hacker_trick | Unsorted

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Subscribe to a channel

Hacker tricks

NativeThreadpool: Worker and timer callback example using solely Native Windows APIs
https://github.com/fin3ss3g0d/NativeThreadpool

Читать полностью…

Hacker tricks

MemshellKit: highly customized memory shell one-click injection tool for multiple frameworks
https://github.com/W01fh4cker/MemshellKit

Читать полностью…

Hacker tricks

Small toolkit for extracting information and dumping sensitive strings from Windows processes
https://github.com/mlcsec/proctools

Читать полностью…

Hacker tricks

A repo for TPM Sniffing greatness
https://github.com/NoobieDog/TPM-Sniffing

Читать полностью…

Hacker tricks

Towards SSH3: How HTTP/3 improves secure shells
https://blog.apnic.net/2024/02/02/towards-ssh3-how-http-3-improves-secure-shells

Читать полностью…

Hacker tricks

Hacking a Smart Home Device
https://jmswrnr.com/blog/hacking-a-smart-home-device

Читать полностью…

Hacker tricks

Initial-Registry:
it is a simple registry file that performs malicious activities when the refresh button is pressed, Such as start a malicious link, making an execution for payload, or running a malicious command line in CMD or PowerShell
https://github.com/S3N4T0R-0X0/Initial-Registry

Читать полностью…

Hacker tricks

pphack: The Most Advanced Client-Side Prototype Pollution Scanner
https://github.com/edoardottt/pphack

Читать полностью…

Hacker tricks

NetHunter Hacker XII: Master Social Engineering using SET
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set

Читать полностью…

Hacker tricks

HTTP/2 based downgrade and smuggle scanner
https://github.com/Moopinger/smugglefuzz

Читать полностью…

Hacker tricks

Backdoor Activator Malware Running Rife Through Torrents of macOS Apps
https://www.sentinelone.com/blog/backdoor-activator-malware-running-rife-through-torrents-of-macos-apps

Читать полностью…

Hacker tricks

Havoc C2 with AV/EDR Bypass Methods in 2024 (Part 1)
sam.rothlisberger/havoc-c2-with-av-edr-bypass-methods-in-2024-part-1-733d423fc67b" rel="nofollow">https://medium.com/@sam.rothlisberger/havoc-c2-with-av-edr-bypass-methods-in-2024-part-1-733d423fc67b

Читать полностью…

Hacker tricks

PoC for CVE-2024-20931 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
https://github.com/GlassyAmadeus/CVE-2024-20931

Читать полностью…

Hacker tricks

ICS and OT threat predictions for 2024
https://securelist.com/ksb-ics-predictions-2024
Uncovering USB Malware's Hidden Depths
https://www.mandiant.com/resources/blog/unc4990-evolution-usb-malware
ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign
https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign
Unveiling the intricacies of DiceLoader
https://blog.sekoia.io/unveiling-the-intricacies-of-diceloader
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal
https://www.akamai.com/blog/security-research/fritzfrog-botnet-new-capabilities-log4shell
Pawn Storm Uses Brute Force and Stealth Again
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth

Читать полностью…

Hacker tricks

Bypass NTLM Message Integrity Check - Drop the MIC
https://www.blackhillsinfosec.com/bypass-ntlm-message-integrity-check-drop-the-mic

Читать полностью…

Hacker tricks

MultiDump: is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly, without triggering Defender alerts, with a handler written in Python
https://github.com/Xre0uS/MultiDump

Читать полностью…

Hacker tricks

Exploring the (Not So) Secret Code of Black Hunt Ransomware
https://www.rapid7.com/blog/post/2024/02/05/exploring-the-not-so-secret-code-of-blackhunt-ransomware-2

Читать полностью…

Hacker tricks

Disable Windows Defender
(+ UAC Bypass, + Upgrade to SYSTEM)
https://github.com/EvilGreys/Disable-Windows-Defender-

Читать полностью…

Hacker tricks

WoWMIPS
MIPS Emulator for Windows
Part 1: Introduction
Part 2: Mapping the executable image
Part 3: Emulating the MIPS R4000 CPU
Part 4: Windows API calls
Part 5: Additional details
Part 6: Testing

Читать полностью…

Hacker tricks

How I Hacked My College’s Site
https://infosecwriteups.com/how-i-hacked-my-colleges-site-26ae1ab872e4

Читать полностью…

Hacker tricks

Persistence – Windows Setup Script
https://pentestlab.blog/2024/02/05/persistence-windows-setup-script

Читать полностью…

Hacker tricks

http-garden: Differential testing and fuzzing of HTTP servers and proxies
https://github.com/narfindustries/http-garden

Читать полностью…

Hacker tricks

SqlmapXPlus: is based on Sqlmap, a second version of the classic database vulnerability exploitation tool
https://github.com/co01cat/SqlmapXPlus

Читать полностью…

Hacker tricks

SiCat: is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively
https://github.com/justakazh/sicat

Читать полностью…

Hacker tricks

Jenkins Exploit GUI
https://github.com/TheBeastofwar/JenkinsExploit-GUI

Читать полностью…

Hacker tricks

Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager
http://www.pentestpartners.com/security-blog/hacking-electronic-flight-bags-airbus-navblue-flysmart-manager

Читать полностью…

Hacker tricks

Vulnerability: runc process.cwd and leaked fds container breakout (CVE-2024-21626)
https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout
PoC:
https://github.com/Wall1e/CVE-2024-21626-POC

Читать полностью…

Hacker tricks

Unmanaged .NET Patching: A proof-of-concept for patching managed .NET function from unmanaged code
https://github.com/outflanknl/unmanaged-dotnet-patch

Читать полностью…

Hacker tricks

Exploiting Entra ID for Stealthier Persistence and Privilege Escalation using the Federated Authentication’s Secondary Token-signing Certificate
https://medium.com/tenable-techblog/stealthy-persistence-privesc-in-entra-id-by-using-the-federated-auth-secondary-token-signing-cert-876b21261106

Читать полностью…

Hacker tricks

XML External Entity injection with error-based data exfiltration
https://infosecwriteups.com/xml-external-entity-injection-with-error-based-data-exfiltration-985b063ec820

Читать полностью…
Subscribe to a channel