#Identity Providers for #RedTeamers 🚩
// by @xpn
#Redteamers
SliverC2 Test + old code which still working...
this C# code was for 2019-2020 and i talked about that in my ebook "Bypassing AVs by C#.NET Programming v1.0" (Published in 2016 up to 2020 , free) but code still working on Windows Defender with (update 2023/08/28) , a little bit code changed by me which you can see in video , VirtualProtectEx added for changing RWX to X...
but in this new test, as you can see "Sliver-C2" (which i still think is much better than CobaltStrike) changed X Protection Mode to RW "in-Memory" by itself (not by my code), yeah Sliver-c2 done it and this will help you as penteser/redteamer to bypass almost all Avs and you as Blue teamer should learn how Attackers will bypass your defensive tools by these Simple/Advanced techniques... these things are very important for Defenders and in my new ebook "Bypassing AVs By C# Programming v2.0" , i will talk about these things to defenders/blue teamers also #redteamers and #pentesters or #SecurityResearchers etc.
btw this code is old and available in my github for ebook v1.0
also you can see Cobaltstrike test video here: https://lnkd.in/eCyxjN6m
#blueteam #pentester #redteam #offensivesecurity #defensivesecurity #ebook #av #protectionmode #inmemory #sliverc2
#APT Groups and Operations
worth to read ;D , "[not interested to me] but maybe is useful for some #blueteamers or #redteamers / #Pentesters / ...."
Collection of Blue Team Codes & Tools which made by Offensive guys & Defensive guys
in this article i just want to share some very useful codes/tools which made by #Defenders also some of them made by #Pentesters & #Redteamers for #Blueteams , all these codes/tools are available in my list in github but in this article i just show you Blue team Tools/Codes but in the list you can see Offensive codes/tools too and ...
full list link : https://github.com/DamonMohammadbagher/Some_Pentesters_SecurityResearchers_RedTeamers
#blueteam #redteam #offensive #defensive #pentesters #codes #tools #blueteamtools
list last updated: 18 feb 2023
[defensive] @ZeroMemoryEx , (malware analysts to extract Command and Control C2 traffic) => https://github.com/ZeroMemoryEx/C2-Hunter
[defensive] foxit , (detect use of the DanderSpritz eventlogedit module [recover the removed event log entries]) => https://github.com/fox-it/danderspritz-evtx
[defensive] thefLinkk , (Hunt-Sleeping-Beacons. Aims to identify sleeping beacons) => https://github.com/thefLink/Hunt-Sleeping-Beacons
[defensive] LOLBAS-Project, (LOLBAS project is to document every binary, script & library that can be used for Living Off The Land techniques) => https://github.com/LOLBAS-Project/LOLBAS
[defensive] @winternl_t , (syscall-detect) => https://github.com/jackullrich/syscall-detect
[defensive] @slaeryan , (Detects Module Stomping as implemented by Cobalt Strike) => https://github.com/slaeryan/DetectCobaltStomp
[defensive] @_Apr4h , (CobaltStrikeScan, Scan files or process memory for CobaltStrike beacons) => https://github.com/Apr4h/CobaltStrikeScan
[defensive] Siemens Healthineers , ETWAnalyzer (Command line tool to analyze one/many ETW file/s with simple queries) => https://github.com/Siemens-Healthineers/ETWAnalyzer
[defensive] KANKOSHEV , (Detect-HiddenThread-via-KPRCB, Detect removed thread from PspCidTable) => https://github.com/KANKOSHEV/Detect-HiddenThread-via-KPRCB
[defensive] @Waldoirc , (Detect strange memory regions and DLLs ) => https://github.com/waldo-irc/MalMemDetect
[defensive] Rabobank Cyber Defence Centre , (Detect Tactics, Techniques & Combat Threats) => https://github.com/rabobank-cdc/DeTTECT
[defensive] @jordanklepser , (defender-detectionhistory-parser, A parser of Windows Defender's DetectionHistory forensic artifact) => https://github.com/jklepsercyber/defender-detectionhistory-parser
[defensive] @ScarredMonk , (SysmonSimulator, Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs) => https://github.com/ScarredMonk/SysmonSimulator
[defensive] Splunk , (Cmelting-cobalt, Cobalt Strike Scanner that retrieves detected Team Server beacons) => https://github.com/splunk/melting-cobalt
[defensive] Ali Davanian , (CnCHunter is a fork of RiotMan, and it allows exploiting malware for active probing) => https://github.com/adava/CnCHunter
[defensive] Airbus CERT , (Wireshark plugin to work with ETW) => https://github.com/airbus-cert/Winshark
