Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes
https://dirkjanm.io/lateral-movement-and-hash-dumping-with-temporary-access-passes-microsoft-entra
Process_Ghosting: is a technique in which a process is created from a delete pending file. This means the created process is not backed by a file. This is an evasion technique
https://github.com/BlackHat-Ashura/Process_Ghosting
Burpscript adds dynamic scripting abilities to Burp Suite, allowing you to write scripts in Python or Javascript to manipulate HTTP requests and responses
https://github.com/ivision-research/burpscript
Microsoft Graph API post-exploitation toolkit
https://github.com/mlcsec/SharpGraphView
Microsoft Warbird and PMP
https://security-explorations.com/microsoft-warbird-pmp.html
Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja
https://trustedsec.com/blog/full-disclosure-a-look-at-a-recently-patched-microsoft-graph-logging-bypass-graphninja
Abusing MS Windows printing for C2 communication
https://diverto.hr/en/blog/2024-05-03-MS-Windows-Printing-C2
AMSI Write Raid 0day Bypass
https://www.offsec.com/offsec/amsi-write-raid-0day-vulnerability
SharpBruteForceSSH: This is a simple SSH brute force tool written in C#. It is designed to perform dictionary-based brute force attacks on SSH services
https://github.com/HernanRodriguez1/SharpBruteForceSSH
PartyLoader: Threadless shellcode injection tool
https://github.com/itaymigdal/PartyLoader
#Red_Team_Tactics
"Attacking Kubernetes with security best practices", v.1, April 2024.
Utilizing Discord as C2 Traffic Broker
https://lsecqt.github.io/Red-Teaming-Army/c2/utilizing-discord-as-c2-traffic-broker
NucleiScanner: is a Powerful Automation tool for detecting Unknown Vulnerabilities in the Web Applications
https://github.com/0xKayala/NucleiScanner
Relaying Kerberos Authentication from DCOM OXID Resolving
https://www.tiraniddo.dev/2024/04/relaying-kerberos-authentication-from.html
LLM Pentest: Leveraging Agent Integration For RCE
https://www.blazeinfosec.com/post/llm-pentest-agent-hacking
ShellServe: Multi-client network fileserver with integrated shell functionality, crafted in C using system calls for efficient and direct file and command processing
https://github.com/7etsuo/ShellServe
A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine
https://github.com/synacktiv/Invoke-RunAsWithCert
DnsClientX: DnsClient for .NET and PowerShell
https://github.com/EvotecIT/DnsClientX
epeius: Deploy Trojan using a Serverless approach
https://github.com/ca110us/epeius
Flutter Windows Thick Client SSL Pinning Bypass
https://blog.souravkalal.tech/flutter-windows-thick-client-ssl-pinning-bypass-492389ae1218
Real World GitLab Account Take Over
red.whisperer/real-world-gitlab-account-take-over-b2e9896a1835" rel="nofollow">https://medium.com/@red.whisperer/real-world-gitlab-account-take-over-b2e9896a1835
ModuleSpoof: So recently I thought of a way to spoof the location of a DLL. By doing this you could hide important information from an attacker
https://github.com/Oliver-1-1/ModuleSpoof
Burp Suite Professional v2024.3.1.2 + BurpBounty_Pro 2.8.0 + JDK 22
pass: 311138
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
Run with Java SE JDK 22
Detecting browser data theft using Windows Event Logs
https://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html
PPPwn - PlayStation 4 PPPoE RCE
https://github.com/TheOfficialFloW/PPPwn
PoC for wordpress takeover in CVE-2024-27956
https://github.com/diego-tella/CVE-2024-27956-RCE
From IcedID to Dagon Locker Ransomware in 29 Days
https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days
Arbitrary 1-click Azure tenant takeover via MS application
https://falconforce.nl/arbitrary-1-click-azure-tenant-takeover-via-ms-application