Loading ShellCode without executable permission
https://github.com/HackerCalico/No_X_Memory_ShellCode_Loader
PoC for:
CVE-2024-38094
CVE-2024-38024
CVE-2024-38023
MS-SharePoint-July-Patch-RCE-PoC
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
Slides and demo videos of my talk "10 Years of Windows Privilege Escalations with Potatoes" at Troopers 24
https://github.com/decoder-it/Troopers24
Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server
https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
https://blog.doyensec.com/2024/07/02/cspt2csrf.html
Race Conditions Found in Open-source IAM Solution Keycloak
https://www.cyberark.com/resources/threat-research-blog/you-cant-always-win-racing-the-keycloak
DojoLoader: Generic PE loader for fast prototyping evasion techniques
https://github.com/naksyn/DojoLoader
CVE-2024-6387 a signal handler race condition in OpenSSH's server (sshd)
https://github.com/zgzhang/cve-2024-6387-poc
CVE-2024-6387_Check:
https://github.com/xaitax/CVE-2024-6387_Check
Sinon: Modular Windows Burn-In Automation with Generative AI for Deception
https://github.com/referefref/sinon
SharpIncrease can bypass many security measures and can be used with various file extensions
https://github.com/mertdas/SharpIncrease
An AWS Administrator Identity Crisis: Part 1
https://posts.specterops.io/an-aws-administrator-identity-crisis-part-1-919e6171ec0a
Attacks Against Linux SSH Services
https://asec.ahnlab.com/en/66695
Attackers Exploiting Public Cobalt Strike Profiles
https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles
OTP Bypass through Session Manipulation
n4if/otp-bypass-through-session-manipulation-d73deceaa42f" rel="nofollow">https://medium.com/@n4if/otp-bypass-through-session-manipulation-d73deceaa42f
PoC for CVE-2024-4885 Progress WhatsUp Gold GetFileWithoutZip Unauthenticated RCE
https://github.com/sinsinology/CVE-2024-4885
PoC for Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009)
https://github.com/sinsinology/CVE-2024-5009
HEVD Exploit (Windows 10 22H2): BufferOverflowNonPagedPoolNx - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion
https://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2
Windows Rootkits (and Bootkits) Guide v2
https://artemonsecurity.blogspot.com/2024/07/windows-rootkits-and-bootkits-guide-v2.html
Using AI to hunt for XSS
deadoverflow/using-ai-to-hunt-for-xss-e04ba8d32ba8" rel="nofollow">https://medium.com/@deadoverflow/using-ai-to-hunt-for-xss-e04ba8d32ba8
EDRPrison: leverages a legitimate WFP callout driver, WinDivert, to effectively silence EDR systems
https://github.com/senzee1984/EDRPrison
Shellcode-Loader: This PowerShell script demonstrates advanced techniques including shellcode injection, dynamic function invocation, and PowerShell script obfuscation
https://github.com/EvilBytecode/Shellcode-Loader
Uncover Bluetooth Vulnerabilities with BlueToolkit
https://www.mobile-hacker.com/2024/07/02/uncover-bluetooth-vulnerabilities-with-bluetoolkit
Evading Event Tracing for Windows (ETW)-Based Detections
https://s4dbrd.com/evading-etw-based-detections
ItsNotASecurityBoundary: is an exploit that leverages False File Immutability assumptions in Windows Code Integrity (ci.dll) to trick it into accepting an improperly-signed security catalog containing fraudulent authentihashes
https://github.com/gabriellandau/ItsNotASecurityBoundary
CVE-2024-34102: Unauthenticated Magento XXE
https://github.com/th3gokul/CVE-2024-34102
Ransomware written in go, encrypt - decrypt
https://github.com/EvilBytecode/ThunderKitty-Ransomware
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, VM Detect package
https://github.com/EvilBytecode/PyDefender
Escaping the Sandbox On Windows - HITB x PHDays 2024
https://github.com/edwardzpeng/presentations/tree/main/HITB%20x%20PHDays%202024
Putting the C2 in C2loudflare
https://labs.jumpsec.com/putting-the-c2-in-c2loudflare
Polyfill supply chain attack hits 100K+ sites
https://sansec.io/research/polyfill-supply-chain-attack
PoC and Exploit for CVE-2024-29943
A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE
https://github.com/bjrjk/CVE-2024-29943