Defender Exclusions Creator BOF
https://github.com/EspressoCake/Defender-Exclusions-Creator-BOF
Apt style exploitation of Chrome 0day CVE-2023-4357
https://github.com/OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools
https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools
https://github.com/SafeBreach-Labs/PoolParty
Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari
https://www.intruder.io/research/split-second-dns-rebinding-in-chrome-and-safari
Unicode XSS via Combining Characters
https://gist.github.com/paj28/86c7b8f37371d89c9a36ed0280fcf450
Unhooking EDR by remapping ntdll.dll
https://bobvanderstaak.medium.com/unhooking-edr-by-remapping-ntdll-dll-101a99887dfe
godap: A complete TUI for LDAP written in Golang
https://github.com/Macmod/godap
Cueing up a calculator: an introduction to exploit development on Linux
https://github.blog/2023-12-06-cueing-up-a-calculator-an-introduction-to-exploit-development-on-linux
Fuzzing APIs
https://hackysterio.medium.com/fuzzing-apis-73d9f5cdf156
Javascript Analysis to SQL injection
https://melguerdawi.medium.com/javascript-analysis-to-sql-injection-ca763f9c4c4e
Pentest Muse: Building an AI agent that can automate parts of pentesting jobs. This application utilizes advanced algorithms and techniques to simulate penetration testing activities, aiming to streamline and enhance the efficiency of security testing processes
https://github.com/pentestmuse-ai/PentestMuse
Kali Linux 2023.4 Release
(Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)
https://www.kali.org/blog/kali-linux-2023-4-release
Virus.xcheck: is a Python tool designed to verify the existence of file hashes in the Virus Exchange database
https://github.com/lewiswigmore/Virus.xcheck
ownCloud exploits for CVE-2023-49105
https://github.com/ambionics/owncloud-exploits
Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-headers-and-hardcoded-static-strings-2d7bb4e46d64
Simple Shellcode Runner in Rust Language
https://github.com/CyberSecurityUP/shellcode-runner-rust
Pentesting with Secure LDAP and LDAP Channel Binding
https://rootsecdev.medium.com/pentesting-with-secure-ldap-and-ldap-channel-binding-fd5baa0f7345
RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall
https://blog.nviso.eu/2023/12/08/rpc-or-not-here-we-log-preventing-exploitation-and-abuse-with-rpc-firewall
Oktajacking: Making Okta do keylogging for you
https://pushsecurity.com/blog/oktajacking
Elevating Privileges with SeBackupPrivilege on Windows
https://infosecwriteups.com/elevating-privileges-with-sebackupprivilege-on-windows-107bd34befa2
CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
VMProtect Source Code
https://github.com/jmpoep/vmprotect-3.5.1
Critical misconfiguration in Firebase — Bug bounty
facu.tha/critical-misconfiguration-in-firebase-e682ec4239d6" rel="nofollow">https://medium.com/@facu.tha/critical-misconfiguration-in-firebase-e682ec4239d6
Rise of Broken Access Control
rafinrahmanchy/rise-of-broken-access-control-51356916235f" rel="nofollow">https://medium.com/@rafinrahmanchy/rise-of-broken-access-control-51356916235f
PDF Upload Leading to Stored XSS
katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee" rel="nofollow">https://medium.com/@katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee
Obfuscator: Native code PE bin2bin obfuscator
https://github.com/es3n1n/obfuscator
Blind CSS Exfiltration: exfiltrate unknown web pages
https://portswigger.net/research/blind-css-exfiltration
BYOVD: Finding and exploiting process killer drivers with LOL
https://github.com/BlackSnufkin/BYOVD
BlueNoroff: new Trojan attacking macOS users
https://securelist.com/bluenoroff-new-macos-malware
SharpTokenFinder: A C# implementation of TokenFinder. Enumerates M365 Desktop Office applications for plain text authentication tokens
https://github.com/HuskyHacks/SharpTokenFinder
