Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android
3 ways to get Remote Code Execution in Kafka UI
https://github.blog/2024-07-22-3-ways-to-get-remote-code-execution-in-kafka-ui
The Security Principle Every Attacker Needs to Follow
https://posts.specterops.io/the-security-principle-every-attacker-needs-to-follow-905cc94ddfc6
Wyvern is a kernel driver designed to facilitate the transmission and reception of memory from any process via the computer's kernel
https://github.com/SnyakoCode/wyvernkernel
Lsass Dump using MiniDump Method and Direct Syscall Technique
https://github.com/CyberSecurityUP/LsassDumpSyscall
ZeroHVCI accomplishes arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers
https://github.com/zer0condition/ZeroHVCI
Electron JS ASAR Integrity Bypass
https://blog.souravkalal.tech/electron-js-asar-integrity-bypass-431ac4269ed5
HotPage: Story of a signed, vulnerable, ad-injecting driver
https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver
Container Breakouts: Escape Techniques in Cloud Environments
https://unit42.paloaltonetworks.com/container-escape-techniques
PoC for CVE-2023-20872 VMware Escape
https://github.com/ze0r/vmware-escape-CVE-2023-20872-poc
How to Bypass Golang SSL Verification
https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification
Mass Exploit - CVE-2024-29824 - Ivanti EPM - Remote Code Execution (RCE)
https://github.com/codeb0ss/CVE-2024-29824-PoC
Kernel exploit for Xbox SystemOS using CVE-2024-30088
https://github.com/exploits-forsale/collateral-damage
Reverse shell listener and payload generator designed to work on most Linux targets
https://github.com/tantosec/oneshell
Universal Code Execution by Chaining Messages in Browser Extensions
https://spaceraccoon.dev/universal-code-execution-browser-extensions
View State, The unpatchable IIS forever day being actively exploited
https://zeroed.tech/blog/viewstate-the-unpatchable-iis-forever-day-being-actively-exploited
JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory
https://srcincite.io/blog/2024/07/21/jndi-injection-rce-via-path-manipulation-in-memoryuserdatabasefactory
BenignHunter: is a simple tool to try and identify which native api's are deemed benign by EDRs and are therefore not hooked
https://github.com/Allevon412/BenignHunter
Forensic Investigation Operations — Windows Base I
brsdncr/forensic-investigation-operations-windows-base-i-ca28d9982729" rel="nofollow">https://medium.com/@brsdncr/forensic-investigation-operations-windows-base-i-ca28d9982729
CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61
https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898
Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle
https://www.zerodayinitiative.com/blog/2024/7/16/announcing-pwn2own-ireland-2024
The Return of Ghost Emperor’s Demodex
https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit
Windows Installer, exploiting Common Actions
https://blog.doyensec.com/2024/07/18/custom-actions.html
Red Team C2 Framework, using No X Loader technology
https://github.com/HackerCalico/Magic_C2
How to Analyze Malicious MSI Installer Files
https://intezer.com/blog/incident-response/how-to-analyze-malicious-msi-installer-files
PwnedBoot: This is a proof-of-concept payload that can replace mcupdate_<platform>.dll, which will get loaded by the Windows bootloader (winload.efi) even when Secure Boot is enabled
https://github.com/SamuelTulach/PwnedBoot
Remotely Enumerate sessions using undocumented Windows Station APIs
https://github.com/0xv1n/RemoteSessionEnum
DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Pentesting Active Directory - Complete Guide | Part 6
https://hacklido.com/blog/867-pentesting-active-directory-complete-guide-part-6