AWSAWS IAMCloudSploit ScansEC2MisconfigurationNEW TOOLSNodeJSScanScriptsSecurity Audit

CloudSploit Scans – AWS Security Scanning Checks

CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks.InstallationEnsure that NodeJS is installed. If not, install it from here.git clone installSetupTo begin using the scanner, edit the index.js file with your AWS key, secret, and optionally (for temporary credentials), a session token. You can also set a file containing credentials. To determine the permissions associated…

penetration testingTUTORIALS

Windows Privilege Escalation (AlwaysInstallElevated)

Hello Friends!! In this article we are demonstrating the Windows privilege escalation method via the method of AlwaysInstallElevated policy. In penetration testing, when we spawn command shell as local user, it is possible to exploit the vulnerable features (or configuration settings) of Windows Group policy, to further elevate them to admin privileges and gain the administrator access Table of Content Introduction Lab setup Spawn command shell as local user Escalate privilege manually via .msi payload (MSfvenom) Escalated privilege via Adding user Administrators Group (Msfvenom)…

Exchange ServicesHiddenNBNSNEW TOOLSNTLMNtlmRelayToEWSSMB

NtlmRelayToEWS – Ntlm Relay Attack To Exchange Web Services

ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS). It spawns an SMBListener on port 445 and an HTTPListener on port 80, waiting for incoming connection from the victim. Once the victim connects to one of the listeners, an NTLM negociation occurs and is relayed to the target EWS server.Obviously this tool does NOT implement the whole EWS API, so only a handful of services are implemented that can be useful in some attack scenarios. I might be adding…


WAF Buster – Disrupt WAF By Abusing SSL/TLS Ciphers

Disrupt WAF by abusing SSL/TLS CiphersAbout WAF_busterThis tool was created to Analyze the ciphers that are supported by the Web application firewall being used at the web server end. (Reference: ) It works by first triggering SslScan to look for all the supported ciphers during SSL/TLS negotiation with the web server.After getting the text file of all the supported ciphers, then we use Curl to query web server with each and every Cipher to check which of the ciphers are unsupported by WAF and supported by…

Cobalt StrikeCommand LineNEW TOOLSParameterRegistrywePWNise

wePWNise – Generates Architecture Independent VBA Code To Be Used In Office Documents Or Templates And Automates Bypassing Application Control And Exploit Mitigation Software

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit, Cobalt Strike) and it also accepts any custom payload in raw format.PrerequisitesPython termcolor package. To install run: pip install termcolorCommand line argumentsTo start using wePWNise,…

AWSAws_Public_IpsIP addressesMacNEW TOOLS

Aws_Public_Ips – Fetch All Public IP Addresses Tied To Your AWS Account

aws_public_ips is a tool to fetch all public IP addresses (both IPv4/IPv6) associated with an AWS account.It can be used as a library and as a CLI, and supports the following AWS services (all with both Classic & VPC flavors):APIGatewayCloudFrontEC2 (and as a result: ECS, EKS, Beanstalk, Fargate, Batch, & NAT Instances)ElasticSearchELB (Classic ELB)ELBv2 (ALB/NLB)LightsailRDSRedshiftIf a service isn't listed (S3, ElastiCache, etc) it's most likely because it doesn't have anything to support (i.e. it might not be deployable publicly, it might have all ip…

penetration testingTUTORIALS

Windows Privilege Escalation (Unquoted Path Service)

Hello Friends!! In this article we are demonstrating Windows privilege escalation via Unquoted service Path.  In penetration testing when we spawn command shell as local user, it is not possible to check restricted file or folder, therefore we need to escalated privileges to get administrators access. Table of content Introduction Lab setup Spawn command shell as local user Escalated privilege via Prepend-migrate Escalated privilege via Adding user Administrators Group Escalated privilege via RDP & Sticky_keys Introduction Unquoted service Path Vulnerability The vulnerability is related…

AWSCommand LineMacNEW TOOLSResource-Counter

Resource-Counter – This Command Line Tool Counts The Number Of Resources In Different Categories Across Amazon Regions

This command line tool counts the number of resources in different categories across Amazon regions.This is a simple Python app that will count resources across different regions and display them on the command line. It first shows the dictionary of the results for the monitored services on a per-region basis, then it shows totals across all regions in a friendlier format. It tries to use the most-efficient query mechanism for each resource in order to manage the impact of API activity. I wrote this…

Cyber ThreatsEDITOR’S NEWS

FCA lays out new rules for banks on reporting operational and security incidents to customers

On Wednesday 15th August, the Financial Conduct Authority (FCA) enforced new rules requiring providers of personal and business accounts to publish information that will help current customers to compare bank accounts from different providers. Banks will have to report major operational and security incidents that have taken place and disclose whether 24-hour customer helplines are available. The pressure for banks to report system failures is further compounded by the Bank of England and FCA’s fast approaching 5 October deadline, by which they must report on their…