http-garden: Differential testing and fuzzing of HTTP servers and proxies
https://github.com/narfindustries/http-garden
SqlmapXPlus: is based on Sqlmap, a second version of the classic database vulnerability exploitation tool
https://github.com/co01cat/SqlmapXPlus
SiCat: is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively
https://github.com/justakazh/sicat
Jenkins Exploit GUI
https://github.com/TheBeastofwar/JenkinsExploit-GUI
Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager
http://www.pentestpartners.com/security-blog/hacking-electronic-flight-bags-airbus-navblue-flysmart-manager
Vulnerability: runc process.cwd and leaked fds container breakout (CVE-2024-21626)
https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout
PoC:
https://github.com/Wall1e/CVE-2024-21626-POC
Unmanaged .NET Patching: A proof-of-concept for patching managed .NET function from unmanaged code
https://github.com/outflanknl/unmanaged-dotnet-patch
Exploiting Entra ID for Stealthier Persistence and Privilege Escalation using the Federated Authentication’s Secondary Token-signing Certificate
https://medium.com/tenable-techblog/stealthy-persistence-privesc-in-entra-id-by-using-the-federated-auth-secondary-token-signing-cert-876b21261106
XML External Entity injection with error-based data exfiltration
https://infosecwriteups.com/xml-external-entity-injection-with-error-based-data-exfiltration-985b063ec820
Jumpserver Preauth RCE Exploit Chain
https://sites.google.com/site/zhiniangpeng/blogs/Jumpserver
ThievingFox: is a collection of post-exploitation tools to gather credentials from various password managers and windows utilities
https://github.com/Slowerzs/ThievingFox
A direct improvement to remote TLS Injection
https://github.com/Uri3n/Advanced-TLS-Injection
BOFHound: Session Integration
https://posts.specterops.io/bofhound-session-integration-7b88b6f18423
Exploit for Real World CTF 6th RIPTC
https://github.com/N1ghtu/RWCTF6th-RIPTC
Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spoofing-802-11-wireless-beacon-management-frames-with-manipulated-power-values-resulting-in-denial-of-service-for-wireless-clients
pphack: The Most Advanced Client-Side Prototype Pollution Scanner
https://github.com/edoardottt/pphack
NetHunter Hacker XII: Master Social Engineering using SET
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set
HTTP/2 based downgrade and smuggle scanner
https://github.com/Moopinger/smugglefuzz
Backdoor Activator Malware Running Rife Through Torrents of macOS Apps
https://www.sentinelone.com/blog/backdoor-activator-malware-running-rife-through-torrents-of-macos-apps
Havoc C2 with AV/EDR Bypass Methods in 2024 (Part 1)
sam.rothlisberger/havoc-c2-with-av-edr-bypass-methods-in-2024-part-1-733d423fc67b" rel="nofollow">https://medium.com/@sam.rothlisberger/havoc-c2-with-av-edr-bypass-methods-in-2024-part-1-733d423fc67b
PoC for CVE-2024-20931 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
https://github.com/GlassyAmadeus/CVE-2024-20931
ICS and OT threat predictions for 2024
https://securelist.com/ksb-ics-predictions-2024
Uncovering USB Malware's Hidden Depths
https://www.mandiant.com/resources/blog/unc4990-evolution-usb-malware
ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign
https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign
Unveiling the intricacies of DiceLoader
https://blog.sekoia.io/unveiling-the-intricacies-of-diceloader
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal
https://www.akamai.com/blog/security-research/fritzfrog-botnet-new-capabilities-log4shell
Pawn Storm Uses Brute Force and Stealth Again
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth
Bypass NTLM Message Integrity Check - Drop the MIC
https://www.blackhillsinfosec.com/bypass-ntlm-message-integrity-check-drop-the-mic
Persistence – Disk Clean-up
https://pentestlab.blog/2024/01/29/persistence-disk-clean-up
Ultra-Sophisticated 0day APT SuperMalware Proxy EXE
https://gist.github.com/DanielGibson/f4ea4d46fc279d64a2d35a326e7a1a88
MyDumbEDR: This repo contains all the necessary files to run the MyDumbEDR and try to bypass
https://github.com/sensepost/mydumbedr
Proof-of-concept code for the Android APEX key reuse vulnerability described in https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys
Читать полностью…
Automated Multi UAC bypass
for win10|win11|ws2019|ws2022
https://github.com/x0xr00t/Automated-MUlti-UAC-Bypass
Trigona Ransomware in 3 Hours
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours
Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current process
https://github.com/ProcessusT/EnumSSN
