GhostInjector: proof of concept dll injector which injects without a process handle, and with a thread handle instead
https://github.com/li4321/GhostInjector
Wordpress Penetration Testing
https://www.hackingdream.net/2024/04/wordpress-penetration-testing.html
Voipire: scans and exploits the RTP bleed vulnerability
https://github.com/CR-DMcDonald/voipire
Cracking WiFi Passwords with Aircrack-ng
Sreeraj_K/cracking-wifi-passwords-with-aircrack-ng-b5a1db4caf32" rel="nofollow">https://medium.com/@Sreeraj_K/cracking-wifi-passwords-with-aircrack-ng-b5a1db4caf32
Chaining N-days to Compromise All: Part 3 — Windows Driver LPE
https://blog.theori.io/chaining-n-days-to-compromise-all-part-3-windows-driver-lpe-medium-to-system-12f7821d97bb
manual map unsigned driver over signed memory
https://github.com/0mWindyBug/GhostMapperUM
What're you telling me, Ghidra?
https://byte.how/posts/what-are-you-telling-me-ghidra
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224
Zero-E: Automates the entire network enumeration process in a fire-and-forget manner, among many more functions. Zero effort, zero error network enumeration
https://github.com/Inscyght/Zero-E
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000
Part: 1 ○● Part: 2
AutoGeaconC2:
One-click reading of Profile and automatic generation of geacon to enable cross-platform launch of CobaltStrike
https://github.com/TryGOTry/AutoGeaconC2
interceptor: Sample Rust Hooking Engine
https://github.com/Kharos102/interceptor
Malware Development with C - Establishing Persistence
https://lsecqt.github.io/Red-Teaming-Army/malware-development/malware-development-with-c---basic-persistence
CVE-2024-30851: Jasmin ransomware web panel path traversal PoC
https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc
Don’t Trust the Cache: Exposing Web Cache Poisoning and Deception vulnerabilities
https://anasbetis023.medium.com/dont-trust-the-cache-exposing-web-cache-poisoning-and-deception-vulnerabilities-3a829f221f52
DLL code for testing CVE-2024-21378 in MS Outlook
https://gist.github.com/Homer28/7f3559ff993e2598d0ceefbaece1f97f
Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5
https://github.com/YuriiCrimson/ExploitGSM/
Havoc C2 Framework – A Defensive Operator’s Guide
https://www.immersivelabs.com/blog/havoc-c2-framework-a-defensive-operators-guide
Magic Bytes in Cybersecurity
Hackhoven/magic-bytes-in-cybersecurity-05e997a2c22e" rel="nofollow">https://medium.com/@Hackhoven/magic-bytes-in-cybersecurity-05e997a2c22e
eJPT v2 Exam Review: Cracking the eLearnSecurity’s Junior Penetration Tester Certification
vimukthiwishvajith/ejpt-v2-exam-review-cracking-the-elearnsecuritys-junior-penetration-tester-certification-a24f3b962541" rel="nofollow">https://medium.com/@vimukthiwishvajith/ejpt-v2-exam-review-cracking-the-elearnsecuritys-junior-penetration-tester-certification-a24f3b962541
Exploit CVE-2023-36047 Windows Authentication EoP
https://github.com/Wh04m1001/UserManagerEoP
Reverse Tunnels in Go over HTTP/3 and QUIC
https://github.com/flipt-io/reverst
CVE-2024-2887: Type Confusion in WebAssembly
https://docs.google.com/document/d/e/2PACX-1vTwx4dFVn8RpuTZVfp10C96Ioto0_zaRCl769CCx5eJXYNe967-_r44qixJA1H9Fr38biynxR22g7u9/pub
CVE-2024-31345: WordPress Auto Poster plugin <= 1.2 - Arbitrary File Upload vulnerability
https://github.com/Chokopikkk/CVE-2024-31345_exploit
JiaTansSSHAgent: Simple SSH Agent that implements some of the XZ sshd backdoor functionality
https://github.com/blasty/JiaTansSSHAgent
D-Link NAS CVE-2024-3273 Exploit Tool
https://github.com/Chocapikk/CVE-2024-3273
c2-talk: Detecting Command and Control frameworks via Sysmon and Windows Event Logging
https://github.com/eric-conrad/c2-talk
AI Researcher: is an AI agent that utilizes Claude 3 and SERPAPI to perform comprehensive research on a given topic
https://github.com/mshumer/ai-researcher
FreeAskInternet: is a completely free, private and locally running search aggregator & answer generate using LLM, without GPU needed. The user can ask a question and the system will make a multi engine search and combine the search result to the ChatGPT3.5 LLM and generate the answer based on search results
https://github.com/nashsu/FreeAskInternet
script to enumerate users in a domain without known credentials using rid cycling and null session with rpcclient
https://gist.github.com/naksyn/8204c76cda2541e72668fa065ba94c09
The Human Element in Cybersecurity: Understanding Trust and Social Engineering
https://www.blackhillsinfosec.com/understanding-trust-and-social-engineering
Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
