โโSquarePhish
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.
https://github.com/secureworks/squarephish
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.
https://github.com/secureworks/squarephish
โโMSI Shenanigans
This repository contains Proof of Concept code and harmless weaponised packages representing various weaponisation strategies that Threat Actors abuse in Windows Installer MSI format.
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans. Part 1 โ Offensive Capabilities Overview:
https://mgeeky.tech/msi-shenanigans-part-1/
This repository contains Proof of Concept code and harmless weaponised packages representing various weaponisation strategies that Threat Actors abuse in Windows Installer MSI format.
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans. Part 1 โ Offensive Capabilities Overview:
https://mgeeky.tech/msi-shenanigans-part-1/
โโCVE-2022-2602
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
โโGolden Nuggets
Burp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)
https://github.com/GainSec/GoldenNuggets-1
Burp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)
https://github.com/GainSec/GoldenNuggets-1
โโctf-party
A CLI tool & library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short syntax of usual code patterns. The philosophy is also to keep the library to be pure ruby (no dependencies) and not to re-implement what another library is already doing well (eg. xorcist for xor).
https://github.com/noraj/ctf-party
A CLI tool & library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short syntax of usual code patterns. The philosophy is also to keep the library to be pure ruby (no dependencies) and not to re-implement what another library is already doing well (eg. xorcist for xor).
https://github.com/noraj/ctf-party
Forwarded from Deadly malware xp
โโUSB Ninja
USB Ninja is an information security and penetration testing tool that looks and functions just like a regular USB cable (both power and data) until a wireless remote control triggers it to deliver your choice of attack payload to the host machine. In essence, USB Ninja is the next step in the evolution of BadUSB, embedding the attack in the USB cable itself.
Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection, the USB Ninja is an ideal tool for penetration testers, police and government.
Wireless trigger device for the USB Ninja. Can trigger two different payloads via toggle buttons. Accepts RP-SMA antennas if you want greater distances for remote payload triggering.
Documentation:
https://usbninja.com/help/
Buy online:
๐ Cable https://ali.ski/IjDEv4
๐ Bluetooth Remote https://ali.ski/aVNHh
#usb #badusb #cable
USB Ninja is an information security and penetration testing tool that looks and functions just like a regular USB cable (both power and data) until a wireless remote control triggers it to deliver your choice of attack payload to the host machine. In essence, USB Ninja is the next step in the evolution of BadUSB, embedding the attack in the USB cable itself.
Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection, the USB Ninja is an ideal tool for penetration testers, police and government.
Wireless trigger device for the USB Ninja. Can trigger two different payloads via toggle buttons. Accepts RP-SMA antennas if you want greater distances for remote payload triggering.
Documentation:
https://usbninja.com/help/
Buy online:
๐ Cable https://ali.ski/IjDEv4
๐ Bluetooth Remote https://ali.ski/aVNHh
#usb #badusb #cable
Forwarded from Deadly malware xp
โโPHPGGC
A library of unserialize() payloads along with a tool to generate them, from command line or programmatically.
https://github.com/ambionics/phpggc
A library of unserialize() payloads along with a tool to generate them, from command line or programmatically.
https://github.com/ambionics/phpggc
Forwarded from Deadly malware xp
โโRHM: Robot Hacking Manual
The Robot Hacking Manual (RHM) is an introductory series about cybersecurity for robots, with an attempt to provide comprehensive case studies and step-by-step tutorials with the intent to raise awareness in the field and highlight the importance of taking a security-first1 approach. The material available here is also a personal learning attempt and it's disconnected from any particular organization. Content is provided as is and by no means I encourage or promote the unauthorized tampering of robotic systems or related technologies.
https://github.com/vmayoral/robot_hacking_manual
The Robot Hacking Manual (RHM) is an introductory series about cybersecurity for robots, with an attempt to provide comprehensive case studies and step-by-step tutorials with the intent to raise awareness in the field and highlight the importance of taking a security-first1 approach. The material available here is also a personal learning attempt and it's disconnected from any particular organization. Content is provided as is and by no means I encourage or promote the unauthorized tampering of robotic systems or related technologies.
https://github.com/vmayoral/robot_hacking_manual
Forwarded from Deadly malware xp
โโchatgpt_chinese_prompt_hack
Use prompt hack to bypass OpenAI's content policy restrictions by golfzert
https://github.com/golfzert/chatgpt-chinese-prompt-hack
Use prompt hack to bypass OpenAI's content policy restrictions by golfzert
https://github.com/golfzert/chatgpt-chinese-prompt-hack
Forwarded from Deadly malware xp
โโHacking & Cybersecurity class materials
We are delighted to announce a first on Lawfare: A live online class on hacking and cybersecurity.
https://github.com/lawfareblog/hacking-cybersecurity
We are delighted to announce a first on Lawfare: A live online class on hacking and cybersecurity.
https://github.com/lawfareblog/hacking-cybersecurity
Forwarded from Deadly malware xp
โโhackGPT
OpenAI and #ChatGPT to do hackerish things by NoDataFound
https://github.com/NoDataFound/hackGPT
OpenAI and #ChatGPT to do hackerish things by NoDataFound
https://github.com/NoDataFound/hackGPT
Forwarded from Deadly malware xp
โโBlinside
Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.
https://github.com/CymulateResearch/Blindside
Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.
https://github.com/CymulateResearch/Blindside
Forwarded from Deadly malware xp
โโShellcode Mutator
New tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its โsignatureโ, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious.
https://github.com/nettitude/ShellcodeMutator
Details:
https://labs.nettitude.com/blog/shellcode-source-mutations/
#shellcode #redteam
New tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its โsignatureโ, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious.
https://github.com/nettitude/ShellcodeMutator
Details:
https://labs.nettitude.com/blog/shellcode-source-mutations/
#shellcode #redteam
Forwarded from Deadly malware xp
โโCVE-2022-39253
Docker host file read
https://github.com/ssst0n3/docker-cve-2022-39253-poc
#cve #poc
Docker host file read
https://github.com/ssst0n3/docker-cve-2022-39253-poc
#cve #poc
Forwarded from Deadly malware xp
๐ฅ๐ฅ๐ฅThe GOADโs writeups series end with this part.
๐ฅGOAD - part 12 - Trusts
This post will be on escalation with domain trust (from child to parent domain) and on Forest to Forest trust lateral move.
๐ฅGOAD - part 12 - Trusts
This post will be on escalation with domain trust (from child to parent domain) and on Forest to Forest trust lateral move.