Fly Phishing: How to Bypass SPAM Filters
https://posts.specterops.io/fly-phishing-7d4fb56ac325
Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuse
https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO
PayloadCrypter: Go Based Crypter That Can Bypass Any Kinds Of Antivirus Products, payload crypter supports over 4 programming languages
https://github.com/EvilBytecode/PayloadCrypter
QR code SQL injection and other vulnerabilities in a popular biometric terminal
https://securelist.com/biometric-terminal-vulnerabilities
Bypassing EDR NTDS.dit protection using BlueTeam tools
0xcc00/bypassing-edr-ntds-dit-protection-using-blueteam-tools-1d161a554f9f" rel="nofollow">https://medium.com/@0xcc00/bypassing-edr-ntds-dit-protection-using-blueteam-tools-1d161a554f9f
A collection of Golang projects designed specifically for red teamers and offensive security operations
https://github.com/EvilBytecode/GoRedOps
poc and exploit for CVE-2024-37051: JetBrains IDEs
https://github.com/LeadroyaL/CVE-2024-37051-EXP
Finding the slab cache for each object in Linux kernel using static analysis
https://albocoder.github.io/exploitation/linux%20kernel/2024/06/09/KernelStaticAnalysis
OneDorkForAll: An insane list of all dorks taken from everywhere from various different sources
https://github.com/HackShiv/OneDorkForAll
Slides and Codes used for the workshop Red Team Infrastructure Automation
https://github.com/dazzyddos/HSC24RedTeamInfra
Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)
https://github.com/sinsinology/CVE-2024-29849
CVE-2024-4577: PHP CGI Argument Injection (XAMPP)
https://github.com/Chocapikk/CVE-2024-4577
How to Achieve Eternal Persistence Part 3: How to access and recover replicated secrets
https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-3
Just cpp version of msi_search which is useful for third party windows installer EoPs
https://github.com/sailay1996/msi_installed_search
Stepping Stones – A Red Team Activity Hub
https://research.nccgroup.com/2024/06/12/stepping-stones-a-red-team-activity-hub
SteppingStones:
https://github.com/nccgroup/SteppingStones
Dipping into Danger: The WARMCOOKIE backdoor
https://www.elastic.co/security-labs/dipping-into-danger
How Malware Evades EDR Detections
IglensonSecurity/dodging-the-guardian-how-malware-evades-edr-detections-72ed61896406" rel="nofollow">https://medium.com/@IglensonSecurity/dodging-the-guardian-how-malware-evades-edr-detections-72ed61896406
Phone Number OSINT in Depth
https://devilsparadise.medium.com/phone-number-osint-in-depth-b50ff3cbaf5d
Hands-on cybersecurity projects to enhance skills in phishing investigation, malware analysis, network intrusion detection, and DDoS attack response
https://github.com/0xrajneesh/Incident-Response-Projects-for-Beginners
BenevolentLoader: Shellcode loader using direct syscalls via Hell's Gate and payload encryption
https://github.com/jakobfriedl/BenevolentLoader
CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
https://github.com/varwara/CVE-2024-26229
PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required)
https://github.com/BlackSnufkin/Invoke-DumpMDEConfig
Develop your own C# Obfuscator
https://www.ribbiting-sec.info/posts/2024-06-05_csharp_obfuscator
An Introduction to Chrome Exploitation
https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/