⚜ List of Websites Giving free RDP/VPS ⚜
🌀 http://vpswala.org/
🌀 http://ohosti.com/vpshosting.php
🌀 https://gratisvps.net/
🌀 https://my.letscloud.io/sign-up/
🌀 https://developer.rackspace.com/
🌀 https://www.vultr.com/
🌀 https://www.ionos.com/
🌀 https://www.cloudsigma.com/
🌀 https://www.digitalocean.com/
🌀 http://ezywatch.com/freevps/
🌀 https://yellowcircle.net/
🌀 https://www.ctl.io/free-trial/
🌀 https://www.ihor.ru/
🌀 https://www.neuprime.com/l_vds3.php
🌀 https://www.skysilk.com/
🌀 https://sadd.io/
🌀 https://www.apponfly.com/en/
🌀 http://vpswala.org/
🌀 http://ohosti.com/vpshosting.php
🌀 https://gratisvps.net/
🌀 https://my.letscloud.io/sign-up/
🌀 https://developer.rackspace.com/
🌀 https://www.vultr.com/
🌀 https://www.ionos.com/
🌀 https://www.cloudsigma.com/
🌀 https://www.digitalocean.com/
🌀 http://ezywatch.com/freevps/
🌀 https://yellowcircle.net/
🌀 https://www.ctl.io/free-trial/
🌀 https://www.ihor.ru/
🌀 https://www.neuprime.com/l_vds3.php
🌀 https://www.skysilk.com/
🌀 https://sadd.io/
🌀 https://www.apponfly.com/en/
vpswala
Free VPS Server Hosting 24/7 | No Credit Card Required
Get 100% Free VPS Server Hosting with AMD EPYC processors, NVMe SSD storage, full root access on Windows & Linux. No credit card — deploy in 60 seconds.
Shennina Automating Host Exploitation with AI
https://github.com/mazen160/shennina
BOF-pack-1 A care package of useful bofs for red team engagments
https://github.com/jsecu/BOF-pack-1
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device
https://github.com/SpyGuard/SpyGuard
https://github.com/mazen160/shennina
BOF-pack-1 A care package of useful bofs for red team engagments
https://github.com/jsecu/BOF-pack-1
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device
https://github.com/SpyGuard/SpyGuard
GitHub
GitHub - mazen160/shennina: Automating Host Exploitation with AI
Automating Host Exploitation with AI. Contribute to mazen160/shennina development by creating an account on GitHub.
Titan: A generic user defined reflective DLL for Cobalt Strike
https://github.com/SecIdiot/titan
A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
https://github.com/capt-meelo/laZzzy
a small wiper malware programmed in c#
https://github.com/IntelBroker/Endurance-Wiper
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team
https://github.com/t3l3machus/Villain
Passively collect assets and automatically perform SQL injection detection (plug-in automatic Bypass), XSS detection, RCE detection, and sensitive information detection
https://github.com/ExpLangcn/EPScan
SharpUserIP: Extract the login log on the domain controller or remotely, and quickly obtain the IP address corresponding to the domain user
https://github.com/lele8/SharpUserIP
ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
https://github.com/RoseSecurity/ScrapPY
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing
https://github.com/securebinary/firebaseExploiter
https://github.com/SecIdiot/titan
A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
https://github.com/capt-meelo/laZzzy
a small wiper malware programmed in c#
https://github.com/IntelBroker/Endurance-Wiper
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team
https://github.com/t3l3machus/Villain
Passively collect assets and automatically perform SQL injection detection (plug-in automatic Bypass), XSS detection, RCE detection, and sensitive information detection
https://github.com/ExpLangcn/EPScan
SharpUserIP: Extract the login log on the domain controller or remotely, and quickly obtain the IP address corresponding to the domain user
https://github.com/lele8/SharpUserIP
ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
https://github.com/RoseSecurity/ScrapPY
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing
https://github.com/securebinary/firebaseExploiter
GitHub
GitHub - enkomio/BrokenFlow: A simple PoC to invoke an encrypted shellcode by using an hidden call
A simple PoC to invoke an encrypted shellcode by using an hidden call - enkomio/BrokenFlow
👍1
#exploit
1. CVE-2022-3328:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
https://seclists.org/oss-sec/2022/q4/164
