hacker_trick | Unsorted

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Subscribe to a channel

Hacker tricks

Persistence – Disk Clean-up
https://pentestlab.blog/2024/01/29/persistence-disk-clean-up

Читать полностью…

Hacker tricks

Ultra-Sophisticated 0day APT SuperMalware Proxy EXE
https://gist.github.com/DanielGibson/f4ea4d46fc279d64a2d35a326e7a1a88

Читать полностью…

Hacker tricks

MyDumbEDR: This repo contains all the necessary files to run the MyDumbEDR and try to bypass
https://github.com/sensepost/mydumbedr

Читать полностью…

Hacker tricks

Proof-of-concept code for the Android APEX key reuse vulnerability described in https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys

Читать полностью…

Hacker tricks

Automated Multi UAC bypass
for win10|win11|ws2019|ws2022
https://github.com/x0xr00t/Automated-MUlti-UAC-Bypass

Читать полностью…

Hacker tricks

Trigona Ransomware in 3 Hours
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours

Читать полностью…

Hacker tricks

Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current process
https://github.com/ProcessusT/EnumSSN

Читать полностью…

Hacker tricks

Code-generated P/Invoke signatures
https://github.com/ZeroPointSecurity/PInvoke

Читать полностью…

Hacker tricks

ExecIT: DLL Shellcode self-inyector/runner based on HWSyscalls, ideally thought to be executed with rundll32
https://github.com/florylsk/ExecIT

Читать полностью…

Hacker tricks

Top-GPTs: Run popular GPTs without the need for ChatGPT Plus subscription
https://github.com/Anil-matcha/Top-GPTs

Читать полностью…

Hacker tricks

SOAPHound: is a .NET data collector tool, which collects Active Directory data via the Active Directory Web Services (ADWS) protocol.
SOAPHound is able to extract the same information without directly communicating to the LDAP server
https://github.com/FalconForceTeam/SOAPHound

Читать полностью…

Hacker tricks

MemRunner: A Simple Linux Loader
https://github.com/T0k1To/MemRunner

Читать полностью…

Hacker tricks

ADCS Attack Paths in BloodHound — Part 1
https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
Rust for Cyber Security and Red Teaming
https://infosecwriteups.com/rust-for-cyber-security-and-red-teaming-275595d3fdec

Читать полностью…

Hacker tricks

Frameless BITB: A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx
https://github.com/waelmas/frameless-bitb

Читать полностью…

Hacker tricks

EventLogCrasher: PoC for a bug, that allows any user to crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain
https://github.com/floesen/EventLogCrasher

Читать полностью…

Hacker tricks

Jumpserver Preauth RCE Exploit Chain
https://sites.google.com/site/zhiniangpeng/blogs/Jumpserver

Читать полностью…

Hacker tricks

ThievingFox: is a collection of post-exploitation tools to gather credentials from various password managers and windows utilities
https://github.com/Slowerzs/ThievingFox

Читать полностью…

Hacker tricks

A direct improvement to remote TLS Injection
https://github.com/Uri3n/Advanced-TLS-Injection

Читать полностью…

Hacker tricks

BOFHound: Session Integration
https://posts.specterops.io/bofhound-session-integration-7b88b6f18423

Читать полностью…

Hacker tricks

Exploit for Real World CTF 6th RIPTC
https://github.com/N1ghtu/RWCTF6th-RIPTC

Читать полностью…

Hacker tricks

Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spoofing-802-11-wireless-beacon-management-frames-with-manipulated-power-values-resulting-in-denial-of-service-for-wireless-clients

Читать полностью…

Hacker tricks

Write XLL Dropper in c++ , a red teams most used dropper , learn how to be like a red teams and APT groups by building your XLL Dropper
https://github.com/EvilGreys/XLL-DROPPER-

Читать полностью…

Hacker tricks

CsWhispers: Source generator to add D/Invoke and indirect syscall methods to a C# project
https://github.com/rasta-mouse/CsWhispers

Читать полностью…

Hacker tricks

Pwn2Own Automotive 2024 - Day Three Results
https://www.thezdi.com/blog/2024/1/25/pwn2own-automotive-2024-day-three-results

Читать полностью…

Hacker tricks

Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability Leading to RCE
https://github.com/h4x0r-dz/CVE-2024-23897

Читать полностью…

Hacker tricks

SyscallMeMaybe: Implementation of Indirect Syscall technique to pop an innocent calc.exe
https://github.com/oldboy21/SyscallMeMaybe

Читать полностью…

Hacker tricks

Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl

Читать полностью…

Hacker tricks

Hiding payloads in Java source code strings
https://portswigger.net/research/hiding-payloads-in-java-source-code-strings

Читать полностью…

Hacker tricks

CVE-2024-0204 Authentication Bypass in GoAnywhere MFT
https://github.com/horizon3ai/CVE-2024-0204
CVE-2023-4863 Heap buffer overflow in Google libwebp (WebP)
https://github.com/LiveOverflow/webp-CVE-2023-4863
CVE-2023-22527 RCE using SSTI in Confluence
https://github.com/Vozec/CVE-2023-22527

Читать полностью…

Hacker tricks

1.6_C2: Using the Counter Strike 1.6 RCON protocol as a C2 Channel
https://github.com/eversinc33/1.6_C2

Читать полностью…
Subscribe to a channel