Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
GraphSpy: The Swiss Army Knife for Attacking M365 & Entra
https://insights.spotit.be/2024/04/05/graphspy-the-swiss-army-knife-for-attacking-m365-entra
RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass
https://github.com/CsEnox/EventViewer-UACBypass
Persistence – DLL Proxy Loading
https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading
PassTester: is a tool for finding user passwords that are most vulnerable to dictionary attacks
https://github.com/Elymaro/PassTester
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
https://www.trendmicro.com/en_us/research/24/d/earth-freybug
Apple CPU encryption hack
https://www.kaspersky.com/blog/apple-cpu-encryption-vulnerability
Bypassing DOMPurify with good old XML
https://flatt.tech/research/posts/bypassing-dompurify-with-good-old-xml
Tapping into the potential of Memory Dump Emulation
https://blahcat.github.io/posts/2024/01/27/tapping-into-the-potential-of-memory-dump-emulation
NetScout: OSINT tool that finds domains, subdomains, directories, endpoints and files for a given seed URL
https://github.com/caio-ishikawa/netscout
SSHishing – Abusing Shortcut Files and the Windows SSH Client for Initial Access
https://redsiege.com/blog/2024/04/sshishing-abusing-shortcut-files-and-the-windows-ssh-client-for-initial-access
Beyond Detection SMB Staging for Antivirus Evasion
https://lsecqt.github.io/Red-Teaming-Army/malware-development/beyond-detection-smb-staging-for-antivirus-evasion
K8S and Docker Vulnerability Check for CVE-2024-3094
https://github.com/teyhouse/CVE-2024-3094
identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability
https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer
An ssh honeypot with the XZ backdoor CVE-2024-3094
https://github.com/lockness-Ko/xz-vulnerable-honeypot
A list of useful tools for Malware Analysis
https://github.com/ashemery/malware-tools
WIFI Credential Dumping
https://www.r-tec.net/r-tec-blog-wifi-credential-dumping.html
memhv: Minimalistic hypervisor with memory introspection capabilities
https://github.com/SamuelTulach/memhv
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
https://github.com/ricardojoserf/NativeDump
Rev-Shell: Basic script to generate reverse shell payloads, generally most used in ctf
https://github.com/washingtonP1974/Rev-Shell
From OneNote to RansomNote: An Ice Cold Intrusion
https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion
Lord Of The Ring0 - Part 6 | Conclusion
https://idov31.github.io/posts/lord-of-the-ring0-p6
ImageIO, the infamous iOS Zero Click Attack Vector
https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO
Chaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)
https://blog.theori.io/chaining-n-days-to-compromise-all-part-2-windows-kernel-lpe-a-k-a-chrome-sandbox-escape-44cb49d7a4f8
SharpConflux is a .NET application built to facilitate Confluence exploration
https://github.com/nettitude/SharpConflux
xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
https://github.com/amlweems/xzbot
This project aims to provide a fully functional, from-scratch alternative to the Cobalt Strike Beacon, providing transparency and flexibility to security professionals and enthusiasts.This project is not a reverse-engineered version of the Cobalt Strike Beacon, but a complete open source implementation. The "settings.h" file contains macros for the C2 configuration file and the user should complete it to their liking. Once you have your "settings.h" template ready, feel free to share and contribute
https://github.com/kyxiaxiang/Beacon_Source
TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability
https://github.com/Mr-xn/CVE-2023-43482
FAQ on the xz-utils backdoor
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
assist in bug bounty and web application enumeration tasks
https://github.com/HernanRodriguez1/EnumParameter
Everything I Know About the Xz Backdoor
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
backdoor in upstream xz/liblzma leading to ssh server compromise
https://www.openwall.com/lists/oss-security/2024/03/29/4