2. CVE-2022-46146:
Authentication Bypass in Open-Source Prometheus Project
https://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project
3. CVE-2022-4116:
Quarkus Java framework RCE
https://joebeeton.github.io
]-> https://github.com/JoeBeeton/simple-request-attacks
1. CVE-2022-3328:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
https://seclists.org/oss-sec/2022/q4/164
2. CVE-2022-46146:
Authentication Bypass in Open-Source Prometheus Project
https://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project
3. CVE-2022-4116:
Quarkus Java framework RCE
https://joebeeton.github.io
]-> https://github.com/JoeBeeton/simple-request-attacks
seclists.org
oss-sec: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
#Threat_Research
Active C2 Discovery Using Protocol Emulation
Part 1 (HYDSEve, NetWire):
https://blogs.vmware.com/security/2019/11/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire.html
Part 2 (Winnti 4.0):
https://blogs.vmware.com/security/2020/02/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0.html
Part 3 (ShadowPad):
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
Part 4 (Dacls, aka MATA):
https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html
Active C2 Discovery Using Protocol Emulation
Part 1 (HYDSEve, NetWire):
https://blogs.vmware.com/security/2019/11/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire.html
Part 2 (Winnti 4.0):
https://blogs.vmware.com/security/2020/02/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0.html
Part 3 (ShadowPad):
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
Part 4 (Dacls, aka MATA):
https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html
VMware Security Blog
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)
Malware C2 addresses can be an important IOC to detect known threats. VMware Threat Analysis Unit (TAU) analyzed HYDSEVEN NetWire samples then implemented a scanner to discover active C2 servers on the Internet by emulating the customized C2 protocol.
#Offensive_security
1. Demystifying the "SVCHOST.EXE" Process and Its Command Line Options
https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
2. Tools and PoCs for Windows syscall investigation
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
1. Demystifying the "SVCHOST.EXE" Process and Its Command Line Options
https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
2. Tools and PoCs for Windows syscall investigation
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
Medium
Demystifying the “SVCHOST.EXE” Process and Its Command Line Options
Understanding the “svchost.exe” process and its command line options
#tools
#Hardware_Security
Dynamic analysis framework for CPU microcode
https://github.com/pietroborrello/CustomProcessingUnit
]-> Ghidra Processor Module to disassemble/decompile the x86 Intel Atom microcode:
https://github.com/pietroborrello/ghidra-atom-microcode
#Hardware_Security
Dynamic analysis framework for CPU microcode
https://github.com/pietroborrello/CustomProcessingUnit
]-> Ghidra Processor Module to disassemble/decompile the x86 Intel Atom microcode:
https://github.com/pietroborrello/ghidra-atom-microcode
GitHub
GitHub - pietroborrello/CustomProcessingUnit: The first analysis framework for CPU microcode
The first analysis framework for CPU microcode. Contribute to pietroborrello/CustomProcessingUnit development by creating an account on GitHub.
#Red_Team_Tactics
1. Stalking inside of your Chromium Browser
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
2. New PowerShell History Defense Evasion Technique
https://www.blackhillsinfosec.com/new-powershell-history-defense-evasion-technique
1. Stalking inside of your Chromium Browser
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
2. New PowerShell History Defense Evasion Technique
https://www.blackhillsinfosec.com/new-powershell-history-defense-evasion-technique
SpecterOps
Stalking inside of your Chromium Browser - SpecterOps
With chromium-based browsers being the new favorite, learn how to combine multiple commands supported by CDP to save time and increase efficiency in a red team engagement.