[defensive] @_forrestorr , (Moneta, memory scanner) => https://github.com/forrest-orr/moneta
[defensive] @hasherezade , (Pe-Sieve, memory scanner) => https://github.com/hasherezade/pe-sieve
[defensive] @arch_rabbit , (Fibratus is a tool for exploration and tracing of the Windows kernel) => https://github.com/rabbitstack/fibratus
[defensive] Rajiv Kulkarni , (FalconEye, Real-time detection software for Windows process injections) => https://github.com/rajiv2790/FalconEye
[defensive] @standa_t , (tool to help malware analysts tell that the sample is injecting code to another process) => https://github.com/tandasat/RemoteWriteMonitor
[defensive] Microsoft , (MSFT, CPU/Memory performance-analysis,very useful ETW Codes & tools for Blue Teams/Defenders) => https://github.com/microsoft/perfview
[defensive] HoShiMin , (Avanguard, The Win32 Anti-Intrusion Library) => https://github.com/HoShiMin/Avanguard
[defensive] Lares , (Pushes Sysmon Configs) => https://github.com/LaresLLC/SysmonConfigPusher
[defensive] Improsec A/S , (Identify the attack paths in BloodHound breaking your AD tiering) => https://github.com/improsec/ImproHound
[defensive] @pathtofile , (Easy ETW Tracing for Security Research) => https://github.com/pathtofile/Sealighter
[defensive] @_lpvoid , (TiEtwAgent is ETW-based process injection detection) => https://github.com/xinbailu/TiEtwAgent
[defensive] ComodoSecurity , (OpenEDR is a free & open source platform EDR) => https://github.com/ComodoSecurity/openedr
[defensive] wazuh , (Wazuh is a free & open source platform EDR) => https://github.com/wazuh/wazuh
[defensive] @cyb3rops , (Raccine, A Simple Ransomware Protection) => https://github.com/Neo23x0/Raccine
[defensive] 3lp4tr0n , (BeaconHunter , Behavior based monitoring and hunting tool built in C# tool leveraging ETW tracing) => https://github.com/3lp4tr0n/BeaconHunter
[defensive] OpenCTI , (open source platform allowing organizations to manage their cyber threat intelligence knowledge) => https://github.com/OpenCTI-Platform/opencti
[defensive] ion-storm , (Sysmon EDR Active Response Features) => https://github.com/ion-storm/sysmon-edr
[defensive] @jtsmith282 , Blue teams monitor systems => https://github.com/ION28/BLUESPAWN
[defensive] @hasherezade , (hollows_hunter , memory scanner) => https://github.com/hasherezade/hollows_hunter
[off---def] Nomi Sec , (Hacker-Trends) => https://github.com/nomi-sec/Hacker-Trends
[off---def] @brsn76945860 , (Enumerating and removing kernel callbacks using signed vulnerable drivers) => https://github.com/br-sn/CheekyBlinder
[off---def] m0rv4i , (Syscalls-Extractor, extracting syscall numbers for an OS) => https://github.com/m0rv4i/Syscalls-Extractor
[off---def] @ale_sp_brazil , (dotnet malware threat, internals & reversing) => http://www.blackstormsecurity.com/docs/ALEXANDREBORGES_DEFCON_2019.pdf
[off---def] @0gtweet , (Simple solutions allowing you to dig a bit deeper than usual) => https://github.com/gtworek/PSBits
[off---def] Mr.Un1k0d3r , (EDRs Hooked APIs + some useful EDRs info for during red team exercise) => https://github.com/Mr-Un1k0d3r/EDRs
[off---def] Roberto Rodriguez @Cyb3rWard0g , (Education/Training: Threat Hunter Playbook) => https://threathunterplaybook.com/introduction.html
[off---def] @_EthicalChaos_ , (MiniHook, hooking native API calls ) => https://github.com/CCob/MinHook.NET
[off---def] Black Lantern Security, (writehat , Pentest reporting tool written in Python) => https://github.com/blacklanternsecurity/writehat
[off---def] mvelazc0 , (PurpleSharp) => https://github.com/mvelazc0/PurpleSharp
[off---def] boh , (C# Tools) => https://github.com/boh/RedCsharp
[off---def] redcanaryco , (Red-Teaming) => https://github.com/redcanaryco/atomic-red-team
Join us next week at #FiestaCon - formerly ArcticCon - for a presentation by @moloch, "Offensive #WASM." This is an in-person conference by #RedTeamers for Red Teamers. See more details on the presentation below:
"Offensive WASM"
A brief history of WASM/WASI and then dive into the upcoming Sliver v1.6 release, which includes a prototype feature that allows operators to encode C2 traffic using WASM-based callback functions. These WASM-based encoder functions can be dynamically loaded at runtime by both the server and the implant. We’ll discuss the limitations of the technology (e.g., performance), how the network encoder interface works, as well as potential future applications of the technology.
