Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server
https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
https://blog.doyensec.com/2024/07/02/cspt2csrf.html
Race Conditions Found in Open-source IAM Solution Keycloak
https://www.cyberark.com/resources/threat-research-blog/you-cant-always-win-racing-the-keycloak
DojoLoader: Generic PE loader for fast prototyping evasion techniques
https://github.com/naksyn/DojoLoader
Building Casper's Shadow
https://nao-sec.org/2024/06/building-caspers-shadow
CVE-2024-6387 a signal handler race condition in OpenSSH's server (sshd)
https://github.com/zgzhang/cve-2024-6387-poc
CVE-2024-6387_Check:
https://github.com/xaitax/CVE-2024-6387_Check
ApexLdr: is a DLL Payload Loader written in C
https://github.com/Cipher7/ApexLdr
Sinon: Modular Windows Burn-In Automation with Generative AI for Deception
https://github.com/referefref/sinon
SharpIncrease can bypass many security measures and can be used with various file extensions
https://github.com/mertdas/SharpIncrease
An AWS Administrator Identity Crisis: Part 1
https://posts.specterops.io/an-aws-administrator-identity-crisis-part-1-919e6171ec0a
Attacks Against Linux SSH Services
https://asec.ahnlab.com/en/66695
Attackers Exploiting Public Cobalt Strike Profiles
https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles
OTP Bypass through Session Manipulation
n4if/otp-bypass-through-session-manipulation-d73deceaa42f" rel="nofollow">https://medium.com/@n4if/otp-bypass-through-session-manipulation-d73deceaa42f
Binary Golf 5 - Linux shellcoding ideas
https://github.com/yo-yo-yo-jbo/bggp5_linux_shellcode
Find Sensitive Data’s using via network analysis
test123cybertest/find-sensitive-datas-using-via-network-analysis-make-me-250-a0b23b0cb03b" rel="nofollow">https://medium.com/@test123cybertest/find-sensitive-datas-using-via-network-analysis-make-me-250-a0b23b0cb03b
A Novel DoS Vulnerability affecting WebRTC Media Servers
https://www.rtcsec.com/article/novel-dos-vulnerability-affecting-webrtc-media-servers
Using AI to hunt for XSS
deadoverflow/using-ai-to-hunt-for-xss-e04ba8d32ba8" rel="nofollow">https://medium.com/@deadoverflow/using-ai-to-hunt-for-xss-e04ba8d32ba8
EDRPrison: leverages a legitimate WFP callout driver, WinDivert, to effectively silence EDR systems
https://github.com/senzee1984/EDRPrison
Shellcode-Loader: This PowerShell script demonstrates advanced techniques including shellcode injection, dynamic function invocation, and PowerShell script obfuscation
https://github.com/EvilBytecode/Shellcode-Loader
Uncover Bluetooth Vulnerabilities with BlueToolkit
https://www.mobile-hacker.com/2024/07/02/uncover-bluetooth-vulnerabilities-with-bluetoolkit
Evading Event Tracing for Windows (ETW)-Based Detections
https://s4dbrd.com/evading-etw-based-detections
ItsNotASecurityBoundary: is an exploit that leverages False File Immutability assumptions in Windows Code Integrity (ci.dll) to trick it into accepting an improperly-signed security catalog containing fraudulent authentihashes
https://github.com/gabriellandau/ItsNotASecurityBoundary
CVE-2024-34102: Unauthenticated Magento XXE
https://github.com/th3gokul/CVE-2024-34102
Ransomware written in go, encrypt - decrypt
https://github.com/EvilBytecode/ThunderKitty-Ransomware
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, VM Detect package
https://github.com/EvilBytecode/PyDefender
Escaping the Sandbox On Windows - HITB x PHDays 2024
https://github.com/edwardzpeng/presentations/tree/main/HITB%20x%20PHDays%202024
Putting the C2 in C2loudflare
https://labs.jumpsec.com/putting-the-c2-in-c2loudflare
Polyfill supply chain attack hits 100K+ sites
https://sansec.io/research/polyfill-supply-chain-attack
PoC and Exploit for CVE-2024-29943
A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE
https://github.com/bjrjk/CVE-2024-29943
rust toolchain with obfuscation llvm pass
https://github.com/0xlane/ollvm-rust
AWS “Segmentation Test” Methodology for Pentesters
alt3kx/my-aws-segmentation-test-methodology-for-pentesters-v1-0-bc110753c1e9" rel="nofollow">https://medium.com/@alt3kx/my-aws-segmentation-test-methodology-for-pentesters-v1-0-bc110753c1e9
MSC Dropper is a Python script designed to automate the creation of MSC (Microsoft Management Console) files with customizable payloads for arbitrary execution
https://github.com/ZERODETECTION/MSC_Dropper
