Red Teaming - Bulwark-Black Security

THIS WEEK IN SECURITY: LOOP DOS, FLIPPER RESPONDS, AND MORE!

bulwarkblack6 months ago6 months ago09 mins

by: Jonathan Bennett Here’s a fun thought experiment. UDP packets can be sent with an arbitrary source IP and port, so you can send a packet to one server, and could aim the response at another server. What happens if that response triggers another response? What if you could craft a packet that continues that cycle…

Bypassing EDRs With EDR-Preloading

bulwarkblack7 months ago7 months ago02 mins

READ ARTICLE Marcus Hutchins Previously, I wrote an article detailing how system calls can be utilized to bypass user mode EDR hooks. Now, I want to introduce an alternative technique, “EDR-Preloading”, which involves running malicious code before the EDR’s DLL is loaded into the process, enabling us to prevent it from running at all. By neutralizing the…

Detecting API endpoints and source code with JS Miner

bulwarkblack7 months ago7 months ago03 mins

Read Article DANA EPP’S BLOG Security (de)engineering for fun and profit Let’s be honest. Most APIs are naked without some sort of web app frontend calling it. These days, those apps are usually written in some sort of framework based on Javascript. With a bit of work, we can do deeper recon against our API targets if…

Book.HackTricks

bulwarkblack7 months ago7 months ago03 mins

To the Book! Disclaimer This book, ‘HackTricks,’ is intended for educational and informational purposes only. The content within this book is provided on an ‘as is’ basis, and the authors and publishers make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability of the information, products,…

Active Directory Penetration Testing Orange Cyber-defense mind maps

bulwarkblack8 months ago8 months ago01 mins

Get Mind Map!

SQLmap Cheat Sheet

bulwarkblack8 months ago8 months ago01 mins

Link to Sheet

Announcing cvemap from ProjectDiscovery

bulwarkblack8 months ago8 months ago02 mins

Read Article Project Discovery Tool ManagerGitHub pdtm is a simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery. Security professionals are constantly on guard against cyber threats, especially given the rising number and sophistication of attacks. However, there’s a less obvious, yet increasingly alarming “enemy” in cybersecurity: the surge in reported Common…

How to protect Evilginx using Cloudflare and HTML Obfuscation

bulwarkblack8 months ago8 months ago01 mins

Read Article Using a combination of Cloudflare and HTML Obfuscation, it is possible to protect your Evilginx server from being flagged as deceptive and so increase your chances of success on Red Team and Social Engineering engagements. Anyone who has tried to run a Social Engineering campaign will at some point seen the ‘Deceptive site…

How to Leverage Internal Proxies for Lateral Movement, Firewall Evasion, and Trust Exploitation

bulwarkblack8 months ago8 months ago02 mins