BenignHunter: is a simple tool to try and identify which native api's are deemed benign by EDRs and are therefore not hooked
https://github.com/Allevon412/BenignHunter
Forensic Investigation Operations — Windows Base I
brsdncr/forensic-investigation-operations-windows-base-i-ca28d9982729" rel="nofollow">https://medium.com/@brsdncr/forensic-investigation-operations-windows-base-i-ca28d9982729
CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61
https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898
Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle
https://www.zerodayinitiative.com/blog/2024/7/16/announcing-pwn2own-ireland-2024
The Return of Ghost Emperor’s Demodex
https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit
Windows Installer, exploiting Common Actions
https://blog.doyensec.com/2024/07/18/custom-actions.html
Red Team C2 Framework, using No X Loader technology
https://github.com/HackerCalico/Magic_C2
How to Analyze Malicious MSI Installer Files
https://intezer.com/blog/incident-response/how-to-analyze-malicious-msi-installer-files
PwnedBoot: This is a proof-of-concept payload that can replace mcupdate_<platform>.dll, which will get loaded by the Windows bootloader (winload.efi) even when Secure Boot is enabled
https://github.com/SamuelTulach/PwnedBoot
Remotely Enumerate sessions using undocumented Windows Station APIs
https://github.com/0xv1n/RemoteSessionEnum
DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Pentesting Active Directory - Complete Guide | Part 6
https://hacklido.com/blog/867-pentesting-active-directory-complete-guide-part-6
Loading ShellCode without executable permission
https://github.com/HackerCalico/No_X_Memory_ShellCode_Loader
PoC for:
CVE-2024-38094
CVE-2024-38024
CVE-2024-38023
MS-SharePoint-July-Patch-RCE-PoC
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
Slides and demo videos of my talk "10 Years of Windows Privilege Escalations with Potatoes" at Troopers 24
https://github.com/decoder-it/Troopers24
Lsass Dump using MiniDump Method and Direct Syscall Technique
https://github.com/CyberSecurityUP/LsassDumpSyscall
ZeroHVCI accomplishes arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers
https://github.com/zer0condition/ZeroHVCI
Electron JS ASAR Integrity Bypass
https://blog.souravkalal.tech/electron-js-asar-integrity-bypass-431ac4269ed5
HotPage: Story of a signed, vulnerable, ad-injecting driver
https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver
Container Breakouts: Escape Techniques in Cloud Environments
https://unit42.paloaltonetworks.com/container-escape-techniques
PoC for CVE-2023-20872 VMware Escape
https://github.com/ze0r/vmware-escape-CVE-2023-20872-poc
How to Bypass Golang SSL Verification
https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification
Mass Exploit - CVE-2024-29824 - Ivanti EPM - Remote Code Execution (RCE)
https://github.com/codeb0ss/CVE-2024-29824-PoC
Kernel exploit for Xbox SystemOS using CVE-2024-30088
https://github.com/exploits-forsale/collateral-damage
Reverse shell listener and payload generator designed to work on most Linux targets
https://github.com/tantosec/oneshell
IHxExec: Process injection alternative
https://github.com/CICADA8-Research/IHxExec
Universal Code Execution by Chaining Messages in Browser Extensions
https://spaceraccoon.dev/universal-code-execution-browser-extensions
VMware vCenter - CVE-2024-37081 Proof of Concept
https://github.com/Mr-r00t11/CVE-2024-37081
PoC for CVE-2024-4885 Progress WhatsUp Gold GetFileWithoutZip Unauthenticated RCE
https://github.com/sinsinology/CVE-2024-4885
PoC for Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009)
https://github.com/sinsinology/CVE-2024-5009
HEVD Exploit (Windows 10 22H2): BufferOverflowNonPagedPoolNx - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion
https://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2
Windows Rootkits (and Bootkits) Guide v2
https://artemonsecurity.blogspot.com/2024/07/windows-rootkits-and-bootkits-guide-v2.html
