#tools
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
GitHub
GitHub - BeichenDream/PrintNotifyPotato: PrintNotifyPotato
PrintNotifyPotato. Contribute to BeichenDream/PrintNotifyPotato development by creating an account on GitHub.
#Threat_Research
#Blue_Team_Techniques
1. Threatest - CLI and Go framework for end-to-end testing threat detection rules
https://github.com/DataDog/threatest
2. Detect Tactics, Techniques & Combat Threats
https://github.com/rabobank-cdc/DeTTECT
#Blue_Team_Techniques
1. Threatest - CLI and Go framework for end-to-end testing threat detection rules
https://github.com/DataDog/threatest
2. Detect Tactics, Techniques & Combat Threats
https://github.com/rabobank-cdc/DeTTECT
GitHub
GitHub - DataDog/threatest: Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Threatest is a CLI and Go framework for end-to-end testing threat detection rules. - DataDog/threatest
#Malware_analysis
1. DuckLogs Malware
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild
2. A PoC ransomware sample to test out your ransomware response strategy
https://github.com/hazcod/ransomwhere
1. DuckLogs Malware
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild
2. A PoC ransomware sample to test out your ransomware response strategy
https://github.com/hazcod/ransomwhere
Cyble
Cyble - DuckLogs - New Malware Strain Spotted In The Wild
Cyble analyzes DuckLogs - a new Malware-as-a-Service that provides sophisticated malware features to Threat Actors at a relatively low price.
#Threat_Research
1. Novel Pipeline Vulnerability;
Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
2. MSI - Masquerading as a Software Installer
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
1. Novel Pipeline Vulnerability;
Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
2. MSI - Masquerading as a Software Installer
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
Black_Hat_Python_2nd.pdf
4.6 MB
#Tech_book
"Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Edition", 2021.
]-> Python 3 Source Code:
https://github.com/EONRaider/blackhat-python3
"Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Edition", 2021.
]-> Python 3 Source Code:
https://github.com/EONRaider/blackhat-python3
#tools
#Offensive_security
1. Neton - tool for getting information from Internet connected sandboxes
https://github.com/Aetsu/Neton
2. Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
]-> Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
#Offensive_security
1. Neton - tool for getting information from Internet connected sandboxes
https://github.com/Aetsu/Neton
2. Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
]-> Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
GitHub
GitHub - Aetsu/Neton: Neton is a tool for getting information from Internet connected sandboxes
Neton is a tool for getting information from Internet connected sandboxes - Aetsu/Neton
đ1
#exploit
1. CVE-2022-26265:
Contao CMS v.1.5.0 - RCE
https://github.com/Inplex-sys/CVE-2022-26265
2. CVE-2022-25765:
pdfkit URL Command Injection
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit
1. CVE-2022-26265:
Contao CMS v.1.5.0 - RCE
https://github.com/Inplex-sys/CVE-2022-26265
2. CVE-2022-25765:
pdfkit URL Command Injection
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit
GitHub
GitHub - SystemVll/CVE-2022-26265: The first proof of concept of the Contao CMS RCE
The first proof of concept of the Contao CMS RCE. Contribute to SystemVll/CVE-2022-26265 development by creating an account on GitHub.
ALASTOR.pdf
1.5 MB
#Research
"ALASTOR: Reconstructing the Provenance of Serverless Intrusions", 2022.
]-> https://bitbucket.org/sts-lab/alastor/src
"ALASTOR: Reconstructing the Provenance of Serverless Intrusions", 2022.
]-> https://bitbucket.org/sts-lab/alastor/src
branch_injection.pdf
289.7 KB
#reversing
"Exploiting Branch Target Injection", 2021.
"Exploiting Branch Target Injection", 2021.
Attacking_riscv.pdf
626.9 KB
#Research
#Hardware_Security
"Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming", 2022.
#Hardware_Security
"Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming", 2022.
hunting_cobaltstrike_beacons.pdf
13.6 MB
#Tech_book
"Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence", 2022.
"Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence", 2022.
vlc_vnc_int_overflow.pdf
94.6 KB
#Whitepaper
"VLC: Integer overflow in vnc module <= 3.0.18 (CVE-2022-41325): Security advisory".
"VLC: Integer overflow in vnc module <= 3.0.18 (CVE-2022-41325): Security advisory".
SSH_pentesting.pdf
2.1 MB
#Whitepaper
"SSH Penetration Testing", 2022.
"SSH Penetration Testing", 2022.
Scapolite.pdf
1.3 MB
#hardening
"Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large Scale Organizations", 2022.
"Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large Scale Organizations", 2022.
UAV_security.pdf
1005.8 KB
#Research
"UAV Traffic Management: A Survey On Communication Security", 2022.
"UAV Traffic Management: A Survey On Communication Security", 2022.
TLB_DR.pdf
245.1 KB
#reversing
"TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering", 2022.
]-> https://github.com/vusec/tlbdr
"TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering", 2022.
]-> https://github.com/vusec/tlbdr
Forwarded from Bug Bounty
Offensive Security Approved OSCP Notes
Link : https://oscpnotes.infosecsanyam.in/My_OSCP_Preparation_Notes.html
#bugbounty #OSCP #infosec #pentest
Link : https://oscpnotes.infosecsanyam.in/My_OSCP_Preparation_Notes.html
#bugbounty #OSCP #infosec #pentest
đ° 8000+ XSS Payloads
#bugbounty #Infosec
Git Ripo : https://github.com/Aacle/xss_payload
Check This Out : đ
#bugbounty #Infosec
Git Ripo : https://github.com/Aacle/xss_payload
Check This Out : đ
GitHub
GitHub - aacle/xss_payload
Contribute to aacle/xss_payload development by creating an account on GitHub.
Forwarded from Bug Bounty
đ°All Google Dorks
#bugbounty #infosec
âĸ Operators
âĸ Purposes
âĸ Can be Mixed with other operators ?
âĸ Can be used alone ?
âĸ Does Search Work in ? : Web, Image, Groups, News
Download In More Clarity : https://bugbountyguide.org/index.php/mindmaps-cheatsheets/
Check this Out : đ
#bugbounty #infosec
âĸ Operators
âĸ Purposes
âĸ Can be Mixed with other operators ?
âĸ Can be used alone ?
âĸ Does Search Work in ? : Web, Image, Groups, News
Download In More Clarity : https://bugbountyguide.org/index.php/mindmaps-cheatsheets/
Check this Out : đ
Awesome Hacker Search Engines
https://github.com/edoardottt/awesome-hacker-search-engines
// Repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc
ââŦÛŠâ credits:@geeekgirls âÛŠâŦâ
https://github.com/edoardottt/awesome-hacker-search-engines
// Repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc
ââŦÛŠâ credits:@geeekgirls âÛŠâŦâ
GitHub
GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing,âĻ
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more - edoardottt/awesome-hacker-search-engines