#Threat_Research
1. Analysis of the First Critical Vulnerability of Aptos Move VM
https://medium.com/numen-cyber-labs/analysis-of-the-first-critical-0-day-vulnerability-of-aptos-move-vm-8c1fd6c2b98e
2. OWASSRF - New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations
1. Analysis of the First Critical Vulnerability of Aptos Move VM
https://medium.com/numen-cyber-labs/analysis-of-the-first-critical-0-day-vulnerability-of-aptos-move-vm-8c1fd6c2b98e
2. OWASSRF - New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations
Medium
Analysis of the First Critical 0-Day Vulnerability of Aptos Move VM
An Analysis on a Critical Aptos vulnerability discovered by Numen Cyber Technology
#Red_Team_Tactics
1. Process reparenting in MS Windows
https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows
2. CLI tool/library to enhance and speed up script/exploit writing with string conversion/manipulation
https://github.com/noraj/ctf-party
1. Process reparenting in MS Windows
https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows
2. CLI tool/library to enhance and speed up script/exploit writing with string conversion/manipulation
https://github.com/noraj/ctf-party
The Trail of Bits Blog
What child is this?
A Primer on Process Reparenting in Windows. Process reparenting is a technique used in Microsoft Windows to create a child process under a different parent process than the one making the call to CreateProcess. Malicious actors can use this technique to evade…
#tools
#Malware_analysis
1. PortexAnalyzer - free PE parser tailored for malware analysis
https://github.com/struppigel/PortexAnalyzerGUI/releases
2. XLLing in Excel - Evolution of malicious XLLs
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
#Malware_analysis
1. PortexAnalyzer - free PE parser tailored for malware analysis
https://github.com/struppigel/PortexAnalyzerGUI/releases
2. XLLing in Excel - Evolution of malicious XLLs
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
GitHub
Releases · struppigel/PortexAnalyzerGUI
Graphical interface for PortEx, a Portable Executable and Malware Analysis Library - struppigel/PortexAnalyzerGUI
#exploit
1. CVE-2022-48870:
maccms admin+ xss attacks
https://github.com/Cedric1314/CVE-2022-48870
2. CVE-2022-39253:
Docker host file read
https://github.com/ssst0n3/docker-cve-2022-39253-poc
1. CVE-2022-48870:
maccms admin+ xss attacks
https://github.com/Cedric1314/CVE-2022-48870
2. CVE-2022-39253:
Docker host file read
https://github.com/ssst0n3/docker-cve-2022-39253-poc
GitHub
GitHub - Cedric1314/CVE-2022-44870: maccms admin+ xss attacks
maccms admin+ xss attacks . Contribute to Cedric1314/CVE-2022-44870 development by creating an account on GitHub.
Forwarded from 卩ro 爪Cracker
chatgpt_chinese_prompt_hack
Use prompt hack to bypass OpenAI's content policy restrictions by golfzert
https://github.com/golfzert/chatgpt-chinese-prompt-hack
Use prompt hack to bypass OpenAI's content policy restrictions by golfzert
https://github.com/golfzert/chatgpt-chinese-prompt-hack
👍2
Forwarded from 卩ro 爪Cracker
hackGPT
OpenAI and #ChatGPT to do hackerish things by NoDataFound
https://github.com/NoDataFound/hackGPT
OpenAI and #ChatGPT to do hackerish things by NoDataFound
https://github.com/NoDataFound/hackGPT
🏆1
Forwarded from 卩ro 爪Cracker
Forwarded from 卩ro 爪Cracker
Puckungfu: A NETGEAR WAN Command Injection
https://ift.tt/8pYDvB4
Submitted December 22, 2022 at 05:02PM by ArbitraryWrite
via reddit https://ift.tt/paMGtRe
https://ift.tt/8pYDvB4
Submitted December 22, 2022 at 05:02PM by ArbitraryWrite
via reddit https://ift.tt/paMGtRe
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Forwarded from 卩ro 爪Cracker
CVE-2022-2602
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
Copilot, for your terminal
A CLI tool that generates shell scripts from a human readable description.
https://github.com/m1guelpf/plz-cli
A CLI tool that generates shell scripts from a human readable description.
https://github.com/m1guelpf/plz-cli
SquarePhish
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.
https://github.com/secureworks/squarephish
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.
https://github.com/secureworks/squarephish
MSI Shenanigans
This repository contains Proof of Concept code and harmless weaponised packages representing various weaponisation strategies that Threat Actors abuse in Windows Installer MSI format.
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans. Part 1 – Offensive Capabilities Overview:
https://mgeeky.tech/msi-shenanigans-part-1/
This repository contains Proof of Concept code and harmless weaponised packages representing various weaponisation strategies that Threat Actors abuse in Windows Installer MSI format.
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans. Part 1 – Offensive Capabilities Overview:
https://mgeeky.tech/msi-shenanigans-part-1/
CVE-2022-2602
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
Golden Nuggets
Burp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)
https://github.com/GainSec/GoldenNuggets-1
Burp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)
https://github.com/GainSec/GoldenNuggets-1
ctf-party
A CLI tool & library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short syntax of usual code patterns. The philosophy is also to keep the library to be pure ruby (no dependencies) and not to re-implement what another library is already doing well (eg. xorcist for xor).
https://github.com/noraj/ctf-party
A CLI tool & library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short syntax of usual code patterns. The philosophy is also to keep the library to be pure ruby (no dependencies) and not to re-implement what another library is already doing well (eg. xorcist for xor).
https://github.com/noraj/ctf-party
