#tools
#Offensive_security
1. PwnFox - Firefox/Burp extension that provide usefull tools for your security audit
https://github.com/yeswehack/PwnFox
2. wwwtree - utility for quickly locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from filesystem to a victim machine during privilege escalation
https://github.com/t3l3machus/wwwtree
#Offensive_security
1. PwnFox - Firefox/Burp extension that provide usefull tools for your security audit
https://github.com/yeswehack/PwnFox
2. wwwtree - utility for quickly locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from filesystem to a victim machine during privilege escalation
https://github.com/t3l3machus/wwwtree
GitHub
GitHub - yeswehack/PwnFox: PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit. - yeswehack/PwnFox
#Cloud_Security
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers
Part 1: https://tutorialboy24.blogspot.com/2022/08/detailed-talk-about-k8s-cluster.html
Part 2: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers
Part 1: https://tutorialboy24.blogspot.com/2022/08/detailed-talk-about-k8s-cluster.html
Part 2: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html
Tutorial Boy
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
#Malware_analysis
1. New details on commercial spyware vendor Variston
https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston
2. HiveV5 file decryptor PoC
https://github.com/reecdeep/HiveV5_file_decryptor
1. New details on commercial spyware vendor Variston
https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston
2. HiveV5 file decryptor PoC
https://github.com/reecdeep/HiveV5_file_decryptor
Google
New details on commercial spyware vendor Variston
The Threat Analysis Group shares new information on the commercial spyware vendor Variston.
Snapfuzz.pdf
693.9 KB
#Fuzzing
"SnapFuzz: An Efficient Fuzzing Framework for Network Applications", 2022.
]-> https://google.github.io/clusterfuzz/#trophies
"SnapFuzz: An Efficient Fuzzing Framework for Network Applications", 2022.
]-> https://google.github.io/clusterfuzz/#trophies
#Blue_Team_Techniques
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools
GitHub
GitHub - NetSPI/PowerHuntShares: PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges…
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains. - NetSPI/PowerHuntShares
#Threat_Research
Dynamic Analysis of Windows Exploit Mitigations - Import Address Filtering
https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Dynamic Analysis of Windows Exploit Mitigations - Import Address Filtering
https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Medium
Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering.
~My Research process
SkyPort.pdf
414.9 KB
#Research
"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches", 2022.
"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches", 2022.
A_Case_Study_Malware_Classification.pdf
1.5 MB
#Malware_analysis
"Fusing Feature Engineering and Deep Learning: A Case Study for Malware Classification", 2022.
]-> Repo: https://github.com/danielgibert/fusing_feature_engineering_and_deep_learning_a_case_study_for_malware_classification
"Fusing Feature Engineering and Deep Learning: A Case Study for Malware Classification", 2022.
]-> Repo: https://github.com/danielgibert/fusing_feature_engineering_and_deep_learning_a_case_study_for_malware_classification
LTrack.pdf
2.5 MB
#Research
"LTRACK: Stealthy Tracking of Mobile Phones in LTE", 2022.
"LTRACK: Stealthy Tracking of Mobile Phones in LTE", 2022.
⚜ List of Websites Giving free RDP/VPS ⚜
🌀 http://vpswala.org/
🌀 http://ohosti.com/vpshosting.php
🌀 https://gratisvps.net/
🌀 https://my.letscloud.io/sign-up/
🌀 https://developer.rackspace.com/
🌀 https://www.vultr.com/
🌀 https://www.ionos.com/
🌀 https://www.cloudsigma.com/
🌀 https://www.digitalocean.com/
🌀 http://ezywatch.com/freevps/
🌀 https://yellowcircle.net/
🌀 https://www.ctl.io/free-trial/
🌀 https://www.ihor.ru/
🌀 https://www.neuprime.com/l_vds3.php
🌀 https://www.skysilk.com/
🌀 https://sadd.io/
🌀 https://www.apponfly.com/en/
🌀 http://vpswala.org/
🌀 http://ohosti.com/vpshosting.php
🌀 https://gratisvps.net/
🌀 https://my.letscloud.io/sign-up/
🌀 https://developer.rackspace.com/
🌀 https://www.vultr.com/
🌀 https://www.ionos.com/
🌀 https://www.cloudsigma.com/
🌀 https://www.digitalocean.com/
🌀 http://ezywatch.com/freevps/
🌀 https://yellowcircle.net/
🌀 https://www.ctl.io/free-trial/
🌀 https://www.ihor.ru/
🌀 https://www.neuprime.com/l_vds3.php
🌀 https://www.skysilk.com/
🌀 https://sadd.io/
🌀 https://www.apponfly.com/en/
vpswala
Free VPS Server Hosting 24/7 | No Credit Card Required
Get 100% Free VPS Server Hosting with AMD EPYC processors, NVMe SSD storage, full root access on Windows & Linux. No credit card — deploy in 60 seconds.