#exploit
1. Grafana RCE via SMTP server parameter injection
https://hackerone.com/reports/1200647
2. CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
3. CVE-2022-34669:
NVidia GPU Display Driver Vulnerablities
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
1. Grafana RCE via SMTP server parameter injection
https://hackerone.com/reports/1200647
2. CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
3. CVE-2022-34669:
NVidia GPU Display Driver Vulnerablities
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
HackerOne
Aiven Ltd disclosed on HackerOne: Grafana RCE via SMTP server...
## Summary:
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
#tools
#Fuzzing
Userefuzz - User-Agent, X-Forwarded-For and Referer SQLI Fuzzer
https://github.com/root-tanishq/userefuzz
#Fuzzing
Userefuzz - User-Agent, X-Forwarded-For and Referer SQLI Fuzzer
https://github.com/root-tanishq/userefuzz
GitHub
GitHub - root-tanishq/userefuzz: User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer - root-tanishq/userefuzz
#Threat_Research
1. HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
2. Visual Studio Code: RCE
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
1. HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
2. Visual Studio Code: RCE
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
GitHub
Write-Ups/HTTP Desync Attack (Request Smuggling).md at main · AnkitCuriosity/Write-Ups
Write-ups of my findings. Contribute to AnkitCuriosity/Write-Ups development by creating an account on GitHub.
#reversing
1. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
https://boschko.ca/glinet-router
2. Hacking the router firmware used by (Telia) TG799vac Xtream v17.2-MINT delivered from Technicolor
https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT
1. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
https://boschko.ca/glinet-router
2. Hacking the router firmware used by (Telia) TG799vac Xtream v17.2-MINT delivered from Technicolor
https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT
Boschko Security Blog
GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
Discovered multiple vulnerabilities in the IoT hardware, software, & cloud peripheral applications (CVE-2022-31898 CVE-2022-42055 CVE-2022-42054).
#tools
#Offensive_security
1. HTB: CarpeDiem
https://0xdf.gitlab.io/2022/12/03/htb-carpediem.html
2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)
https://github.com/Wh04m1001/SysmonEoP
3. Nim DLL Sideloading/proxying
https://github.com/byt3bl33d3r/NimDllSideload
#Offensive_security
1. HTB: CarpeDiem
https://0xdf.gitlab.io/2022/12/03/htb-carpediem.html
2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)
https://github.com/Wh04m1001/SysmonEoP
3. Nim DLL Sideloading/proxying
https://github.com/byt3bl33d3r/NimDllSideload
0xdf hacks stuff
HTB: CarpeDiem
CarpeDiem is a hard linux box that involves pivoting through a small network of Docker containers. I’ll start by getting admin access to a website, and using an upload feature to get a webshell and a foothold in that container. From there, I’ll enumerate…
⚡1
#Malware_analysis
1. ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware
2. Blowing Cobalt Strike Out of the Water With Memory Analysis
https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis
1. ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware
2. Blowing Cobalt Strike Out of the Water With Memory Analysis
https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis
Volexity
₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
Over the last few months, Volexity has observed new activity tied to a North Korean threat actor it tracks that is widely referred to as the Lazarus Group. This activity […]
#exploit
1. CVE-2022-2650:
Brute Force on wger workout application v2.0
https://github.com/HackinKraken/CVE-2022-2650
2. CVE-2022-44721:
Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
1. CVE-2022-2650:
Brute Force on wger workout application v2.0
https://github.com/HackinKraken/CVE-2022-2650
2. CVE-2022-44721:
Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
#Threat_Research
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Frycos Security Diary
Pre-Auth RCE with CodeQL in Under 20 Minutes
This write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.
#tools
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
GitHub
GitHub - BeichenDream/PrintNotifyPotato: PrintNotifyPotato
PrintNotifyPotato. Contribute to BeichenDream/PrintNotifyPotato development by creating an account on GitHub.