attribute in order to register KeyCredentialLinks in Active Directory environments
A powershell tool to enumerate all SharePoint sites/drives that a user can access via Microsoft Graph, recursively downloads files, and logs every Graph/SharePoint HTTP request for SIEM correlation
BOF to perform stealthy LDAP queries over AD WS
An interesting Clickfix attack vector
https://expel.com/blog/clearfake-new-lotl-techniques
The Lolbas technique has been known for some time
https://lolbas-project.github.io/lolbas/Scripts/Syncappvpublishingserver/
A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, & more
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or Microsoft SharePoint Document.
https://github.com/looCiprian/GC2-sheet
#infosec #cybersecurity #redteam #pentest #threatintel #dfir
This project maintains a list of binaries natively available in Proxmox VE that can be leveraged by adversaries during red team operations
High-performance, multi-threaded YARA & IOC scanner
https://github.com/Neo23x0/Loki-RS
#infosec #cybersecurity #threatintel #dfir #malware #opensource
Custom Google search engine dedicated to IT security & hacking stuff. Over 240 high-quality sources.
https://github.com/Print3M/Google-Hack-Search
#infosec #cybersecurity #redteam #pentest #threatintel #malware #bugbounty
Proof of Concept for extracting NTLMv1 hashes from sessions on Windows (relies on the Remote Credential Guard protocol).