Forwarded from 卩ro 爪Cracker
Puckungfu: A NETGEAR WAN Command Injection
https://ift.tt/8pYDvB4
Submitted December 22, 2022 at 05:02PM by ArbitraryWrite
via reddit https://ift.tt/paMGtRe
https://ift.tt/8pYDvB4
Submitted December 22, 2022 at 05:02PM by ArbitraryWrite
via reddit https://ift.tt/paMGtRe
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Forwarded from 卩ro 爪Cracker
CVE-2022-2602
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
Copilot, for your terminal
A CLI tool that generates shell scripts from a human readable description.
https://github.com/m1guelpf/plz-cli
A CLI tool that generates shell scripts from a human readable description.
https://github.com/m1guelpf/plz-cli
SquarePhish
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.
https://github.com/secureworks/squarephish
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.
https://github.com/secureworks/squarephish
MSI Shenanigans
This repository contains Proof of Concept code and harmless weaponised packages representing various weaponisation strategies that Threat Actors abuse in Windows Installer MSI format.
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans. Part 1 – Offensive Capabilities Overview:
https://mgeeky.tech/msi-shenanigans-part-1/
This repository contains Proof of Concept code and harmless weaponised packages representing various weaponisation strategies that Threat Actors abuse in Windows Installer MSI format.
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans. Part 1 – Offensive Capabilities Overview:
https://mgeeky.tech/msi-shenanigans-part-1/
CVE-2022-2602
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
Golden Nuggets
Burp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)
https://github.com/GainSec/GoldenNuggets-1
Burp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)
https://github.com/GainSec/GoldenNuggets-1
ctf-party
A CLI tool & library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short syntax of usual code patterns. The philosophy is also to keep the library to be pure ruby (no dependencies) and not to re-implement what another library is already doing well (eg. xorcist for xor).
https://github.com/noraj/ctf-party
A CLI tool & library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short syntax of usual code patterns. The philosophy is also to keep the library to be pure ruby (no dependencies) and not to re-implement what another library is already doing well (eg. xorcist for xor).
https://github.com/noraj/ctf-party
Forwarded from Deadly malware xp
USB Ninja
USB Ninja is an information security and penetration testing tool that looks and functions just like a regular USB cable (both power and data) until a wireless remote control triggers it to deliver your choice of attack payload to the host machine. In essence, USB Ninja is the next step in the evolution of BadUSB, embedding the attack in the USB cable itself.
Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection, the USB Ninja is an ideal tool for penetration testers, police and government.
Wireless trigger device for the USB Ninja. Can trigger two different payloads via toggle buttons. Accepts RP-SMA antennas if you want greater distances for remote payload triggering.
Documentation:
https://usbninja.com/help/
Buy online:
🛒 Cable https://ali.ski/IjDEv4
🛒 Bluetooth Remote https://ali.ski/aVNHh
#usb #badusb #cable
USB Ninja is an information security and penetration testing tool that looks and functions just like a regular USB cable (both power and data) until a wireless remote control triggers it to deliver your choice of attack payload to the host machine. In essence, USB Ninja is the next step in the evolution of BadUSB, embedding the attack in the USB cable itself.
Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection, the USB Ninja is an ideal tool for penetration testers, police and government.
Wireless trigger device for the USB Ninja. Can trigger two different payloads via toggle buttons. Accepts RP-SMA antennas if you want greater distances for remote payload triggering.
Documentation:
https://usbninja.com/help/
Buy online:
🛒 Cable https://ali.ski/IjDEv4
🛒 Bluetooth Remote https://ali.ski/aVNHh
#usb #badusb #cable
Forwarded from Deadly malware xp
PHPGGC
A library of unserialize() payloads along with a tool to generate them, from command line or programmatically.
https://github.com/ambionics/phpggc
A library of unserialize() payloads along with a tool to generate them, from command line or programmatically.
https://github.com/ambionics/phpggc
Forwarded from Deadly malware xp
RHM: Robot Hacking Manual
The Robot Hacking Manual (RHM) is an introductory series about cybersecurity for robots, with an attempt to provide comprehensive case studies and step-by-step tutorials with the intent to raise awareness in the field and highlight the importance of taking a security-first1 approach. The material available here is also a personal learning attempt and it's disconnected from any particular organization. Content is provided as is and by no means I encourage or promote the unauthorized tampering of robotic systems or related technologies.
https://github.com/vmayoral/robot_hacking_manual
The Robot Hacking Manual (RHM) is an introductory series about cybersecurity for robots, with an attempt to provide comprehensive case studies and step-by-step tutorials with the intent to raise awareness in the field and highlight the importance of taking a security-first1 approach. The material available here is also a personal learning attempt and it's disconnected from any particular organization. Content is provided as is and by no means I encourage or promote the unauthorized tampering of robotic systems or related technologies.
https://github.com/vmayoral/robot_hacking_manual
Forwarded from Deadly malware xp
chatgpt_chinese_prompt_hack
Use prompt hack to bypass OpenAI's content policy restrictions by golfzert
https://github.com/golfzert/chatgpt-chinese-prompt-hack
Use prompt hack to bypass OpenAI's content policy restrictions by golfzert
https://github.com/golfzert/chatgpt-chinese-prompt-hack
Forwarded from Deadly malware xp
Hacking & Cybersecurity class materials
We are delighted to announce a first on Lawfare: A live online class on hacking and cybersecurity.
https://github.com/lawfareblog/hacking-cybersecurity
We are delighted to announce a first on Lawfare: A live online class on hacking and cybersecurity.
https://github.com/lawfareblog/hacking-cybersecurity
Forwarded from Deadly malware xp
hackGPT
OpenAI and #ChatGPT to do hackerish things by NoDataFound
https://github.com/NoDataFound/hackGPT
OpenAI and #ChatGPT to do hackerish things by NoDataFound
https://github.com/NoDataFound/hackGPT
Forwarded from Deadly malware xp
Blinside
Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.
https://github.com/CymulateResearch/Blindside
Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.
https://github.com/CymulateResearch/Blindside
Forwarded from Deadly malware xp
Shellcode Mutator
New tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious.
https://github.com/nettitude/ShellcodeMutator
Details:
https://labs.nettitude.com/blog/shellcode-source-mutations/
#shellcode #redteam
New tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious.
https://github.com/nettitude/ShellcodeMutator
Details:
https://labs.nettitude.com/blog/shellcode-source-mutations/
#shellcode #redteam
