Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current process
https://github.com/ProcessusT/EnumSSN
ExecIT: DLL Shellcode self-inyector/runner based on HWSyscalls, ideally thought to be executed with rundll32
https://github.com/florylsk/ExecIT
Top-GPTs: Run popular GPTs without the need for ChatGPT Plus subscription
https://github.com/Anil-matcha/Top-GPTs
SOAPHound: is a .NET data collector tool, which collects Active Directory data via the Active Directory Web Services (ADWS) protocol.
SOAPHound is able to extract the same information without directly communicating to the LDAP server
https://github.com/FalconForceTeam/SOAPHound
ADCS Attack Paths in BloodHound — Part 1
https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
Rust for Cyber Security and Red Teaming
https://infosecwriteups.com/rust-for-cyber-security-and-red-teaming-275595d3fdec
Frameless BITB: A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx
https://github.com/waelmas/frameless-bitb
EventLogCrasher: PoC for a bug, that allows any user to crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain
https://github.com/floesen/EventLogCrasher
InjectKit: This repository contains modified versions of the Cobalt Strike Process Injection Kit
https://github.com/REDMED-X/InjectKit
ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals
https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals
How Threat Actors Leveraged HAR Files To Attack Okta’s Customers
https://www.rezonate.io/blog/har-files-attack-okta-customers
Atlassian Confluence - Remote Code Execution (CVE-2023-22527)
https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution
GraphStrike: is a suite of tools that enables Cobalt Strike's HTTPS Beacon to use Microsoft Graph API for C2 communications
https://github.com/RedSiege/GraphStrike
Writeup and exploit for CVE-2023-45777, bypass for Intent validation inside AccountManagerService on Android 13 despite "Lazy Bundle" mitigation
https://github.com/michalbednarski/TheLastBundleMismatch
Write XLL Dropper in c++ , a red teams most used dropper , learn how to be like a red teams and APT groups by building your XLL Dropper
https://github.com/EvilGreys/XLL-DROPPER-
CsWhispers: Source generator to add D/Invoke and indirect syscall methods to a C# project
https://github.com/rasta-mouse/CsWhispers
Pwn2Own Automotive 2024 - Day Three Results
https://www.thezdi.com/blog/2024/1/25/pwn2own-automotive-2024-day-three-results
Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability Leading to RCE
https://github.com/h4x0r-dz/CVE-2024-23897
SyscallMeMaybe: Implementation of Indirect Syscall technique to pop an innocent calc.exe
https://github.com/oldboy21/SyscallMeMaybe
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl
Hiding payloads in Java source code strings
https://portswigger.net/research/hiding-payloads-in-java-source-code-strings
CVE-2024-0204 Authentication Bypass in GoAnywhere MFT
https://github.com/horizon3ai/CVE-2024-0204
CVE-2023-4863 Heap buffer overflow in Google libwebp (WebP)
https://github.com/LiveOverflow/webp-CVE-2023-4863
CVE-2023-22527 RCE using SSTI in Confluence
https://github.com/Vozec/CVE-2023-22527
1.6_C2: Using the Counter Strike 1.6 RCON protocol as a C2 Channel
https://github.com/eversinc33/1.6_C2
Building Windows Shellcode in Linux
https://github.com/defparam/win_shellcode_builder
Cracked software beats gold: new macOS backdoor stealing cryptowallets
https://securelist.com/new-macos-backdoor-crypto-stealer
the Google search bar enough to hack Belgian companies?
https://blog.nviso.eu/2024/01/22/is-the-google-search-bar-enough-to-hack-belgium-companies
Domain Escalation – Backup Operator
https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator
Remote TLS Callback Injection:
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
https://github.com/Maldev-Academy/RemoteTLSCallbackInjection