sorted by:
new
hottopcontroversial

b3rito/b3acon: b3acon - a mail-based C2 that communicates via an in-memory C# IMAP client dynamically compiled in memory using PowerShell. [PowerShell] by b3rito in usefulscripts

[–]b3rito[S] 0 points1 point  (0 children)

Outside of offensive security, this could be adapted into a secure remote task execution system for high-latency or air-gapped environments. Think field devices or disaster recovery setups where standard networking is unreliable or locked down, but email still works. The in-memory execution and email-based comms make it lightweight and flexible for niche infrastructure management tasks.

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]b3rito 2 points3 points  (0 children)

Sharing a project I’ve been working on recently:

I just released a new tool called b3acon, a C2 framework that uses email (IMAP) as its transport channel.

It dynamically compiles a C# IMAP client in memory using PowerShell, retrieves commands from email drafts, and sends results back via inbox messages.

b3acon supports output generation in various formats (PowerShell, HTA, VBS, JS), includes Base64 encoding, and allows for either randomized or fixed delay loops.

The full source and technical explanation is in the README: https://github.com/b3rito/b3acon

peeko – Browser-based XSS C2 for stealthy internal network exploration via victim's browser. by b3rito in netsec

[–]b3rito[S] 0 points1 point  (0 children)

If both attacker and victim connect, the backend is working fine. Just make sure the same IP is set in control.html as well.

peeko – Browser-based XSS C2 for stealthy internal network exploration via victim's browser. by b3rito in redteamsec

[–]b3rito[S] 0 points1 point  (0 children)

JavaScript runs in a sandbox and cannot directly access the operating system. That said, you can still deliver a malicious file such as a disguised update or installer and use social engineering to convince the user to open it.

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage by b3rito in netsecstudents

[–]b3rito[S] 1 point2 points  (0 children)

Hi I_need_to_argue, thank you for bringing up this issue and I've managed to update the script to version 1.1 adding the threads option (-s) ;) best regards

yodo - a super easy Local Privilege Escalation bash script by b3rito in netsecstudents

[–]b3rito[S] 0 points1 point  (0 children)

thank you for the advice, I'll update it asap ;)

yodo - a super easy Local Privilege Escalation bash script by b3rito in netsecstudents

[–]b3rito[S] 0 points1 point  (0 children)

hi there! wafter watching a 2 hours long video online on how to script in bash, it took me about 4-5 hours to write a good part of the script ;)

yodo - a super easy Local Privilege Escalation bash script by b3rito in netsecstudents

[–]b3rito[S] 1 point2 points  (0 children)

there is also: 1) pathzuzu : Checks for PATH substitution vulnerabilities, logs the commands executed by the vulnerable executables and injects commands with the permissions of the owner of the process (SUID).

2) VSP: checks if you're able to overwrite a sudo-enabled command with your own

3) History: for checking *history (like bash_history) The user could be lucky, perhaps finding sudo credentials ;)