Find more info here: https://bfx.social/3yaCk2g
Hey #pentesters and #redteamers
Is there any cyber conference worth attending in Europe?
i saw some article and post which some red-teamers and pentesters talked about what they know and what they can do via C++ and why they think they are better than others ;D (too much arrogant) just because they know little thing to do something via C++ and they think with other language you CAN NOT DO that (just because they don't know nothing about other languages) and they talk about other languages like Java or C# or ... and said hey Java is awful or C# even is not Programming language (these guys make me fun ;D, and its clear they really don't know what they say about others and other programming languages ;p) etc
to me (or probably to all of us) this is not important who are you and what you did or how many years you have experience in #redteaming #pentesting #blueteaming
but the thing is really important to me "be #humble as [adult guy]" and believe me mocking others just show us which you know nothing about that thing which you talked about that (like other #programming #languages )
I saw a lot Pentester/Redteamers which even some of them are younger than me which have/had lower than me experience of pentesting/redteaming or ... but they have very nice & powerful skills in programming to bypassing AVs/EDRs "better than me" and i learned a lot things from them, some of them are C# developers C++ Java Python/Rust etc, believe this or not even some C++ Developer or C# Developer which are not in my cyber security field was my best instructors and i learned from them a lot things,but because they are Developers i did not ignore them for learning new things from them etc
also
i saw some #Redteamers or #Pentesters which never write C2 server/client code by-itself (always work with #C2 tools which made/wrote by others) talked about other Redteamers/ #Securityresearchers which made C2 server by-itself with any languages like C++/C#/java... and mocking them for their works or their codes, and again that because they are not real/good Programmer and they "can not do" that more often thats why they talk about others like that ;), believe me Programming is not Easy in these Fields like Pentesting/Redteaming and C2 programming really IS NOT EASY to do that especially if you want to write C2 server by-itself so you guys really don't know any thing about programming and still talk about that ;D
i know C++ but i never ever talking about C++ like that which you can't do that in C++ and only in C# you can do it, instead i said you can do this in C# simply which probably you can not do this in C++ SIMPLY"
that means just because "i am not C++ Pro Programmer" i can not say you CAN NOT DO THAT IN C++...(because i know you can do that probably in any languages but how).
does not matter how are you and where you live, or work for who, important thing is "be humble" and "be good learner" without "arrogant, childish things"
finally to those make code by itself let others learn from you and don't listen to these type of
guys (make your own chik chik)
I am "you.com" fan ;D
two simple tricks to create your code via #AI NICE...
this platform is very useful for #SecurityResearchers , #Pentesters / #Redteamers / #blueteamers / #CyberSecurity / #instructors / #infosec guys/ #developers and i just use "YOU.COM" more than Google, probably more than 80% of my work/research is on you.com platform and maybe 20% in google or ... , thank you guys in "you.com" and WELL DONE....
