CRC32 brute force for dridex network requests. GitHub Gist: instantly share code, notes, and snippets.

Did it happen to you that you wanted to quickly test a Yara rule you created, but you are missing a large enough data set to test your rule against? This is exactly what Yara Scan is designed for. …

Persisting in Outlook using add-ins

CVE-2020–35717 — RCE through XSS in zonote Electron App

Collection about PoC for sql injection on Joomla. Contribute to HoangKien1020/Joomla-SQLinjection development by creating an account on GitHub.

Introduction This blog post details the exploitation process for the vulnerability CVE 2020-15999 in Google Chrome 86.0.4222.0 on Linux. While CVE 2020-15999 is a heap-based buffer overflow in the font-loading library Freetype rather than Chrome proper, its…

Collection of Beacon Object Files. Contribute to ajpc500/BOFs development by creating an account on GitHub.

TA505+ Adversary Simulation. Contribute to fozavci/ta505plus development by creating an account on GitHub.

According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative HTTP server, tracing, stats, and more…

Utilizing Cobalt Strike’s in-memory C capabilities to inject a Beacon implant into a remote process without spawning a remote thread on 64-bit systems.

Buying cheap routers to find vulnerabilities in them

29 files

Let's have a look at a recent kernel local privilege escalation exploit!

Exploit Source: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/
Kernel Developer Walkthrough: https://www.youtube.com/watch?v=LORxdO1XUjY

Syscalls, Kernel vs. User Mode and Linux Kernel…

CVE-2020-36179~82 Jackson-databind SSRF&RCE. Contribute to Al1ex/CVE-2020-36179 development by creating an account on GitHub.