PRINT
PRINT
SEND MAIL
SEND MAIL
AWSAWS IAMCloudSploit ScansEC2MisconfigurationNEW TOOLSNodeJSScanScriptsSecurity Audit

CloudSploit Scans – AWS Security Scanning Checks

by Black Hat Sec

CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks.InstallationEnsure that NodeJS is installed. If not, install it from here.git clone git@github.com:cloudsploit/scans.gitnpm installSetupTo begin using the scanner, edit the index.js file with your AWS key, secret, and optionally (for temporary credentials), a session token. You can also set a file containing credentials. To determine the permissions associated…

Read More CloudSploit Scans – AWS Security Scanning Checks
penetration testingTUTORIALS

Windows Privilege Escalation (AlwaysInstallElevated)

by Black Hat Sec

Hello Friends!! In this article we are demonstrating the Windows privilege escalation method via the method of AlwaysInstallElevated policy. In penetration testing, when we spawn command shell as local user, it is possible to exploit the vulnerable features (or configuration settings) of Windows Group policy, to further elevate them to admin privileges and gain the administrator access Table of Content Introduction Lab setup Spawn command shell as local user Escalate privilege manually via .msi payload (MSfvenom) Escalated privilege via Adding user Administrators Group (Msfvenom)…

Read More Windows Privilege Escalation (AlwaysInstallElevated)
Exchange ServicesHiddenNBNSNEW TOOLSNTLMNtlmRelayToEWSSMB

NtlmRelayToEWS – Ntlm Relay Attack To Exchange Web Services

by Black Hat Sec

ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS). It spawns an SMBListener on port 445 and an HTTPListener on port 80, waiting for incoming connection from the victim. Once the victim connects to one of the listeners, an NTLM negociation occurs and is relayed to the target EWS server.Obviously this tool does NOT implement the whole EWS API, so only a handful of services are implemented that can be useful in some attack scenarios. I might be adding…

Read More NtlmRelayToEWS – Ntlm Relay Attack To Exchange Web Services
MacNEW TOOLSSSL/TLSWAFWAF Buster

WAF Buster – Disrupt WAF By Abusing SSL/TLS Ciphers

by Black Hat Sec

Disrupt WAF by abusing SSL/TLS CiphersAbout WAF_busterThis tool was created to Analyze the ciphers that are supported by the Web application firewall being used at the web server end. (Reference: ) It works by first triggering SslScan to look for all the supported ciphers during SSL/TLS negotiation with the web server.After getting the text file of all the supported ciphers, then we use Curl to query web server with each and every Cipher to check which of the ciphers are unsupported by WAF and supported by…

Read More WAF Buster – Disrupt WAF By Abusing SSL/TLS Ciphers
Cobalt StrikeCommand LineNEW TOOLSParameterRegistrywePWNise

wePWNise – Generates Architecture Independent VBA Code To Be Used In Office Documents Or Templates And Automates Bypassing Application Control And Exploit Mitigation Software

by Black Hat Sec

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit, Cobalt Strike) and it also accepts any custom payload in raw format.PrerequisitesPython termcolor package. To install run: pip install termcolorCommand line argumentsTo start using wePWNise,…

Read More wePWNise – Generates Architecture Independent VBA Code To Be Used In Office Documents Or Templates And Automates Bypassing Application Control And Exploit Mitigation Software
AWSAws_Public_IpsIP addressesMacNEW TOOLS

Aws_Public_Ips – Fetch All Public IP Addresses Tied To Your AWS Account

by Black Hat Sec

aws_public_ips is a tool to fetch all public IP addresses (both IPv4/IPv6) associated with an AWS account.It can be used as a library and as a CLI, and supports the following AWS services (all with both Classic & VPC flavors):APIGatewayCloudFrontEC2 (and as a result: ECS, EKS, Beanstalk, Fargate, Batch, & NAT Instances)ElasticSearchELB (Classic ELB)ELBv2 (ALB/NLB)LightsailRDSRedshiftIf a service isn't listed (S3, ElastiCache, etc) it's most likely because it doesn't have anything to support (i.e. it might not be deployable publicly, it might have all ip…

Read More Aws_Public_Ips – Fetch All Public IP Addresses Tied To Your AWS Account
penetration testingTUTORIALS

Windows Privilege Escalation (Unquoted Path Service)

by Black Hat Sec

Hello Friends!! In this article we are demonstrating Windows privilege escalation via Unquoted service Path.  In penetration testing when we spawn command shell as local user, it is not possible to check restricted file or folder, therefore we need to escalated privileges to get administrators access. Table of content Introduction Lab setup Spawn command shell as local user Escalated privilege via Prepend-migrate Escalated privilege via Adding user Administrators Group Escalated privilege via RDP & Sticky_keys Introduction Unquoted service Path Vulnerability The vulnerability is related…

Read More Windows Privilege Escalation (Unquoted Path Service)
AWSCommand LineMacNEW TOOLSResource-Counter

Resource-Counter – This Command Line Tool Counts The Number Of Resources In Different Categories Across Amazon Regions

by Black Hat Sec

This command line tool counts the number of resources in different categories across Amazon regions.This is a simple Python app that will count resources across different regions and display them on the command line. It first shows the dictionary of the results for the monitored services on a per-region basis, then it shows totals across all regions in a friendlier format. It tries to use the most-efficient query mechanism for each resource in order to manage the impact of API activity. I wrote this…

Read More Resource-Counter – This Command Line Tool Counts The Number Of Resources In Different Categories Across Amazon Regions
Cyber ThreatsEDITOR’S NEWS

FCA lays out new rules for banks on reporting operational and security incidents to customers

by Black Hat Sec

On Wednesday 15th August, the Financial Conduct Authority (FCA) enforced new rules requiring providers of personal and business accounts to publish information that will help current customers to compare bank accounts from different providers. Banks will have to report major operational and security incidents that have taken place and disclose whether 24-hour customer helplines are available. The pressure for banks to report system failures is further compounded by the Bank of England and FCA’s fast approaching 5 October deadline, by which they must report on their…

Read More FCA lays out new rules for banks on reporting operational and security incidents to customers