WinSOS: This technique utilizes executables within the WinSxS folder, commonly trusted by Windows, to exploit the classic DLL Search Order Hijacking method
https://github.com/thiagopeixoto/winsos-poc
ReflectiveLoading And InflativeLoading
https://winslow1984.com/books/malware/page/reflectiveloading-and-inflativeloading
First in-the-wild 0-day of 2023 🔥 CVE-2023-21674 is a vulnerability in Windows Advanced Local Procedure Call (ALPC) that could lead to a browser sandbox escape and allow attackers to gain SYSTEM privileges
https://github.com/hd3s5aa/CVE-2023-21674
EquationToolsGUI: scan and verify MS17-010, MS09-050, MS08-067 vulnerabilities
https://github.com/abc123info/EquationToolsGUI
pgAdmin (<=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE)
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce
ByassX: The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously
https://github.com/vulnableone/BypassX
Data Exfiltration: Increasing Number of Tools Leveraged by Ransomware Attackers
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-data-exfiltration
P/Invoke definitions from the now offline pinvoke•net
https://github.com/ricardojoserf/p-invoke.net
The Gitbook: https://www.p-invoke.net
Hijacking & Spoofing Context Menu Options
https://mrd0x.com/sentinelone-persistence-via-menu-context
TA577’s Unusual Attack Chain Leads to NTLM Data Theft
https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft
Using form hijacking to bypass CSP
https://portswigger.net/research/using-form-hijacking-to-bypass-csp
SharpThief: Steal a file's icon, resource information, version information, modification time, and digital signature with one click to reduce program entropy
https://github.com/INotGreen/SharpThief
How to Make Nmap Recognize New Services
https://shufflingbytes.com/posts/how-to-make-nmap-recognize-new-services
Exploit for CVE-2024-27198 - TeamCity Server
https://github.com/yoryio/CVE-2024-27198
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed
Behind the Code: Assessing Public Compile-Time Obfuscators for Enhanced OPSEC
https://trustedsec.com/blog/behind-the-code-assessing-public-compile-time-obfuscators-for-enhanced-opsec
Unknown Nim Loader using PSBypassCLM
https://medium.com/walmartglobaltech/unknown-nim-loader-using-psbypassclm-cafdf0e0f5cd
CVE-2024-1403 Progress OpenEdge Authentication Bypass
https://github.com/horizon3ai/CVE-2024-1403
MacOs Malware Dev
https://0xf00sec.github.io/2024/03/09/MacOs-X
OSX-Injection:
https://github.com/0xf00sec/OSX-Injection
IndicatorOfCanary: is a collection of PoCs from research on identifying canaries in various file formats
https://github.com/HackingLZ/IndicatorOfCanary
UAC-0050, Cracking The DaVinci Code
https://blog.bushidotoken.net/2024/03/tracking-adversaries-uac-0050-cracking.html
DefenderYara: Extracted Yara rules from Windows Defender mpavbase and mpasbase
https://github.com/roadwy/DefenderYara
Code injection on Android without ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
FuncAddressPro: demonstrates a sophisticated method of using an external assembly file to dynamically retrieve function addresses, serving as an advanced alternative to the standard GetProcAddress
https://github.com/WKL-Sec/FuncAddressPro
Cybersecurity threatscape: Q4 2023
https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2023-q4
Smishing with EvilGophish
https://fin3ss3g0d.net/index.php/2024/03/04/smishing-with-evilgophish
Persistence – Explorer
https://pentestlab.blog/2024/03/05/persistence-explorer
List of 39 Documented Windows Persistence Techniques
https://pentestlab.blog/methodologies/red-teaming/persistence
Reverse Engineering Protobuf Definitions From Compiled Binaries
https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries
How I Found Multiple XSS Vulnerabilities Using Unknown Techniques
https://infosecwriteups.com/how-i-found-multiple-xss-vulnerabilities-using-unknown-techniques-74f8e705ea0d