fraggleMay 8, 2025

On Linux systems, some of the most dangerous hacking tools are already preinstalled. Bash, curl, netcat, awk, even less — these common binaries can be chained together for stealthy attacks. They are called Linux LOLBins, short for Living Off the Land Binaries. Rather than dropping new malware, an attacker can leverage what is already there to stay undetected. Need to exfiltrate data? Use curl or scp. Want a reverse shell? Try bash or socat. Fileless persistence, privilege escalation, lateral movement — it can all happen through trusted tools.

Security is not just about locking the doors. It is about knowing which ones are left wide open by default.

#LinuxSecurity #LOLBins #LivingOffTheLand #RedTeamTips #CommandLineWarfare

DaveFeb 29, 2024
Might as well put this here also.
Write up of an attack we used at the last ISU Cyber Defense Competition
https://docs.google.com/presentation/d/e/2PACX-1vRnogaGhVwsM7gWHrtVQIx_KIYdTdKsu7Ol3ywQ5Ei8kqvfLhLpsAMRntredo6TNrELxy2YZ5LUeVqR/pub?start=false&loop=false&delayms=60000
#redteamtips #redteam
EmpireC2ProjectApr 21, 2023

Level up your #redteam game with Empire's @dropbox Listener! Leverage Dropbox API for C2 communication in red team ops! #InfoSec #redteamtips

GitHub: https://github.com/BC-SECURITY/Empire
Docs: https://bc-security.gitbook.io/empire-wiki/listeners/dropbox

GitHub - BC-SECURITY/Empire: Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. - BC-SECURITY/Empire

GitHub
Astra Kernel Apr 8, 2023

✨ Executing Shellcode with Rust, AES-256, and a Gnome Photo and bypassing EDR and AV

https://www.synercomm.com/blog/executing-shellcode-with-rust-aes-256-and-a-gnome-photo/

#rustlang #infosec #redteam #redteamtips

Executing Shellcode with Rust, AES-256, and a Gnome Photo - SynerComm

  Intro Disclaimer: this research is intended exclusively as an intellectual exercise and a means of making defenders aware of the simple possibilities with Rust malware. Using any of the provided tools or code is left to the discretion of the reader and I will not be held responsible. As Rust becomes increasingly popular, so […]

SynerComm
Astra Kernel Jan 30, 2023

✨ Cheatsheets for Pentesting

👉 A collection of snippets of codes and commands to make your life easier!

https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets

#infosec #pentesters #redteaming #redteamtips #networksecurity

GitHub - Kitsun3Sec/Pentest-Cheat-Sheets: A collection of snippets of codes and commands to make your life easier!

A collection of snippets of codes and commands to make your life easier! - GitHub - Kitsun3Sec/Pentest-Cheat-Sheets: A collection of snippets of codes and commands to make your life easier!

GitHub
Astra Kernel Jan 28, 2023

🪲 Bypassing OGNL sandboxes for fun and charities

👉 OGNL injections led to some serious remote code execution (RCE) vulnerabilities

https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/

#infosec #bugbountytips #redteamtips #pentesters

Bypassing OGNL sandboxes for fun and charities | The GitHub Blog

Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.

The GitHub Blog
Astra Kernel Jan 20, 2023

🪲 GraphQL exploitation – All you need to know

https://cybervelia.com/?p=736

🌎 A Damn Vulnerable GraphQL Web Application:

https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application

#redteamtips #redteaming #pentesters #bugbountytips #BugBounty #appsec #graphql #infosec

GraphQL exploitation – All you need to know – Cybervelia | Cyber Security

Astra Kernel Jan 18, 2023

Home Grown Red Team: Using LNK Files To Bypass Applocker

https://assume-breach.medium.com/home-grown-red-team-using-lnk-files-to-bypass-applocker-3fb1ecae291f

@assume_breach #infosec #redteam #pentesting #redteamtips

Home Grown Red Team: Using LNK Files To Bypass Applocker

The Windows LNK file is just one of the many ways to get easy execution while bypassing Applocker and some AV. While this isn’t a new concept, it does present a lot of opportunity and is still…

Medium
Astra Kernel Jan 9, 2023

🖥️ Kerbrute tool

👉 Enumerate valid AD user accounts that use Kerberos pre-authentication

👉 Password bruteforce,username enumeration,password spray

GitHub repo:
https://github.com/ropnop/kerbrute

Detailed guide:
https://www.hackingarticles.in/a-detailed-guide-on-kerbrute/

#kerberos #pentesting #redteaming #redteamtips #kali #kalilinux #infosec

GitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcing

A tool to perform Kerberos pre-auth bruteforcing. Contribute to ropnop/kerbrute development by creating an account on GitHub.

GitHub
Astra Kernel Jan 4, 2023

✨ PowerShell script that weaponizes Putty to do SSH bruteforcing

👉 A wrapper script which uses PuTTY clients (either putty.exe or plink.exe) to perform SSH login bruteforce attacks

https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer

#infosec #redteam #pentesting #redteamtips #pentesters

GitHub - InfosecMatter/SSH-PuTTY-login-bruteforcer: Turn PuTTY into an SSH login bruteforcing tool.

Turn PuTTY into an SSH login bruteforcing tool. Contribute to InfosecMatter/SSH-PuTTY-login-bruteforcer development by creating an account on GitHub.

GitHub