Microsoft Entra Connect: Connect Sync vs Cloud Sync
https://tierzerosecurity.co.nz/2024/05/21/ms-entra-connect-sync-mothods.html
CVE-2024-4367 arbitrary js execution in pdf js
https://github.com/s4vvysec/CVE-2024-4367-POC
ADFSDump-PS: PowerShell Implementation of ADFSDump to assist with GoldenSAML
https://github.com/ZephrFish/ADFSDump-PS
Analyzing JavaScript Files To Find Bugs
https://rajput623929.medium.com/analyzing-javascript-files-to-find-bugs-2b7d67a52c4e
IP-Hunter:
Hunt for C2 servers and phishing web sites using VirusTotal API , you can modify code to kill the malicious process
https://github.com/SaadAhla/IP-Hunter
PoC for CVE-2024-32002 Git submodules RCE
https://github.com/safebuffer/CVE-2024-32002
Understanding Malware Patching: Resources
https://medium.com/phrozen/understanding-malware-patching-resources-81650bb6190d
Freeway: WiFi Penetration Testing & Auditing Tool
https://github.com/FLOCK4H/Freeway
Muraider - Automating the detection & Exploitation of CVE-2024-32640 \ SQLi in Mura/Masa CMS
https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS
PoC for LPE bug in xbox gaming service
https://github.com/Wh04m1001/GamingServiceEoP5
PoC for CVE-2024-29895 Cacti RCE
https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC
PoC for CVE-2024-27130 QNAP RCE
https://github.com/watchtowrlabs/CVE-2024-27130
Apache-OFBiz-Directory-Traversal-exploit
https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit
ETWInspector: An Event Tracing for Windows (ETW) tool that allows you to enumerate Manifest & MOF providers, as well as collect events from desired providers
https://github.com/jsecurity101/ETWInspector
Offensive IoT for Red Team Implants (Part 2)
https://www.blackhillsinfosec.com/offensive-iot-for-red-team-implants-part-2
BlueToolkit: is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices.
Could be used in the vulnerability research, penetration testing and bluetooth hacking
https://github.com/sgxgsx/BlueToolkit
PoC for CVE-2024-27804 Apple Products Multiple Vulnerabilities
https://github.com/R00tkitSMM/CVE-2024-27804
WordPress Admin Account Creation and Reverse Shell (CVE-2024-27956)
https://github.com/AiGptCode/WordPress-Auto-Admin-Account-and-Reverse-Shell-cve-2024-27956
CVE-2024-4761 v8 oob write
https://docs.google.com/document/d/e/2PACX-1vSpCvBik81OppzMXbPjb0uRlWTdn4I1kttNSlbHtNMCT3xZJJiyKAsCcUxzNBimlBdXoKxrktlgJjOZ/pub
Bypassing WAFs to Exploit CSPT Using Encoding Levels
https://matanber.com/blog/cspt-levels
awrbacs: AWACS for RBAC. Tool for auditing CRUD permissions in Kubernetes' RBAC.
https://github.com/lobuhi/awrbacs
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive
CVE-2024-22120 Time Based SQL Injection
in Zabbix Server Audit Log --> RCE
https://github.com/W01fh4cker/CVE-2024-22120-RCE
JNDI Injection — The Complete Story
https://infosecwriteups.com/jndi-injection-the-complete-story-4c5bfbb3f6e1
Everything and anything related to password spraying
https://github.com/puzzlepeaches/awesome-password-spraying
Chrome bug chain on Viz & v8 (May 2024)
https://zerodayengineering.com/insights/chrome-viz-v8-wasm
HermitPurple is part of an extensive toolkit aimed at enhancing digital investigative capabilities within the Maltego framework
https://github.com/CyberSecurityUP/HermitPurple-Maltegoce
Payload Trends in Malicious OneNote Samples
https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples
This project can bypass most of the AC except for some perverts that enable VT to monitor page tables
https://github.com/3499409631/ReadPhysicalMemory-Without-API
OdinLdr: Cobaltstrike UDRL with memory evasion
https://github.com/RtlDallas/OdinLdr
400k Linux servers compromised for cryptotheft and financial gain
https://www.welivesecurity.com/en/eset-research/ebury-alive-unseen-400k-linux-servers-compromised-cryptotheft-financial-gain
Windows Bootkits Guide
https://artemonsecurity.blogspot.com/2024/05/windows-bootkits-guide.html
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website