CVE-2024-2887: Type Confusion in WebAssembly
https://docs.google.com/document/d/e/2PACX-1vTwx4dFVn8RpuTZVfp10C96Ioto0_zaRCl769CCx5eJXYNe967-_r44qixJA1H9Fr38biynxR22g7u9/pub
CVE-2024-31345: WordPress Auto Poster plugin <= 1.2 - Arbitrary File Upload vulnerability
https://github.com/Chokopikkk/CVE-2024-31345_exploit
JiaTansSSHAgent: Simple SSH Agent that implements some of the XZ sshd backdoor functionality
https://github.com/blasty/JiaTansSSHAgent
D-Link NAS CVE-2024-3273 Exploit Tool
https://github.com/Chocapikk/CVE-2024-3273
c2-talk: Detecting Command and Control frameworks via Sysmon and Windows Event Logging
https://github.com/eric-conrad/c2-talk
AI Researcher: is an AI agent that utilizes Claude 3 and SERPAPI to perform comprehensive research on a given topic
https://github.com/mshumer/ai-researcher
FreeAskInternet: is a completely free, private and locally running search aggregator & answer generate using LLM, without GPU needed. The user can ask a question and the system will make a multi engine search and combine the search result to the ChatGPT3.5 LLM and generate the answer based on search results
https://github.com/nashsu/FreeAskInternet
script to enumerate users in a domain without known credentials using rid cycling and null session with rpcclient
https://gist.github.com/naksyn/8204c76cda2541e72668fa065ba94c09
The Human Element in Cybersecurity: Understanding Trust and Social Engineering
https://www.blackhillsinfosec.com/understanding-trust-and-social-engineering
Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
GraphSpy: The Swiss Army Knife for Attacking M365 & Entra
https://insights.spotit.be/2024/04/05/graphspy-the-swiss-army-knife-for-attacking-m365-entra
RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass
https://github.com/CsEnox/EventViewer-UACBypass
Persistence – DLL Proxy Loading
https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading
PassTester: is a tool for finding user passwords that are most vulnerable to dictionary attacks
https://github.com/Elymaro/PassTester
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
https://www.trendmicro.com/en_us/research/24/d/earth-freybug
Apple CPU encryption hack
https://www.kaspersky.com/blog/apple-cpu-encryption-vulnerability
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224
Zero-E: Automates the entire network enumeration process in a fire-and-forget manner, among many more functions. Zero effort, zero error network enumeration
https://github.com/Inscyght/Zero-E
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000
Part: 1 ○● Part: 2
AutoGeaconC2:
One-click reading of Profile and automatic generation of geacon to enable cross-platform launch of CobaltStrike
https://github.com/TryGOTry/AutoGeaconC2
interceptor: Sample Rust Hooking Engine
https://github.com/Kharos102/interceptor
Malware Development with C - Establishing Persistence
https://lsecqt.github.io/Red-Teaming-Army/malware-development/malware-development-with-c---basic-persistence
CVE-2024-30851: Jasmin ransomware web panel path traversal PoC
https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc
Don’t Trust the Cache: Exposing Web Cache Poisoning and Deception vulnerabilities
https://anasbetis023.medium.com/dont-trust-the-cache-exposing-web-cache-poisoning-and-deception-vulnerabilities-3a829f221f52
WIFI Credential Dumping
https://www.r-tec.net/r-tec-blog-wifi-credential-dumping.html
memhv: Minimalistic hypervisor with memory introspection capabilities
https://github.com/SamuelTulach/memhv
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
https://github.com/ricardojoserf/NativeDump
Rev-Shell: Basic script to generate reverse shell payloads, generally most used in ctf
https://github.com/washingtonP1974/Rev-Shell
From OneNote to RansomNote: An Ice Cold Intrusion
https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion
Lord Of The Ring0 - Part 6 | Conclusion
https://idov31.github.io/posts/lord-of-the-ring0-p6
ImageIO, the infamous iOS Zero Click Attack Vector
https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO
