#reversing
Guide to Reversing and Exploiting iOS binaries
Part 3 - Heap Overflows on iOS ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
]-> Part 1, 2:
Guide to Reversing and Exploiting iOS binaries
Part 3 - Heap Overflows on iOS ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
]-> Part 1, 2:
Inversecos
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)
#Threat_Research
1. Specialized Zero-Knowledge Proof failures
https://blog.trailofbits.com/2022/11/29/specialized-zero-knowledge-proof-failures
2. Windows Internet Key Exchange (IKE) RCE Vulnerability Analysis (CVE-2022-34721)
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis
1. Specialized Zero-Knowledge Proof failures
https://blog.trailofbits.com/2022/11/29/specialized-zero-knowledge-proof-failures
2. Windows Internet Key Exchange (IKE) RCE Vulnerability Analysis (CVE-2022-34721)
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis
The Trail of Bits Blog
Specialized Zero-Knowledge Proof failures
Zero-knowledge (ZK) proofs are useful cryptographic tools that have seen an explosion of interest in recent years, largely due to their applications to cryptocurrency. The fundamental idea of a ZK proof is that a person with a secret piece of information…
#Blue_Team_Techniques
Get-InjectedThreadEx - Detecting Thread Creation Trampolines
https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
]-> PowerShell detection script:
https://github.com/jdu2600/Get-InjectedThreadEx
Get-InjectedThreadEx - Detecting Thread Creation Trampolines
https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
]-> PowerShell detection script:
https://github.com/jdu2600/Get-InjectedThreadEx
www.elastic.co
Get-InjectedThreadEx – Detecting Thread Creation Trampolines — Elastic Security Labs
In this blog, we will demonstrate how to detect each of four classes of process trampolining and release an updated PowerShell detection script – Get-InjectedThreadEx
#exploit
1. Linux Kernel:
UAF in Bluetooth L2CAP Handshake
https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
Infoleak in Bluetooth L2CAP Handling
https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
2. Xiongmai IoT Exploitation
https://vulncheck.com/blog/xiongmai-iot-exploitation
1. Linux Kernel:
UAF in Bluetooth L2CAP Handshake
https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
Infoleak in Bluetooth L2CAP Handling
https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
2. Xiongmai IoT Exploitation
https://vulncheck.com/blog/xiongmai-iot-exploitation
GitHub
Linux Kernel: UAF in Bluetooth L2CAP Handshake
### Summary
There are use-after-free vulnerabilities in the Linux kernel's `net/bluetooth/l2cap_core.c`'s `l2cap_connect` and `l2cap_le_connect_req` functions which may allow code executio...
There are use-after-free vulnerabilities in the Linux kernel's `net/bluetooth/l2cap_core.c`'s `l2cap_connect` and `l2cap_le_connect_req` functions which may allow code executio...
#tools
#Offensive_security
1. PwnFox - Firefox/Burp extension that provide usefull tools for your security audit
https://github.com/yeswehack/PwnFox
2. wwwtree - utility for quickly locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from filesystem to a victim machine during privilege escalation
https://github.com/t3l3machus/wwwtree
#Offensive_security
1. PwnFox - Firefox/Burp extension that provide usefull tools for your security audit
https://github.com/yeswehack/PwnFox
2. wwwtree - utility for quickly locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from filesystem to a victim machine during privilege escalation
https://github.com/t3l3machus/wwwtree
GitHub
GitHub - yeswehack/PwnFox: PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit. - yeswehack/PwnFox
#Cloud_Security
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers
Part 1: https://tutorialboy24.blogspot.com/2022/08/detailed-talk-about-k8s-cluster.html
Part 2: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers
Part 1: https://tutorialboy24.blogspot.com/2022/08/detailed-talk-about-k8s-cluster.html
Part 2: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html
Tutorial Boy
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
#Malware_analysis
1. New details on commercial spyware vendor Variston
https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston
2. HiveV5 file decryptor PoC
https://github.com/reecdeep/HiveV5_file_decryptor
1. New details on commercial spyware vendor Variston
https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston
2. HiveV5 file decryptor PoC
https://github.com/reecdeep/HiveV5_file_decryptor
Google
New details on commercial spyware vendor Variston
The Threat Analysis Group shares new information on the commercial spyware vendor Variston.
Snapfuzz.pdf
693.9 KB
#Fuzzing
"SnapFuzz: An Efficient Fuzzing Framework for Network Applications", 2022.
]-> https://google.github.io/clusterfuzz/#trophies
"SnapFuzz: An Efficient Fuzzing Framework for Network Applications", 2022.
]-> https://google.github.io/clusterfuzz/#trophies
#Blue_Team_Techniques
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools
GitHub
GitHub - NetSPI/PowerHuntShares: PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges…
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains. - NetSPI/PowerHuntShares
#Threat_Research
Dynamic Analysis of Windows Exploit Mitigations - Import Address Filtering
https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Dynamic Analysis of Windows Exploit Mitigations - Import Address Filtering
https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Medium
Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering.
~My Research process
SkyPort.pdf
414.9 KB
#Research
"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches", 2022.
"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches", 2022.
A_Case_Study_Malware_Classification.pdf
1.5 MB
#Malware_analysis
"Fusing Feature Engineering and Deep Learning: A Case Study for Malware Classification", 2022.
]-> Repo: https://github.com/danielgibert/fusing_feature_engineering_and_deep_learning_a_case_study_for_malware_classification
"Fusing Feature Engineering and Deep Learning: A Case Study for Malware Classification", 2022.
]-> Repo: https://github.com/danielgibert/fusing_feature_engineering_and_deep_learning_a_case_study_for_malware_classification
LTrack.pdf
2.5 MB
#Research
"LTRACK: Stealthy Tracking of Mobile Phones in LTE", 2022.
"LTRACK: Stealthy Tracking of Mobile Phones in LTE", 2022.
⚜ List of Websites Giving free RDP/VPS ⚜
🌀 http://vpswala.org/
🌀 http://ohosti.com/vpshosting.php
🌀 https://gratisvps.net/
🌀 https://my.letscloud.io/sign-up/
🌀 https://developer.rackspace.com/
🌀 https://www.vultr.com/
🌀 https://www.ionos.com/
🌀 https://www.cloudsigma.com/
🌀 https://www.digitalocean.com/
🌀 http://ezywatch.com/freevps/
🌀 https://yellowcircle.net/
🌀 https://www.ctl.io/free-trial/
🌀 https://www.ihor.ru/
🌀 https://www.neuprime.com/l_vds3.php
🌀 https://www.skysilk.com/
🌀 https://sadd.io/
🌀 https://www.apponfly.com/en/
🌀 http://vpswala.org/
🌀 http://ohosti.com/vpshosting.php
🌀 https://gratisvps.net/
🌀 https://my.letscloud.io/sign-up/
🌀 https://developer.rackspace.com/
🌀 https://www.vultr.com/
🌀 https://www.ionos.com/
🌀 https://www.cloudsigma.com/
🌀 https://www.digitalocean.com/
🌀 http://ezywatch.com/freevps/
🌀 https://yellowcircle.net/
🌀 https://www.ctl.io/free-trial/
🌀 https://www.ihor.ru/
🌀 https://www.neuprime.com/l_vds3.php
🌀 https://www.skysilk.com/
🌀 https://sadd.io/
🌀 https://www.apponfly.com/en/
vpswala
Free VPS Server Hosting 24/7 | No Credit Card Required
Get 100% Free VPS Server Hosting with AMD EPYC processors, NVMe SSD storage, full root access on Windows & Linux. No credit card — deploy in 60 seconds.
Shennina Automating Host Exploitation with AI
https://github.com/mazen160/shennina
BOF-pack-1 A care package of useful bofs for red team engagments
https://github.com/jsecu/BOF-pack-1
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device
https://github.com/SpyGuard/SpyGuard
https://github.com/mazen160/shennina
BOF-pack-1 A care package of useful bofs for red team engagments
https://github.com/jsecu/BOF-pack-1
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device
https://github.com/SpyGuard/SpyGuard
GitHub
GitHub - mazen160/shennina: Automating Host Exploitation with AI
Automating Host Exploitation with AI. Contribute to mazen160/shennina development by creating an account on GitHub.
Titan: A generic user defined reflective DLL for Cobalt Strike
https://github.com/SecIdiot/titan
A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
https://github.com/capt-meelo/laZzzy
a small wiper malware programmed in c#
https://github.com/IntelBroker/Endurance-Wiper
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team
https://github.com/t3l3machus/Villain
Passively collect assets and automatically perform SQL injection detection (plug-in automatic Bypass), XSS detection, RCE detection, and sensitive information detection
https://github.com/ExpLangcn/EPScan
SharpUserIP: Extract the login log on the domain controller or remotely, and quickly obtain the IP address corresponding to the domain user
https://github.com/lele8/SharpUserIP
ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
https://github.com/RoseSecurity/ScrapPY
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing
https://github.com/securebinary/firebaseExploiter
https://github.com/SecIdiot/titan
A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
https://github.com/capt-meelo/laZzzy
a small wiper malware programmed in c#
https://github.com/IntelBroker/Endurance-Wiper
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team
https://github.com/t3l3machus/Villain
Passively collect assets and automatically perform SQL injection detection (plug-in automatic Bypass), XSS detection, RCE detection, and sensitive information detection
https://github.com/ExpLangcn/EPScan
SharpUserIP: Extract the login log on the domain controller or remotely, and quickly obtain the IP address corresponding to the domain user
https://github.com/lele8/SharpUserIP
ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
https://github.com/RoseSecurity/ScrapPY
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing
https://github.com/securebinary/firebaseExploiter
GitHub
GitHub - enkomio/BrokenFlow: A simple PoC to invoke an encrypted shellcode by using an hidden call
A simple PoC to invoke an encrypted shellcode by using an hidden call - enkomio/BrokenFlow
👍1