A PowerShell script to identify indicators of exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865 - soteria-security/HAFNIUM-IOC

Collection of methodology and test case for various web vulnerabilities. - KathanP19/HowToHunt

Often users shorten URLS that should remain private. It’s common for pentesters to search for sensitive urls through Shortened URLs …

We’ve discovered neurons in CLIP that respond to the same concept whether presented literally, symbolically, or conceptually. This may explain CLIP’s accuracy in classifying surprising visual renditions of concepts, and is also an important step toward understanding…

SSRF to TCP Port Scanning, Banner and Private IP Disclosure by abusing the FTP protocol/clients - GitHub - vp777/surferFTP: SSRF to TCP Port Scanning, Banner and Private IP Disclosure by abusing th...

In this video walkthrough, we went over the recent Microsoft exchange vulnerability namely CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 or the Hafnium Zero Day, and demonstrated how to test and patch them.
--
The summary with supporting…

Dalfox is a fast, powerful parameter analysis and XSS scanner based on a DOM parser. Other than finding XSS it also has additional features that test for sqli,ssti,open-redirects. It is capable of finding reflected, stored,

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). - dwisiswant0/proxylo...

PayloadBox

Repository for information about 0-days exploited in-the-wild. - googleprojectzero/0days-in-the-wild

Contribute to h4x0r-dz/CVE-2021-26855 development by creating an account on GitHub.

Introduction In recent weeks, Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in a ubiquitous global attack. ProxyLogon is the name given to CVE-2021-26855, a vulnerability on Microsoft…

Metasploit Post-Exploitation Gather module for Exchange Server - sophoslabs/metasploit_gather_exchange

Over the years of penetration testing, red teaming, and teaching, I (and I’m sure a lot of others) are often asked how to get started in infosec. More specifically, how to become a pentester/…

Last update: November 3rd, 2021
Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz sections. Fixed some whoopsies as well 🙃.
Updated June…