Thousands of Sites with Popup Builder Compromised by Balada Injector
https://blog.sucuri.net/2024/01/thousands-of-sites-with-popup-builder-compromised-by-balada-injector
Bob the Smuggler: A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)
https://github.com/TheCyb3rAlpha/BobTheSmuggler
Cybersecurity’s Defining Moments | 7 Lessons from History’s Most Infamous Breaches
https://www.sentinelone.com/blog/cybersecuritys-defining-moments-7-lessons-from-historys-most-infamous-breaches
How to hack IP Cameras easy and fast
Threat_Intelligence/how-to-hack-ip-cameras-easy-and-fast-72344c969f80" rel="nofollow">https://medium.com/@Threat_Intelligence/how-to-hack-ip-cameras-easy-and-fast-72344c969f80
Hacking APIs: Authentication & Authorization Attacks
https://iaraoz.medium.com/hacking-apis-authentication-authorization-attacks-731902f58b12
Roles allowing to abuse Entra ID federation for persistence and privilege escalation
https://medium.com/tenable-techblog/roles-allowing-to-abuse-entra-id-federation-for-persistence-and-privilege-escalation-df9ca6e58360
Hide Your CobaltStrike with CloudFlared Tunnel and Microsoft 100 Traffic%
https://github.com/EvilGreys/Hide-CobaltStrike
Payload-Generator: An aggressor script that can help automate payload building in Cobalt Strike
https://github.com/Workingdaturah/Payload-Generator
APT28: From Initial Damage to Domain Controller Threats in an Hour (CERT-UA#8399)
https://medium.com/cyberscribers-exploring-cybersecurity/apt28-from-initial-damage-to-domain-controller-threats-in-an-hour-cert-ua-8399-1944dd6edcdf
How I Prevented a Mass Data Breach - $15,000 bounty
https://bxmbn.medium.com/how-i-prevented-a-mass-data-breach-15-000-bounty-bxmbn-1096e6400e3d
Exploiting n-day in Home Security Camera
https://0xbigshaq.github.io/2024/01/05/tp-link-tapo-c100
SSHniffer: A post-compromise agent to be deployed on rooted linux machines designed to quietly listen for SSH connections. When a domain user/service connects to the linux device with a password, the agent will log the sshd process data by using strace
https://github.com/JitBox/SSHniffer
Checkmate: payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter
https://github.com/S3N4T0R-0X0/Checkmate
Stinger: CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator
https://github.com/hackerhouse-opensource/Stinger
rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump
https://github.com/0vercl0k/rp-bf.rs
Breaking the Flash Encryption Feature of Espressif's Parts
https://courk.cc/breaking-flash-encryption-of-espressif-parts
Unveiling Mobile App Secrets: A 6-Month Deep Dive into Surprising Behavior Patterns
https://www.bitdefender.com/blog/labs/unveiling-mobile-app-secrets-a-6-month-deep-dive-into-surprising-behavior-patterns
I received a Bank offer in my mailbox and discovered an IDOR vulnerability - $5,000 bounty
bxmbn/i-received-a-bank-offer-in-my-mailbox-and-discovered-an-idor-vulnerability-5-000-bounty-bxmbn-5209cab1fba8" rel="nofollow">https://medium.com/@bxmbn/i-received-a-bank-offer-in-my-mailbox-and-discovered-an-idor-vulnerability-5-000-bounty-bxmbn-5209cab1fba8
500$ Access Control Bug: Performed Restricted Actions in Developer Settings by low level user
a13h1/500-access-control-bug-performed-restricted-actions-in-developer-settings-by-low-level-user-b4ecaa6d1aa1" rel="nofollow">https://medium.com/@a13h1/500-access-control-bug-performed-restricted-actions-in-developer-settings-by-low-level-user-b4ecaa6d1aa1
The Story Behind My First Bug
https://blog.paniago.io/the-history-behind-my-first-bug-539b913b9667
BUG BOUNTY HUNTING (METHODOLOGY , TOOLS , TIPS & TRICKS , Blogs, Books)
https://infosecwriteups.com/bug-bounty-hunting-methodology-tools-tips-tricks-blogs-books-6f84cda7ce34
Moriarty combines the capabilities of Watson and Sherlock, adding enhanced scanning for newer vulnerabilities and integrating additional checks
https://github.com/BC-SECURITY/Moriarty
A collection of malware families and malware samples which use the Rust programming language
https://github.com/cxiao/rust-malware-gallery
Ghost in the Web Shell: Introducing ShellSweep
https://www.splunk.com/en_us/blog/security/ghost-in-the-web-shell-introducing-shellsweep
(Im)perfectProject(or) - Hacking a small WiFi connected projector for fun and to learn hard lessons
https://axelp.io/ImperfectProjector
MobSF Remote code execution (via CVE-2024-21633)
https://github.com/0x33c0unt/CVE-2024-21633
SSH-Snake: is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery
https://github.com/MegaManSec/SSH-Snake
SharpGhostTask: A C# port from Invoke-GhostTask
https://github.com/dmcxblue/SharpGhostTask
Collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying, Kerberos ticket analysis, SMB enumeration, and exploitation of known vulnerabilities like Zerologon and PetitPotam
https://github.com/emrekybs/AD-AssessmentKit
havoc-bloodhound: A GUI wrapper inside of Havoc to interact with bloodhound CE
https://github.com/p4p1/havoc-bloodhound