Arbitrary 1-click Azure tenant takeover via MS application
https://falconforce.nl/arbitrary-1-click-azure-tenant-takeover-via-ms-application
Coffee: is a loader for ELF (Executable and Linkable Format) object files written in Rust. It provides a mechanism to load and parse ELF files similar to COFFLoader, but specifically designed for ELF files used in Unix-like systems
https://github.com/Sndav/coffee
Find This Easy CSRF in Every Website- A Sweet P4
Ajakcybersecurity/find-this-easy-csrf-in-every-website-a-sweet-p4-372a3198bf47" rel="nofollow">https://medium.com/@Ajakcybersecurity/find-this-easy-csrf-in-every-website-a-sweet-p4-372a3198bf47
Horacius (IAM) - Local privilege escalation, even without a Windows account
https://blog.pridesec.com.br/en/horacius-unauthenticated-privilege-escalation
Embed A Malicious Executable in a Normal PDF or EXE
sam.rothlisberger/embed-a-malicious-executable-in-a-normal-pdf-or-exe-81ee5339707e" rel="nofollow">https://medium.com/@sam.rothlisberger/embed-a-malicious-executable-in-a-normal-pdf-or-exe-81ee5339707e
LSASS rings KsecDD ext. 0
Overview of the recent KexecDD exploit
https://tierzerosecurity.co.nz/2024/04/29/kexecdd.html
OSCP Prep: Introducing My Runbooks —RCE on Linux
Fanicia/oscp-prep-introducing-my-runbooks-rce-on-linux-44099b36aa34" rel="nofollow">https://medium.com/@Fanicia/oscp-prep-introducing-my-runbooks-rce-on-linux-44099b36aa34
PoC for CVE-2024-21345 Windows Kernel EoP
https://github.com/exploits-forsale/CVE-2024-21345
iMessage with PQ3: How this new protocol works to defend your iPhone against Post-Quantum Attacks
https://medium.com/macoclock/imessage-with-pq3-how-it-works-and-why-it-matters-for-your-iphone-3120528ee109
Windows KASLR bypass using prefetch side-channel
https://github.com/exploits-forsale/prefetch-tool
CertifiedDCOM: The Privilege Escalation Journey to Domain Admin with DCOM
https://i.blackhat.com/Asia-24/Presentations/Asia-24-Ding-CertifiedDCOM-The-Privilege-Escalation-Journey-to-Domain-Admin.pdf
Deploy an Active Directory Lab Within Minutes
https://www.blackhillsinfosec.com/deploy-an-active-directory-lab-within-minutes
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices
Exploiting embedded mitel phones for unauthenticated remote code
https://baldur.dk/blog/embedded-mitel-exploitation
CVE-2024-21111 – LPE in Oracle VirtualBox
https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox
How an empty S3 bucket can make your AWS bill explode
maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1" rel="nofollow">https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
Exploiting Vulnerabilities : The SLMail POP3 Buffer Overflow Threat
aloulouomar5/exploiting-vulnerabilities-the-slmail-pop3-buffer-overflow-threat-5cec8e5e6b10" rel="nofollow">https://medium.com/@aloulouomar5/exploiting-vulnerabilities-the-slmail-pop3-buffer-overflow-threat-5cec8e5e6b10
How LangChain and ChatGPT plugins are getting attacked by this bug
sreedeep200/how-langchain-and-chatgpt-plugins-are-getting-attacked-by-this-bug-9a47807b66a3" rel="nofollow">https://medium.com/@sreedeep200/how-langchain-and-chatgpt-plugins-are-getting-attacked-by-this-bug-9a47807b66a3
Telegram Web app XSS/Session Hijacking 1-click
pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90" rel="nofollow">https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90
Google Recaptcha Bypass less than 5 seconds
https://github.com/sarperavci/GoogleRecaptchaBypass
Automating API Vulnerability Testing Using Postman Workflows
https://haymiz.dev/security/2024/04/27/automating-apis-with-postman-workflows
Disk Group Privilege Escalation
https://www.hackingarticles.in/disk-group-privilege-escalation
AutoAppDomainHijack: Tools to automate finding AppDomain hijacks and generating payloads from shellcode
https://github.com/nbaertsch/AutoAppDomainHijack
Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR
https://exploits.forsale/24h2-nt-exploit
AWS Cloud Security Config Review using Nuclei Templates
https://blog.projectdiscovery.io/aws-cloud-security-config-review-using-nuclei-templates
PrickSense: How Cactus Exploits Qlik Sense
https://northwave-cybersecurity.com/whitepapers-articles/pricksense-how-cactus-exploits-qlik-sense
Multiple Vulnerabilities in Open Devin
(Autonomous AI Software Engineer)
https://evren.ninja/multiple-vulnerabilities-in-opendevin
A Practical Guide to PrintNightmare in 2024
https://itm4n.github.io/printnightmare-exploitation