Javascript Analysis to SQL injection
https://melguerdawi.medium.com/javascript-analysis-to-sql-injection-ca763f9c4c4e
Pentest Muse: Building an AI agent that can automate parts of pentesting jobs. This application utilizes advanced algorithms and techniques to simulate penetration testing activities, aiming to streamline and enhance the efficiency of security testing processes
https://github.com/pentestmuse-ai/PentestMuse
Kali Linux 2023.4 Release
(Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)
https://www.kali.org/blog/kali-linux-2023-4-release
Virus.xcheck: is a Python tool designed to verify the existence of file hashes in the Virus Exchange database
https://github.com/lewiswigmore/Virus.xcheck
ownCloud exploits for CVE-2023-49105
https://github.com/ambionics/owncloud-exploits
Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-headers-and-hardcoded-static-strings-2d7bb4e46d64
ADOKit: Azure DevOps Services Attack Toolkit
https://github.com/xforcered/ADOKit
SQL Brute Force leads to Bluesky Ransomware
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware
Owncloud: details about CVE-2023-49103 and CVE-2023-49105
https://www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105
Autonomous Hacking of PHP Web Applications at the Bytecode Level
https://finixbit.github.io/posts/autonomous-Hacking-of-PHP-Web-Applications-at-the-Bytecode-Level
IT threat evolution Q3 2023
https://securelist.com/it-threat-evolution-q3-2023
How GitLab's Red Team automates C2 testing
https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
https://posts.specterops.io/mythic-v3-2-highlights-interactive-tasking-push-c2-and-dynamic-file-browser-7035065e2b3d
Windows Internals / Debugging / Performance Learning Resources
https://github.com/pmatula/Windows-Internals-Debugging-Performance-Learning-Resources
Click-Once + App-Domain Injection
https://github.com/weaselsec/Click-Once-App-Domain-Injection
Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]
https://github.com/francozappa/bluffs
PDF Upload Leading to Stored XSS
katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee" rel="nofollow">https://medium.com/@katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee
Obfuscator: Native code PE bin2bin obfuscator
https://github.com/es3n1n/obfuscator
Blind CSS Exfiltration: exfiltrate unknown web pages
https://portswigger.net/research/blind-css-exfiltration
BYOVD: Finding and exploiting process killer drivers with LOL
https://github.com/BlackSnufkin/BYOVD
BlueNoroff: new Trojan attacking macOS users
https://securelist.com/bluenoroff-new-macos-malware
SharpTokenFinder: A C# implementation of TokenFinder. Enumerates M365 Desktop Office applications for plain text authentication tokens
https://github.com/HuskyHacks/SharpTokenFinder
PoCs for Kernel-mode rootkit techniques research
https://github.com/daem0nc0re/VectorKernel
EDR Evasion Techniques Using Syscalls
https://hadess.io/edr-evasion-techniques-using-syscalls
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/
https://buaq.net/go-203280
CTFCON2023-POC: This report documents a local elevation of privilege vulnerability in Active Directory Certificate Services (AD CS)
https://github.com/wh0amitz/CTFCON2023-POC
GhostDriver: is a Rust-built AV killer tool using BYOVD
https://github.com/BlackSnufkin/GhostDriver
Evading Detection With Nmap Part 2
https://infosecwriteups.com/evading-detection-with-nmap-part-2-7b4861f1377a
ServiceMove: is a POC code for an interesting lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution
https://github.com/netero1010/ServiceMove-BOF
A simple dll injector for Windows based on WINAPI's LoadLibrary function. Ring3 Injector project
https://github.com/ReFo0/injector
Building Advanced Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
https://embee-research.ghost.io/building-advanced-censys-queries-utilising-regex-bianlian
