iOS 16.5.1 safari RCE Analysis (CVE-2023–37450)
enki-techblog/ios-16-5-1-safari-rce-analysis-cve-2023-37450-89bb8583bebc" rel="nofollow">https://medium.com/@enki-techblog/ios-16-5-1-safari-rce-analysis-cve-2023-37450-89bb8583bebc
Abusing the SeRelabelPrivilege
https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege
RelabelAbuse:
https://github.com/decoder-it/RelabelAbuse
Vex: Autonomous RouterOS configuration analyzer to find security issues
https://github.com/casterbyte/Vex
Loading ShellCode without executable permissions
https://github.com/HackerCalico/No_X_Memory_ShellCodeLoader
Windows Active DIrectory Pentesting documentation
https://github.com/mranv/adPentest
A Command-Line Tool for Microsoft Graph API Exploration
https://github.com/dazzyddos/GraphShell
OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"
https://github.com/ic3qu33n/OffensiveCon24-uefi-task-of-the-translator
Injecting code into PPL processes without vulnerable drivers
https://github.com/Slowerzs/PPLSystem
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack
How to achieve eternal persistence in an Active Directory environment - Part 1
https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence
CVE-2024-4956 Unauthenticated Path Traversal in Nexus Repository Manager 3
https://github.com/erickfernandox/CVE-2024-4956
Offensive IoT for Red Team Implants (Part 3)
https://www.blackhillsinfosec.com/offensive-iot-for-red-team-implants-part-3
Official writeups for Business CTF 2024: The Vault Of Hope
https://github.com/hackthebox/business-ctf-2024
CVE-2024-21683 Confluence Authenticated RCE
https://github.com/W01fh4cker/CVE-2024-21683-RCE
Java (JSP) - Bring Your Own Jar
https://red.0xbad53c.com/red-team-operations/initial-access/webshells/java-jsp-bring-your-own-jar
Chrome Renderer 1day RCE via Type Confusion in Async Stack Trace (CVE-2023-6702)
https://github.com/kaist-hacking/CVE-2023-6702
Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )
https://github.com/Zeyad-Azima/CVE-2024-27348
CVE-2024-24919 [Check Point Security Gateway Information Disclosure]
https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
https://github.com/ambionics/cnext-exploits
germy is an N_GSM Linux kernel privilege escalation exploit for versions 5.15-rc1 to 6.6-rc1
https://github.com/roddux/germy
AMSIBypassPatch.ps1:
This PowerShell script applies a memory patch to bypass the Antimalware Scan Interface (AMSI), allowing unrestricted execution of PowerShell commands
https://github.com/okankurtuluss/AMSIBypassPatch
UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now
https://github.com/sexyiam/UAC-Bypass
Reimplementation of the KExecDD DSE bypass technique
https://github.com/lem0nSec/Dsebler
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region
https://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV
Pwn2Own Toronto 2022 :
A 9-year-old bug in MikroTik RouterOS
https://devco.re/blog/2024/05/24/pwn2own-toronto-2022-a-9-year-old-bug-in-mikrotik-routeros-en
AMSI Bypass via VEH: A PowerShell AMSI Bypass technique via Vectored Exception Handler (VEH)
https://github.com/vxCrypt0r/AMSI_VEH
New ransomware group abusing BitLocker
https://securelist.com/ransomware-abuses-bitlocker
Old new email attacks
https://blog.slonser.info/posts/email-attacks
How to create your own mythic agent in C
https://red-team-sncf.github.io/how-to-create-your-own-mythic-agent-in-c
Nuking Weak Shellcode Hacker Hashes
https://karma-x.io/blog/post/30
Format String Exploitation: A Hands-On Exploration for Linux
https://blog.nviso.eu/2024/05/23/format-string-exploitation-a-hands-on-exploration-for-linux
TrollAMSI: This new technique is called "Reflection with method swapping"
https://github.com/cybersectroll/TrollAMSI
LetMeowIn – Analysis of a Credential Dumper
https://www.binarydefense.com/resources/blog/letmeowin-analysis-of-a-credential-dumper
ANSI Escape Injection Vulnerability in WinRAR
https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983