#chatgpt #youdotcom #you #ai
Note: another trick[2], you can for example Turn PYTHON into JAVA via Code Translate on you.com
steps => (in you.com go to code then type in search bar "code translate", Done) (it seems only these languages supported for translation [C++/JAVA/Python], where is C#? ;D)
simple trick[1] to create your code via #AI NICE...
steps for create your code via #AI => (in you.com go to code then type in search bar "code complete", Done)
I am you.com fan ;D
this platform is very useful for #SecurityResearchers , #Pentesters / #Redteamers / #blueteamers / #CyberSecurity / #instructors / #infosec guys/ #developers and...
as cyber security researcher and pentester this you-chat and search help me too much, a lot people in the world now get this point which you.com is awesome and also is useful/helpful for their research etc, for me this was helpful/useful to research or make some great new codes or new technique based on AI search/chat result which made by you.com platform and for research and learning new things i just use "YOU.COM" more than Google.com, probably more than 80% of my work/research is on you.com platform and maybe 20% in google or ... , thank you guys in "you.com" and WELL DONE....
#chatgpt #youdotcom #you #ai
for learning how can use this platform watch their videos one-by-one they are awesome and really good explained => https://www.youtube.com/@yousearchengine
for "Developers": one of good example from you.com => https://www.youtube.com/watch?v=BO6E3UVmkmc
for "Developers": Turn PYTHON into JAVA? Code Translate on you.com => https://www.youtube.com/watch?v=JC_KvIjXDKk
Good Video about you.com:
You.com Vs. Chat GPT
https://www.youtube.com/watch?v=uLqmaICxe_g
you can not still call those guys which "made functional #malwares" by itself or via #chatgpt + #itself => "#script #kiddies"
i think they will "learn" new things faster and they really #learn new programming things maybe even better than other experienced guys so you can not still call them "script kiddies" ...
"btw we [ #pentesters / #redteamers ] all started from that level which you called script kiddies ;D"
am i wrong ?
Me: I am thinking about how much something like you "chatgpt" can be useful/helpful for Blue-teaming side too !?
Chatgpt: I am awesome, ask me about blue-teaming.
Me: ;D
Chatgpt: ;D
Me: For create account, How can Bypass your phone verification?
Chatgpt: 🤦♂️ you can't!
those Cyber Security guys which called itself #pentester or #Redteamer or #SecurityResearcher "just because" they are in university (learning something As [basics ;D more often] or academic things or out-of-date things ;D) and they "did not have any Experience" in Cyber Security Fields (even 1 year) and some of them even did not have any good/unique/new Cyber Security Research or tools/codes (which shared before to public).
and yeah we call them beginner "geniuses" in cyber security lol
Vs
those Cyber Security Guys which they have at least 3-5 years experience of learning real/new/unique things in these fields like #penetrationtesting or #redteaming or #securityresearch .
believe me your academic things are "Bullshit" and your instructors did not have updated content , they even don't have good viewpoint for cyber security fields like Penetration test or ... ,more often they don't have any experience of working with Offensive tools like Modern C2 servers, they don't know how you can write Offensive Codes like Writing #C2 server/agent (and why should do that) or they don't know how you can writing Offensive codes for bypassing #avs or #EDRs or #bypassing other things ... you don't know about these things or a lot other things which you should learn them outside of university "by yourself".
you can learn these things from #infosec #communities (with read Articles or Learn Courses which shared Publicly or Privately by #SecurityResearchers and #Pentesters or #redteamers or #blueteamers) and you need at least 2-3 years experiences for learn these new things.
Some guys think if you know all tools in Kali linux then you can call yourself #Pentester or Red-teamer, which is not true "geniuses".
Penetration testing is not about Tools , its about background "concepts" of tools omfg "remember this". (its about logic behind tools)
#hack100days : Day 3b : Working on cleaning up notes from yesterday. Need to capture lesson learned from Friday, as well--when searching for vhosts using fuff, check the http headers to see if "Host: FUZZ.${TARGET}" or "Host: FUZZ" is needed.
Also a note for #redteamers, are you testing USB detective controls every now and then? My next test is going to be with a #FlipperZero--if the tooling doesn't recognize it, gonna amp it up w/some BadUSB shennanigans. #infosec
🐮 A Pirate Moo's Pentest Checklist
A working/living curated checklist that can be modified as needed for various pentest engagements. Please feel free to build, modify and edit this list as you like.
Oi! #redteamers! For inside services, do you carry out any password spray attack exercises? #redteaming #redteam
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst