Cracking WiFi Passwords with Aircrack-ng
Sreeraj_K/cracking-wifi-passwords-with-aircrack-ng-b5a1db4caf32" rel="nofollow">https://medium.com/@Sreeraj_K/cracking-wifi-passwords-with-aircrack-ng-b5a1db4caf32
Chaining N-days to Compromise All: Part 3 — Windows Driver LPE
https://blog.theori.io/chaining-n-days-to-compromise-all-part-3-windows-driver-lpe-medium-to-system-12f7821d97bb
manual map unsigned driver over signed memory
https://github.com/0mWindyBug/GhostMapperUM
What're you telling me, Ghidra?
https://byte.how/posts/what-are-you-telling-me-ghidra
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224
Zero-E: Automates the entire network enumeration process in a fire-and-forget manner, among many more functions. Zero effort, zero error network enumeration
https://github.com/Inscyght/Zero-E
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000
Part: 1 ○● Part: 2
AutoGeaconC2:
One-click reading of Profile and automatic generation of geacon to enable cross-platform launch of CobaltStrike
https://github.com/TryGOTry/AutoGeaconC2
interceptor: Sample Rust Hooking Engine
https://github.com/Kharos102/interceptor
Malware Development with C - Establishing Persistence
https://lsecqt.github.io/Red-Teaming-Army/malware-development/malware-development-with-c---basic-persistence
CVE-2024-30851: Jasmin ransomware web panel path traversal PoC
https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc
Don’t Trust the Cache: Exposing Web Cache Poisoning and Deception vulnerabilities
https://anasbetis023.medium.com/dont-trust-the-cache-exposing-web-cache-poisoning-and-deception-vulnerabilities-3a829f221f52
WIFI Credential Dumping
https://www.r-tec.net/r-tec-blog-wifi-credential-dumping.html
memhv: Minimalistic hypervisor with memory introspection capabilities
https://github.com/SamuelTulach/memhv
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
https://github.com/ricardojoserf/NativeDump
eJPT v2 Exam Review: Cracking the eLearnSecurity’s Junior Penetration Tester Certification
vimukthiwishvajith/ejpt-v2-exam-review-cracking-the-elearnsecuritys-junior-penetration-tester-certification-a24f3b962541" rel="nofollow">https://medium.com/@vimukthiwishvajith/ejpt-v2-exam-review-cracking-the-elearnsecuritys-junior-penetration-tester-certification-a24f3b962541
Exploit CVE-2023-36047 Windows Authentication EoP
https://github.com/Wh04m1001/UserManagerEoP
Reverse Tunnels in Go over HTTP/3 and QUIC
https://github.com/flipt-io/reverst
CVE-2024-2887: Type Confusion in WebAssembly
https://docs.google.com/document/d/e/2PACX-1vTwx4dFVn8RpuTZVfp10C96Ioto0_zaRCl769CCx5eJXYNe967-_r44qixJA1H9Fr38biynxR22g7u9/pub
CVE-2024-31345: WordPress Auto Poster plugin <= 1.2 - Arbitrary File Upload vulnerability
https://github.com/Chokopikkk/CVE-2024-31345_exploit
JiaTansSSHAgent: Simple SSH Agent that implements some of the XZ sshd backdoor functionality
https://github.com/blasty/JiaTansSSHAgent
D-Link NAS CVE-2024-3273 Exploit Tool
https://github.com/Chocapikk/CVE-2024-3273
c2-talk: Detecting Command and Control frameworks via Sysmon and Windows Event Logging
https://github.com/eric-conrad/c2-talk
AI Researcher: is an AI agent that utilizes Claude 3 and SERPAPI to perform comprehensive research on a given topic
https://github.com/mshumer/ai-researcher
FreeAskInternet: is a completely free, private and locally running search aggregator & answer generate using LLM, without GPU needed. The user can ask a question and the system will make a multi engine search and combine the search result to the ChatGPT3.5 LLM and generate the answer based on search results
https://github.com/nashsu/FreeAskInternet
script to enumerate users in a domain without known credentials using rid cycling and null session with rpcclient
https://gist.github.com/naksyn/8204c76cda2541e72668fa065ba94c09
The Human Element in Cybersecurity: Understanding Trust and Social Engineering
https://www.blackhillsinfosec.com/understanding-trust-and-social-engineering
Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
GraphSpy: The Swiss Army Knife for Attacking M365 & Entra
https://insights.spotit.be/2024/04/05/graphspy-the-swiss-army-knife-for-attacking-m365-entra
RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass
https://github.com/CsEnox/EventViewer-UACBypass
Persistence – DLL Proxy Loading
https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading
