CVE-2024-20697: Windows Libarchive RCE Vulnerability
https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
The Windows Registry Adventure
1: Introduction and research results
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
2: A brief history of the feature
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster
https://rhinosecuritylabs.com/research/cve-2024-2448-kemp-loadmaster
IronSharpPack: is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then reflective load the C# project
https://github.com/BC-SECURITY/IronSharpPack
CVE-2024-21338: Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled
https://github.com/hakaioffsec/CVE-2024-21338
Using the LockBit builder to generate targeted ransomware
https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware
How I got JS Execution (DOM XSS) Via CSTI
amrkadry7/how-i-got-js-execution-dom-xss-via-csti-58a4171c2963" rel="nofollow">https://medium.com/@amrkadry7/how-i-got-js-execution-dom-xss-via-csti-58a4171c2963
Horus: is an all-in-one encompassing tool for investigations assistance, from API leveraging to compiling data too
https://github.com/6abd/horus
Branch History Injection
https://www.vusec.net/projects/bhi-spectre-bhb
CVE-2024-26817: Potential Integer Overflow Leading To Heap Overflow in AMD KFD
https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd
WAREED-DNS-C2: is a Command and Control (C2) that utilizes the DNS protocol for secure communications between the server and the target
https://github.com/Faisal-P27/WAREED-DNS-C2
A collection of awesome one-liners for bug bounty hunting
https://github.com/0xPugal/One-Liners
A trick, the story of exploiting CVE-2024-26230 - Windows EoP - bypassing XFG
https://whereisk0shl.top/post/a-trick-the-story-of-cve-2024-26230
CVE-2024-20670 Report
"New Outlook" NTLM Leak and File Execution
https://mpizzicaroli.github.io/missfile
obfus.h: is a macro-only library for compile-time obfuscating C applications, designed specifically for the Tiny C (tcc).
It is tailored for Windows x86 and x64 platforms and supports all versions of the compiler
https://github.com/DosX-dev/obfus.h
Chaining N-days to Compromise All:
Part 4 — VMware Workstation Information leakage
https://blog.theori.io/chaining-n-days-to-compromise-all-part-4-vmware-workstation-information-leakage-44476b05d410
I Found An IDOR Flaw where users' attached pictures and documents were leaked
Ajakcybersecurity/i-found-an-idor-flaw-where-users-attached-pictures-and-documents-were-leaked-961d564ce72f" rel="nofollow">https://medium.com/@Ajakcybersecurity/i-found-an-idor-flaw-where-users-attached-pictures-and-documents-were-leaked-961d564ce72f
LetMeowIn: LSASS dumper using C++ and MASM x64
https://github.com/Meowmycks/LetMeowIn
HTB CTF: Cracking Passwords with Hashcat
https://infosecwriteups.com/htb-ctf-cracking-passwords-with-hashcat-6a932514e5c8
DceRPC-OS-Info: Golang implements obtaining Windows remote host information through dcerpc and ntlmssp
https://github.com/W01fh4cker/DceRPC-OS-Info
Story of a strange IDOR without ID
https://m7arm4n.medium.com/story-of-a-strange-idor-without-id-6735fd3dcd27
Unauthorized Admin Account Access via Google Authentication
https://nullr3x.medium.com/unauthorized-admin-account-access-via-google-authentication-a38d42577ac9
Understanding ETW Patching
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
https://unit42.paloaltonetworks.com/cve-2024-3400
HSC24RedTeamInfra:
Slides and Codes used for the workshop Red Team Infrastructure Automation
https://github.com/dazzyddos/HSC24RedTeamInfra
certReport: A tool to support the reporting of Authenticode Certificates by reducing the effort on individuals to report
https://github.com/Squiblydoo/certReport
XSS Bypass Filters
https://github.com/Edr4/XSS-Bypass-Filters
CreateRCE — Yet Another Vulnerability in CreateUri [Zero click RCE in Outlook]
https://www.akamai.com/blog/security-research/2024/apr/critical-vulnerability-create-uri-remote-code-execution
CVE-2024-3400: PAN-OS Firewall Exploit Script
https://github.com/DrewskyDev/CVE-2024-3400
gelion bypass: is a tool designed to bypass the authentication system of "keyauth" whilst also dumping
https://github.com/byte2mov/gelion-bypass
