hacker_trick | Unsorted

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Subscribe to a channel

Hacker tricks

InjectKit: This repository contains modified versions of the Cobalt Strike Process Injection Kit
https://github.com/REDMED-X/InjectKit

Читать полностью…

Hacker tricks

ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals
https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals

Читать полностью…

Hacker tricks

How Threat Actors Leveraged HAR Files To Attack Okta’s Customers
https://www.rezonate.io/blog/har-files-attack-okta-customers

Читать полностью…

Hacker tricks

Atlassian Confluence - Remote Code Execution (CVE-2023-22527)
https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution

Читать полностью…

Hacker tricks

GraphStrike: is a suite of tools that enables Cobalt Strike's HTTPS Beacon to use Microsoft Graph API for C2 communications
https://github.com/RedSiege/GraphStrike

Читать полностью…

Hacker tricks

Writeup and exploit for CVE-2023-45777, bypass for Intent validation inside AccountManagerService on Android 13 despite "Lazy Bundle" mitigation
https://github.com/michalbednarski/TheLastBundleMismatch

Читать полностью…

Hacker tricks

#redteam #pentest #evasion #bypass

Читать полностью…

Hacker tricks

Security Brief: TA866 Returns with a Large Email Campaign
https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign
Parrot TDS: A Persistent and Evolving Malware Campaign
https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers

Читать полностью…

Hacker tricks

Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution
https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution

Читать полностью…

Hacker tricks

How I passed the Intigriti 0124 Challenge
rodriguezjorgex/how-i-passed-the-intigriti-0124-challenge-b6c2d1cd1b7b" rel="nofollow">https://medium.com/@rodriguezjorgex/how-i-passed-the-intigriti-0124-challenge-b6c2d1cd1b7b

Читать полностью…

Hacker tricks

LiesGate: The idea came from an interesting project called MutationGate
In summary, the LiesGate code demonstrates advanced techniques related to system function manipulation, memory permission alterations, and execution context manipulation in a Windows environment, applicable in scenarios like reverse engineering, debugging, security testing, or malware development
https://github.com/CyberSecurityUP/LiesGate

Читать полностью…

Hacker tricks

Evil-M5Core2: is an innovative tool developed for ethical testing and exploration of WiFi networks
https://github.com/7h30th3r0n3/Evil-M5Core2

Читать полностью…

Hacker tricks

Yet another C++ Cobalt Strike beacon dropper with Ntdll unhooking, PPID spoofing and custom Process hollowing
https://github.com/ProcessusT/Venoma

Читать полностью…

Hacker tricks

Dark web threats and dark market predictions for 2024
https://securelist.com/darknet-predictions-for-2024

Читать полностью…

Hacker tricks

LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time
https://github.com/janoglezcampos/llvm-yx-callobfuscator

Читать полностью…

Hacker tricks

Building Windows Shellcode in Linux
https://github.com/defparam/win_shellcode_builder

Читать полностью…

Hacker tricks

Cracked software beats gold: new macOS backdoor stealing cryptowallets
https://securelist.com/new-macos-backdoor-crypto-stealer

Читать полностью…

Hacker tricks

the Google search bar enough to hack Belgian companies?
https://blog.nviso.eu/2024/01/22/is-the-google-search-bar-enough-to-hack-belgium-companies

Читать полностью…

Hacker tricks

Domain Escalation – Backup Operator
https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator

Читать полностью…

Hacker tricks

Remote TLS Callback Injection:
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
https://github.com/Maldev-Academy/RemoteTLSCallbackInjection

Читать полностью…

Hacker tricks

Bug Hunting Methodology
https://github.com/WadQamar10/My-Hunting-Methodology-

Читать полностью…

Hacker tricks

LOLSpoof: is a an interactive shell program that automatically spoof the command line arguments of the spawned process
https://github.com/itaymigdal/LOLSpoof

Читать полностью…

Hacker tricks

The Dangers of Lateral Movement & Website Cross Contamination
https://blog.sucuri.net/2024/01/dangers-of-lateral-movement-website-cross-contamination

Читать полностью…

Hacker tricks

This repository contains proof-of-concept scripts for CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230 Bluetooth vulnerabilities in Android, Linux, macOS, iOS and Windows can be exploited to pair an emulated Bluetooth keyboard and inject keystrokes without user confirmation
https://github.com/marcnewlin/hi_my_name_is_keyboard

Читать полностью…

Hacker tricks

Calling Home, Get Your Callbacks Through RBI
https://posts.specterops.io/calling-home-get-your-callbacks-through-rbi-50633a233999

Читать полностью…

Hacker tricks

Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Читать полностью…

Hacker tricks

F31: is a bash script that hardens your Kali Linux and allows you to minimize noise in the air
https://github.com/wearecaster/F31

Читать полностью…

Hacker tricks

Cobalt Strike Profiles for EDR Evasion + SourcePoint is a C2 profile generator for Cobalt Strike
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion

Читать полностью…

Hacker tricks

Phishing using Google Sheets for Red Team Engagements
https://infosecwriteups.com/phishing-using-google-sheets-for-red-team-engagements-ac79298ddb90

Читать полностью…

Hacker tricks

LOTL: This is a fileless living off the land reverse shell written in JScript and Powershell script
https://github.com/Null-byte-00/LOTL

Читать полностью…
Subscribe to a channel