XnlReveal: A Chrome browser extension to show alerts for relfected query params, show hidden elements and enable disabled elements
https://github.com/xnl-h4ck3r/XnlReveal
RealBlindingEDR: Utilize arbitrary address read/write implementation with signed driver: completely blind or kill or permanently turn off AV/EDR
https://github.com/myzxcg/RealBlindingEDR
Turning a boring file move into a privilege escalation on Mac
https://pwn.win/2023/10/28/file-move-privesc-mac
bugbounty-gpt: A helpful gpt-based triage tool for BugCrowd bugbounty programs
https://github.com/openai/bugbounty-gpt
AMSI-Reaper: is a tool developed in both PowerShell and C# (.NET Framework v4.0) designed to bypass the Anti-Malware Scan Interface (AMSI) in Windows
https://github.com/h0ru/AMSI-Reaper
dnsresolver: a very fast dns resolver
https://github.com/ethicalhackingplayground/dnsresolver
Zero-Import-Malware: Small project looking into how we can build malware with zero-imports by dynamically resolving windows APIs using GetProcAddress and GetModuleHandle windows APIs
https://github.com/trevorsaudi/Zero-Import-Malware
PoC:
https://github.com/N1k0la-T/CVE-2023-36745
Legba: is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools
https://github.com/evilsocket/legba
Understanding DNS Tunneling Traffic in the Wild
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader
Kernel_VADInjector: Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
https://github.com/exotikcheat/Kernel_VADInjector
Zenbleed-Chrome-PoC: This repository contains a proof-of-concept for exploiting Zenbleed from Chrome using a V8 vulnerability which enbles arbitrary code execution in the renderer process
https://github.com/y11en/Zenbleed-Chrome-PoC
Jomungand: Shellcode Loader with memory evasion
https://github.com/RtlDallas/Jomungand
NovaLdr: is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities
https://github.com/BlackSnufkin/NovaLdr
OffensiveLua: is a collection of offensive security scripts written in Lua with FFI. The scripts run with LuaJIT (v2.0.5) on Microsoft Windows to perform common tasks
• Run an EXE
• Bypass UAC
• File, Networking or Registry
• Common Tasks (e.g. bind a shell)
Lua is a lesser used but very useful choice for post-exploitation scripting language. It's flexible, lightweight, easy to embed, runs interpreted or as bytecode from memory and allows for JIT to interact with the host OS libraries.
https://github.com/hackerhouse-opensource/OffensiveLua
unwyze - a Wyze Cam v3 RCE Exploit
https://github.com/blasty/unwyze
GhostTask: PoC to demonstrate creating scheduled tasks via direct registry manipulation
https://github.com/netero1010/GhostTask
Introducing CS2BR pt. III – Knees deep in Binary
https://blog.nviso.eu/2023/10/26/introducing-cs2br-pt-iii-knees-deep-in-binary
EvtPsst: This is a tool that allows you to tamper with the eventlog process without an OpenProcess Call to the EventLog process itself
https://github.com/nothingspecialforu/EvtPsst
TokenStealer: A simple tool for stealing and playing with Windows tokens
https://github.com/decoder-it/TokenStealer
Citrix Memory Leak Exploit: Leak session tokens from vulnerable Citrix ADC instances affected by CVE-2023-4966
https://github.com/Chocapikk/CVE-2023-4966
Microsoft Exchange Server CVE-2023-36745
https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745
SharpKiller: Lifetime AMSI bypass AMSI-Killer by @ZeroMemoryEx ported to .NET Framework 4.8
https://github.com/S1lkys/SharpKiller
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
https://embee-research.ghost.io/ghidra-entropy-analysis-locating-decryption-functions
Empowering Cybersecurity with Active Directory PowerShell Commands
https://infosecwriteups.com/empowering-cybersecurity-with-active-directory-powershell-commands-d61e881933e1
BEDaisy.sys report bypass
https://github.com/crtdll/bedaisy-bypass
VMware Aria Operations for Logs CVE-2023-34051
https://github.com/horizon3ai/CVE-2023-34051
AndKittyInjector: Inject a shared library into a process using ptrace
https://github.com/MJx0/AndKittyInjector
FalconHound: is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool
https://github.com/FalconForceTeam/FalconHound