Shennina Automating Host Exploitation with AI
https://github.com/mazen160/shennina
BOF-pack-1 A care package of useful bofs for red team engagments
https://github.com/jsecu/BOF-pack-1
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device
https://github.com/SpyGuard/SpyGuard
https://github.com/mazen160/shennina
BOF-pack-1 A care package of useful bofs for red team engagments
https://github.com/jsecu/BOF-pack-1
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device
https://github.com/SpyGuard/SpyGuard
GitHub
GitHub - mazen160/shennina: Automating Host Exploitation with AI
Automating Host Exploitation with AI. Contribute to mazen160/shennina development by creating an account on GitHub.
Titan: A generic user defined reflective DLL for Cobalt Strike
https://github.com/SecIdiot/titan
A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
https://github.com/capt-meelo/laZzzy
a small wiper malware programmed in c#
https://github.com/IntelBroker/Endurance-Wiper
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team
https://github.com/t3l3machus/Villain
Passively collect assets and automatically perform SQL injection detection (plug-in automatic Bypass), XSS detection, RCE detection, and sensitive information detection
https://github.com/ExpLangcn/EPScan
SharpUserIP: Extract the login log on the domain controller or remotely, and quickly obtain the IP address corresponding to the domain user
https://github.com/lele8/SharpUserIP
ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
https://github.com/RoseSecurity/ScrapPY
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing
https://github.com/securebinary/firebaseExploiter
https://github.com/SecIdiot/titan
A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
https://github.com/capt-meelo/laZzzy
a small wiper malware programmed in c#
https://github.com/IntelBroker/Endurance-Wiper
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team
https://github.com/t3l3machus/Villain
Passively collect assets and automatically perform SQL injection detection (plug-in automatic Bypass), XSS detection, RCE detection, and sensitive information detection
https://github.com/ExpLangcn/EPScan
SharpUserIP: Extract the login log on the domain controller or remotely, and quickly obtain the IP address corresponding to the domain user
https://github.com/lele8/SharpUserIP
ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
https://github.com/RoseSecurity/ScrapPY
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing
https://github.com/securebinary/firebaseExploiter
GitHub
GitHub - enkomio/BrokenFlow: A simple PoC to invoke an encrypted shellcode by using an hidden call
A simple PoC to invoke an encrypted shellcode by using an hidden call - enkomio/BrokenFlow
👍1
#exploit
1. CVE-2022-3328:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
https://seclists.org/oss-sec/2022/q4/164
2. CVE-2022-46146:
Authentication Bypass in Open-Source Prometheus Project
https://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project
3. CVE-2022-4116:
Quarkus Java framework RCE
https://joebeeton.github.io
]-> https://github.com/JoeBeeton/simple-request-attacks
1. CVE-2022-3328:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
https://seclists.org/oss-sec/2022/q4/164
2. CVE-2022-46146:
Authentication Bypass in Open-Source Prometheus Project
https://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project
3. CVE-2022-4116:
Quarkus Java framework RCE
https://joebeeton.github.io
]-> https://github.com/JoeBeeton/simple-request-attacks
seclists.org
oss-sec: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
#Threat_Research
Active C2 Discovery Using Protocol Emulation
Part 1 (HYDSEve, NetWire):
https://blogs.vmware.com/security/2019/11/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire.html
Part 2 (Winnti 4.0):
https://blogs.vmware.com/security/2020/02/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0.html
Part 3 (ShadowPad):
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
Part 4 (Dacls, aka MATA):
https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html
Active C2 Discovery Using Protocol Emulation
Part 1 (HYDSEve, NetWire):
https://blogs.vmware.com/security/2019/11/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire.html
Part 2 (Winnti 4.0):
https://blogs.vmware.com/security/2020/02/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0.html
Part 3 (ShadowPad):
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
Part 4 (Dacls, aka MATA):
https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html
VMware Security Blog
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)
Malware C2 addresses can be an important IOC to detect known threats. VMware Threat Analysis Unit (TAU) analyzed HYDSEVEN NetWire samples then implemented a scanner to discover active C2 servers on the Internet by emulating the customized C2 protocol.
#Offensive_security
1. Demystifying the "SVCHOST.EXE" Process and Its Command Line Options
https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
2. Tools and PoCs for Windows syscall investigation
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
1. Demystifying the "SVCHOST.EXE" Process and Its Command Line Options
https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
2. Tools and PoCs for Windows syscall investigation
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
Medium
Demystifying the “SVCHOST.EXE” Process and Its Command Line Options
Understanding the “svchost.exe” process and its command line options