Zero-Import-Malware: Small project looking into how we can build malware with zero-imports by dynamically resolving windows APIs using GetProcAddress and GetModuleHandle windows APIs
https://github.com/trevorsaudi/Zero-Import-Malware
PoC:
https://github.com/N1k0la-T/CVE-2023-36745
Legba: is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools
https://github.com/evilsocket/legba
Understanding DNS Tunneling Traffic in the Wild
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader
Kernel_VADInjector: Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
https://github.com/exotikcheat/Kernel_VADInjector
Zenbleed-Chrome-PoC: This repository contains a proof-of-concept for exploiting Zenbleed from Chrome using a V8 vulnerability which enbles arbitrary code execution in the renderer process
https://github.com/y11en/Zenbleed-Chrome-PoC
Jomungand: Shellcode Loader with memory evasion
https://github.com/RtlDallas/Jomungand
NovaLdr: is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities
https://github.com/BlackSnufkin/NovaLdr
Proxy-DLL-Loads: A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls
https://github.com/kleiton0x00/Proxy-DLL-Loads
Snapshot fuzzing direct composition with WTF
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf
The single-packet attack: making remote race-conditions 'local'
https://portswigger.net/research/the-single-packet-attack-making-remote-race-conditions-local
POC for a DLL spoofer to determine DLL Hijacking
https://github.com/MitchHS/DLL-Spoofer
ServiceNow: Widget Simple List Misconfiguration Scanner
https://github.com/bsysop/servicenow
Request Encoding to Bypass Web Application Firewalls
https://soroush.me/downloadable/request-encoding-to-bypass-web-application-firewalls.pdf
Citrix Memory Leak Exploit: Leak session tokens from vulnerable Citrix ADC instances affected by CVE-2023-4966
https://github.com/Chocapikk/CVE-2023-4966
Microsoft Exchange Server CVE-2023-36745
https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745
SharpKiller: Lifetime AMSI bypass AMSI-Killer by @ZeroMemoryEx ported to .NET Framework 4.8
https://github.com/S1lkys/SharpKiller
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
https://embee-research.ghost.io/ghidra-entropy-analysis-locating-decryption-functions
Empowering Cybersecurity with Active Directory PowerShell Commands
https://infosecwriteups.com/empowering-cybersecurity-with-active-directory-powershell-commands-d61e881933e1
BEDaisy.sys report bypass
https://github.com/crtdll/bedaisy-bypass
VMware Aria Operations for Logs CVE-2023-34051
https://github.com/horizon3ai/CVE-2023-34051
AndKittyInjector: Inject a shared library into a process using ptrace
https://github.com/MJx0/AndKittyInjector
FalconHound: is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool
https://github.com/FalconForceTeam/FalconHound
A Modern Approach to Adaptive Threat Hunting Methodologies
https://www.sentinelone.com/blog/a-modern-approach-to-adaptive-threat-hunting-methodologies
CVE-2023-26369: Adobe Acrobat PDF Reader RCE when processing TTF fonts
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html
InjectHook: A lightweight C++ library designed for function interception within injected DLLs, providing a streamlined approach to modifying application behavior at runtime. Ideal for educational purposes, debugging, and dynamic software analysis
https://github.com/bgarciaoliveira/InjectHook
Shellcode_Hastur: Shellcode Reductio Entropy Tools
https://github.com/Haunted-Banshee/Shellcode-Hastur
Cisco IOS XE CVE-2023-20198 & 0Day Implant Scanner
https://github.com/ZephrFish/Cisco-IOS-XE-Scanner
CVE-2023-38545 SOCKS5 heap buffer overflow
https://github.com/d0rb/CVE-2023-38545
Uncovering SSRF via XSS in PDF Generators
https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/mobilepresent
