APT29’s Attack on Microsoft: Tracking Cozy Bear’s Footprints
https://www.cyberark.com/resources/blog/apt29s-attack-on-microsoft-tracking-cozy-bears-footprints
WERPersistence: This repository showcases a method that ingeniously exploits Windows Error Reporting (WER) for the purpose of stealthy data persistence and evasion. By embedding malicious payloads within WER reports
https://github.com/0xHossam/WERPersistence
Collection of notes, useful resources, list of tools and scripts related to Threat Detection & Incident Response
https://github.com/Jean-Francois-C/Threat-Detection-and-Incident-Response
GoCheck: a blazingly fast alternative to Matterpreter's DefenderCheck which identifies the exact bytes that Windows Defender AV by feeding byte slices to MpCmdRun.exe
https://github.com/gatariee/gocheck
HijackLoader Expands Techniques to Improve Defense Evasion
https://www.crowdstrike.com/blog/hijackloader-expands-techniques
Tumblr Subdomain Takeover
https://infosecwriteups.com/tumblr-subdomain-takeover-55f9cb494d65
JSON Smuggling: A far-fetched intrusion detection evasion technique
https://grimminck.medium.com/json-smuggling-a-far-fetched-intrusion-detection-evasion-technique-51ed8f5ee05f
MultiDump: is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly, without triggering Defender alerts, with a handler written in Python
https://github.com/Xre0uS/MultiDump
Exploring the (Not So) Secret Code of Black Hunt Ransomware
https://www.rapid7.com/blog/post/2024/02/05/exploring-the-not-so-secret-code-of-blackhunt-ransomware-2
Disable Windows Defender
(+ UAC Bypass, + Upgrade to SYSTEM)
https://github.com/EvilGreys/Disable-Windows-Defender-
WoWMIPS
MIPS Emulator for Windows
Part 1: Introduction
Part 2: Mapping the executable image
Part 3: Emulating the MIPS R4000 CPU
Part 4: Windows API calls
Part 5: Additional details
Part 6: Testing
How I Hacked My College’s Site
https://infosecwriteups.com/how-i-hacked-my-colleges-site-26ae1ab872e4
Persistence – Windows Setup Script
https://pentestlab.blog/2024/02/05/persistence-windows-setup-script
http-garden: Differential testing and fuzzing of HTTP servers and proxies
https://github.com/narfindustries/http-garden
SqlmapXPlus: is based on Sqlmap, a second version of the classic database vulnerability exploitation tool
https://github.com/co01cat/SqlmapXPlus
SiCat: is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively
https://github.com/justakazh/sicat
A Beginner’s Guide to Tracking Malware Infrastructure
https://censys.com/a-beginners-guide-to-tracking-malware-infrastructure
NidhoggScript: is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
https://github.com/Idov31/NidhoggScript
lolcerts: A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors
https://github.com/WithSecureLabs/lolcerts
BadExclusionsNWBO: is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
https://github.com/iamagarre/BadExclusionsNWBO
Puckungfu 2: Another NETGEAR WAN Command Injection
https://research.nccgroup.com/2024/02/09/puckungfu-2-another-netgear-wan-command-injection
NativeThreadpool: Worker and timer callback example using solely Native Windows APIs
https://github.com/fin3ss3g0d/NativeThreadpool
MemshellKit: highly customized memory shell one-click injection tool for multiple frameworks
https://github.com/W01fh4cker/MemshellKit
Small toolkit for extracting information and dumping sensitive strings from Windows processes
https://github.com/mlcsec/proctools
A repo for TPM Sniffing greatness
https://github.com/NoobieDog/TPM-Sniffing
Towards SSH3: How HTTP/3 improves secure shells
https://blog.apnic.net/2024/02/02/towards-ssh3-how-http-3-improves-secure-shells
Hacking a Smart Home Device
https://jmswrnr.com/blog/hacking-a-smart-home-device
Initial-Registry:
it is a simple registry file that performs malicious activities when the refresh button is pressed, Such as start a malicious link, making an execution for payload, or running a malicious command line in CMD or PowerShell
https://github.com/S3N4T0R-0X0/Initial-Registry
pphack: The Most Advanced Client-Side Prototype Pollution Scanner
https://github.com/edoardottt/pphack
NetHunter Hacker XII: Master Social Engineering using SET
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set
HTTP/2 based downgrade and smuggle scanner
https://github.com/Moopinger/smugglefuzz
