Threat Hunting - Suspicious Named pipes
https://mthcht.medium.com/threat-hunting-suspicious-named-pipes-a4206e8a4bc8
In the 3.3.5a WoW client there is a RCE that allows any private server owner to inject and run arbitrary code on your computer. This patcher will modify your WoW executable file to fix the exploit
https://github.com/stoneharry/RCEPatcher
CheckUACBypass.ps1 is a PowerShell script designed to test if certain executables can be used to bypass UAC
https://github.com/AngeTia/CheckUACBypass
BYOVD Technique Example using viragt64 driver
https://github.com/CyberSecurityUP/ProcessKiller-BYOVD
PoC for CVE-2024-40348 Bazaar v1.4.3 and prior
Will attempt to read /etc/passwd from target
https://github.com/bigb0x/CVE-2024-40348
JScripter: is a Python script designed to scrape and save unique JavaScript files from a list of URLs or a single URL
https://github.com/ifconfig-me/JScripter
How Almost Sacrificing a University Group Project led to a Microsoft Bug Bounty
pyrus369/how-almost-sacrificing-a-university-group-project-led-to-a-microsoft-bug-bounty-9801e0f8f006" rel="nofollow">https://medium.com/@pyrus369/how-almost-sacrificing-a-university-group-project-led-to-a-microsoft-bug-bounty-9801e0f8f006
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables
https://github.com/TierZeroSecurity/edr_blocker
SessionExec allows you to execute specified commands in other Sessions on Windows Systems, either targeting a specific session ID or All sessions, with the option to suppress command output
https://github.com/Leo4j/SessionExec
View State, The unpatchable IIS forever day being actively exploited
https://zeroed.tech/blog/viewstate-the-unpatchable-iis-forever-day-being-actively-exploited
JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory
https://srcincite.io/blog/2024/07/21/jndi-injection-rce-via-path-manipulation-in-memoryuserdatabasefactory
Abusing PIM-related application permissions in Microsoft Graph - Part 1
https://www.emiliensocchi.io/abusing-pim-related-application-permissions-in-microsoft-graph-part-1
A tool for manual or automatic patch shellcode into binary file Oder to bypass AV
https://github.com/yj94/BinarySpy
Process Injection using Thread Name
https://github.com/hasherezade/thread_namecalling
Database Hacking with common SQL Injection commands
redfanatic7/database-hacking-with-common-sql-injection-commands-c33b049554fe" rel="nofollow">https://medium.com/@redfanatic7/database-hacking-with-common-sql-injection-commands-c33b049554fe
Deep Sea Phishing Pt. 1
https://posts.specterops.io/deep-sea-phishing-pt-1-092a0637e2fd
Advanced SQL Injection Techniques
https://github.com/ifconfig-me/SQL_Injection-Techniques
List of Directory Traversal/LFI Payloads
https://github.com/ifconfig-me/Directory-Traversal-Payloads
SOC Home Lab
dyavanapellisujal7/soc-home-lab-part-1-6309b5b91118">Part 1 ○● dyavanapellisujal7/soc-home-lab-part-2-2a0e1f3cdca6">Part 2 ○● dyavanapellisujal7/soc-home-lab-part-3-8832e8325e80">Part 3
WhatsApp trick: Android malware can impersonate PDF file
https://www.mobile-hacker.com/2024/07/23/whatsapp-trick-android-malware-can-impersonate-pdf-file
Goffloader: A pure Go implementation of an in-memory COFFLoader (and PE loader)
https://github.com/praetorian-inc/goffloader
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android
3 ways to get Remote Code Execution in Kafka UI
https://github.blog/2024-07-22-3-ways-to-get-remote-code-execution-in-kafka-ui
The Security Principle Every Attacker Needs to Follow
https://posts.specterops.io/the-security-principle-every-attacker-needs-to-follow-905cc94ddfc6
Wyvern is a kernel driver designed to facilitate the transmission and reception of memory from any process via the computer's kernel
https://github.com/SnyakoCode/wyvernkernel