Search the Community

Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus. How does it work? Then CobaltBus DotNetCore binary that integrates with CobaltStrikes ExternalC2, will create a local SqliteDB in order to keep track of multiple beacons. The messages inbound to CobaltBus will be captured and written to the database. The database names “CobaltBus.db” and “CobaltBus-log.db” will be created in the directory CobaltBus.dll is running from. Once a Beacon binary runs, it will push an “INITIALIZE” message to the baseQueueName queue, with a randomly generated BeaconId and Pipename. The CobaltBus handler will then capture this, create and move into the two new queues based on the BeaconId sent, request stager shellcode from the CobaltStrike, and push it back down the new queue as an “INJECT” message. From here, the Beacon project injects the captured shellcode into memory and establishes a connection with the CobaltStrike beacon over the generated pipe name. When a command is issued from CobaltBus, it is pushed down the beacon respective queue and into the beacon pipe name. [hide][Hidden Content]]

Carnivore – Microsoft External Attack Tool Overview: Carnivore is an assessment tool for Skype for Business, Exchange, ADFS, and RDWeb servers as well as some O365 functionality. Carnivore includes some new post-authentication Skype for Business functionality. In general, the tabs will unlock in-line with what functionality you can use. Ie – the post auth options will unlock after you have discovered valid credentials. Feature Subdomain Enumeration Username Enumeration Smart Enumeration 9 lists of statistically likely usernames Automatically selects likely format Legacy vs Modern Format Password Spraying Discovered Format Pre-built lists Post Compromise [hide][Hidden Content]]

SubDomainizer SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascript present in the given URL. This tool also finds S3 buckets, cloudfront URL’s and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and a similar case for cloudfront. It also scans inside the given folder which contains your files. Cloud Storage Services Supported: SubDomainizer can find URL for following cloud storage services: 1. Amazon AWS services (cloudfront and S3 buckets) 2. Digitalocean spaces 3. Microsoft Azure 4. Google Cloud Services 5. Dreamhost 6. RackCDN. Changelog v2.0 SANs Feature: Added a feature to find Subject Alternative Names for already found subdomains from different sources. Two options can be used with -san argument i.e. all or same. same will find only subdomains for TLD of the URL. all will find all (sub)domains having the same SAN for a given subdomain. Secret Location Feature: Added a feature to display the location of secrets. Inline in case if secret(s) found within the page (used in -u argument) URL of file in case if secret(s) found on External JS file or Github URL or File path (in case of the folder). [hide][Hidden Content]]

Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall. View the full article

Microsoft compiled HTML Help and uncompiled .chm files can be leveraged for XML external entity injection attacks. View the full article

CyberArk Enterprise Password Vault versions 10.7 and below suffer from an XML external entity injection vulnerability. View the full article

[Hidden Content]

BlogEngine version 3.3 suffers from an XML external entity injection vulnerability. View the full article

Improvements -Load faster -All the current plugins added -None external internet connection (NanoCore uses a local SQL data base to store information, there's nothing i can do to remove it) -No Base64 problem anymore Credits to Alcatraz3222 for crack and Lollipop for posting [Hidden Content] File is Clean @CrypterHacker [Hidden Content]