linjector-rs: Code injection on Android without ptrace
https://github.com/erfur/linjector-rs
Cyber-security-practice: ALL cyber-security-practice, include exploit loophole , web attack ,cryptographic, system explotation, developing tools and so on
https://github.com/Stander-by/Cyber-security-practice
pmesh: is an all-in-one service manager, reverse proxy, and enterprise service bus. It is designed to be a simple and powerful all-in-one replacement for a wide variety of tools commonly deployed in web services
https://github.com/pme-sh/pmesh
Passing arguments via rundll32.exe to function exported by DLL
https://stmxcsr.com/micro/rundll-parse-args.html
Automate evasion and compilation of tools
https://tierzerosecurity.co.nz/2024/03/03/teamcity-sharpwmi-evasion.html
Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762
https://github.com/BishopFox/cve-2024-21762-check
PoC for CVE-2023-50386
Apache Solr Backup/Restore APIs RCE
https://github.com/vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC
Windows and AD Pentesting cheatsheet
https://github.com/AleHelp/Windows-Pentesting-cheatsheet
Wireshark Tutorial: Exporting Objects From a Pcap
https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap
Linux Threat Hunting Persistence
https://matheuzsecurity.github.io/hacking/linux-threat-hunting-persistence
SharpLansweeperDecrypt:
Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance
https://github.com/Yeeb1/SharpLansweeperDecrypt
The Art of Domain Deception: Bifrost's New Tactic to Deceive Users
https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware
OffensiveLAM: A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or BRC4
https://github.com/vysecurity/OffensiveLAM
ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered Applications
https://github.com/StavC/ComPromptMized
Taking On A Hardened Windows System
https://assume-breach.medium.com/home-grown-red-team-taking-on-a-hardened-windows-system-f31796ad3fc2
sebel: is a Go package that provides functionality for checking SSL/TLS certificates against malicious connections, by identifying and blacklisting certificates used by botnet command and control (C&C) servers
https://github.com/teler-sh/sebel
Taking a deep dive into SmokeLoader
https://farghlymal.github.io/SmokeLoader-Analysis
OWASP Top 10 explained (3) : SQL Injection
https://lab.scub.net/owasp-top-10-3-sql-injection-78a59edba83b
APT37's ROKRAT HWP Object Linking and Embedding
https://www.0x0v1.com/rearchive-rokrat-hwp
SecretPixel: is a cutting-edge steganography tool designed to securely conceal sensitive information within images
https://github.com/x011/SecretPixel
Windows Local Privilege Escalation Cookbook
https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook
Rise in Deceptive PDF: The Gateway to Malicious Payloads
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads
0-Click Account Takeover on Facebook
https://infosecwriteups.com/0-click-account-takeover-on-facebook-e4120651e23e
Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIs
https://github.com/referefref/gitdoorcheck
How To Hunt For UEFI Malware Using Velociraptor
https://www.rapid7.com/blog/post/2024/02/29/how-to-hunt-for-uefi-malware-using-velociraptor
LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities
https://github.com/sea-erkin/log-snare
Exploiting CSP Wildcards for Google Domains
https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google