CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands
https://github.com/W01fh4cker/CVE-2023-20198-RCE
Hello: I’m your Domain Admin and I want to authenticate against you
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you
18 vulnerabilities in Brocade SANnav
https://pierrekim.github.io/blog/2024-04-24-brocade-sannav-18-vulnerabilities
IOS Penetration Testing: Guide to Static Analysis
adityasawant00/ios-penetration-testing-guide-to-static-analysis-4a9dea5d672d" rel="nofollow">https://medium.com/@adityasawant00/ios-penetration-testing-guide-to-static-analysis-4a9dea5d672d
An Analysis of the DHEat DoS Against SSH in Cloud Environments
https://www.positronsecurity.com/blog/2024-04-23-an-analysis-of-dheat-dos-against-ssh-in-cloud-environments
Scanner for CVE-2024-4040 VFS Sandbox Escape in CrushFTP
https://github.com/airbus-cert/CVE-2024-4040
PoC for CVE-2024-27199: RCE, Admin Account Creation, Enum Users, Server Information
https://github.com/Stuub/RCity-CVE-2024-27199
CVE-2024-21111: Oracle VirtualBox LPE
Oracle VirtualBox Prior to 7.0.16 is vulnerable to Local Privilege Escalation via Symbolic Link Following leading to Arbitrary File Delete and Arbitrary File Move
https://github.com/mansk1es/CVE-2024-21111
A Detailed Guide on Pwncat
https://www.hackingarticles.in/a-detailed-guide-on-pwncat
Bypass Paywalls Clean for Firefox
https://github.com/bpc-clone/bypass-paywalls-firefox-clean
Bypass Paywalls Clean for Chrome
https://github.com/bpc-clone/bypass-paywalls-chrome-clean
A series of methods used to detect kernel shellcode for tencent game safe race 2024
https://github.com/rogxo/search
New Backdoor, MadMxShell
https://www.zscaler.com/blogs/security-research/malvertising-campaign-targeting-it-teams-madmxshell
Analysis of Pupy RAT Used in Attacks Against Linux Systems
https://asec.ahnlab.com/en/64258
etw hook (syscall/infinity hook) compatible with the latest Windows version of PG
https://github.com/Oxygen1a1/etw_hook_latest
KExecDD:
Admin to Kernel code execution using the KSecDD driver
https://github.com/floesen/KExecDD
PasteBomb C2-less RAT: is a simple, yet powerful, remote administration Trojan (RAT) that allows you to execute terminal commands, send (D)DoS attacks, download files, and open messages in your victim's browser
https://github.com/marco-liberale/PasteBomb
pyMetaTwin: Copy metadata and digital signatures information from one Windows executable to another using Wine on a non-Windows platform
https://github.com/Cerbersec/pyMetaTwin
The Dark Side of EDR: Repurpose EDR as an Offensive Tool
https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool
Grafana backend sql injection affected all version
https://fdlucifer.github.io/2024/04/22/grafana-sql-injection
Dauthi: is a tool designed to perform authentication attacks against various Mobile Device Management (MDM) solutions
https://github.com/emptynebuli/dauthi
ToddyCat is making holes in your infrastructure
https://securelist.com/toddycat-traffic-tunneling-data-extraction-tools
Heavily obfuscated ASP web shell generation tool
https://github.com/fin3ss3g0d/ASPJinjaObfuscator
No, LLM Agents can not Autonomously Exploit One-day Vulnerabilities
https://struct.github.io/auto_agents_1_day
How I Prevented a Mass Data Breach - $15,000 bounty
https://bxmbn.medium.com/how-i-prevented-a-mass-data-breach-15-000-bounty-bxmbn-1096e6400e3d
How Did I Easily Find Stored XSS at Apple And Earn $5000 ?
xrypt0/how-did-i-easily-find-stored-xss-at-apple-and-earn-5000-3aadbae054b2" rel="nofollow">https://medium.com/@xrypt0/how-did-i-easily-find-stored-xss-at-apple-and-earn-5000-3aadbae054b2
HackerToolkit offers a curated selection of tools designed to enhance your hacking capabilities. This repository not only organizes these tools but provides information about them. Easily install all of them with one script
https://github.com/ChrisJr404/HackerToolkit
BlackHat ASIA 2024 Slides
https://github.com/onhexgroup/Conferences/tree/main/BlackHat%20ASIA%202024-Slides
Backdooring Dotnet Applications
https://starkeblog.com/backdooring/dotnet/2024/04/19/backdooring-dotnet-applications
PoC for CVE-2024-20356:
A Command Injection vulnerability in Cisco's CIMC
https://github.com/nettitude/CVE-2024-20356
MagicDot: A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
https://github.com/SafeBreach-Labs/MagicDot
CelestialSpark: A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust
https://github.com/Karkas66/CelestialSpark
Fake Dialog Boxes to Make Malware More Convincing
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-dialog-boxes-to-make-malware-more-convincing