An Introduction to Chrome Exploitation
https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
A PoC to disable TamperProtection and other Defender / MDE components
https://github.com/AlteredSecurity/Disable-TamperProtection
CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters
https://github.com/TAM-K592/CVE-2024-4577
MDE_Enum: is a comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules
https://github.com/0xsp-SRD/MDE_Enum
EDR Internals for macOS and Linux
https://www.outflank.nl/blog/2024/06/03/edr-internals-macos-linux
Tools for analyzing EDR agents:
https://github.com/outflanknl/edr-internals
Guest vs Null session on Windows
https://sensepost.com/blog/2024/guest-vs-null-session-on-windows
Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)
https://github.com/sinsinology/CVE-2024-4358
How to Achieve Eternal Persistence Part 2: Outliving the Krbtgt Password Reset
https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-2
SQLi, SSRF And Code Secrets — All In One
red.whisperer/sqli-ssrf-and-code-secrets-all-in-one-a387c734c84f" rel="nofollow">https://medium.com/@red.whisperer/sqli-ssrf-and-code-secrets-all-in-one-a387c734c84f
Chrome Renderer 1day RCE via Type Confusion in Async Stack Trace (CVE-2023-6702)
https://github.com/kaist-hacking/CVE-2023-6702
Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )
https://github.com/Zeyad-Azima/CVE-2024-27348
CVE-2024-24919 [Check Point Security Gateway Information Disclosure]
https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
https://github.com/ambionics/cnext-exploits
germy is an N_GSM Linux kernel privilege escalation exploit for versions 5.15-rc1 to 6.6-rc1
https://github.com/roddux/germy
AMSIBypassPatch.ps1:
This PowerShell script applies a memory patch to bypass the Antimalware Scan Interface (AMSI), allowing unrestricted execution of PowerShell commands
https://github.com/okankurtuluss/AMSIBypassPatch
UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now
https://github.com/sexyiam/UAC-Bypass
Reimplementation of the KExecDD DSE bypass technique
https://github.com/lem0nSec/Dsebler
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region
https://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV
How do we write a shellcode to elevate privileges and gracefully return to userland?
https://mdanilor.github.io/posts/hevd-4
Kali Linux 2024.2 Release
(t64, GNOME 46 & Community Packages)
https://www.kali.org/blog/kali-linux-2024-2-release
Exploiting XXE Vulnerabilities on Microsoft SharePoint Server and Cloud via Confused URL Parsing
https://github.com/W01fh4cker/CVE-2024-30043-XXE
TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots
https://github.com/xaitax/TotalRecall
Poc for CVE-2024-32113
Apache OFBIZ Path traversal leading to RCE
https://github.com/Mr-xn/CVE-2024-32113
PoC for CVE-2024-27348
Apache HugeGraph Server Unauthenticated RCE
https://github.com/kljunowsky/CVE-2024-27348
Few lesser known tricks, quirks and features of C
https://jorenar.com/blog/less-known-c
user-kernel-syscall-hook: Combining Kernel and User-Mode Hooks for Enhanced System Monitoring
https://github.com/carlos-al/user-kernel-syscall-hook
Evading Token Protection For EntraID/M365 (2024 Edition)
https://rootsecdev.medium.com/evading-token-protection-for-entraid-m365-2024-edition-b0827407b6f5
iOS 16.5.1 safari RCE Analysis (CVE-2023–37450)
enki-techblog/ios-16-5-1-safari-rce-analysis-cve-2023-37450-89bb8583bebc" rel="nofollow">https://medium.com/@enki-techblog/ios-16-5-1-safari-rce-analysis-cve-2023-37450-89bb8583bebc
Abusing the SeRelabelPrivilege
https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege
RelabelAbuse:
https://github.com/decoder-it/RelabelAbuse
Vex: Autonomous RouterOS configuration analyzer to find security issues
https://github.com/casterbyte/Vex
Loading ShellCode without executable permissions
https://github.com/HackerCalico/No_X_Memory_ShellCodeLoader
Windows Active DIrectory Pentesting documentation
https://github.com/mranv/adPentest
A Command-Line Tool for Microsoft Graph API Exploration
https://github.com/dazzyddos/GraphShell