We’ve discovered neurons in CLIP that respond to the same concept whether presented literally, symbolically, or conceptually. This may explain CLIP’s accuracy in classifying surprising visual renditions of concepts, and is also an important step toward understanding…

SSRF to TCP Port Scanning, Banner and Private IP Disclosure by abusing the FTP protocol/clients - GitHub - vp777/surferFTP: SSRF to TCP Port Scanning, Banner and Private IP Disclosure by abusing th...

In this video walkthrough, we went over the recent Microsoft exchange vulnerability namely CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 or the Hafnium Zero Day, and demonstrated how to test and patch them.
--
The summary with supporting…

Dalfox is a fast, powerful parameter analysis and XSS scanner based on a DOM parser. Other than finding XSS it also has additional features that test for sqli,ssti,open-redirects. It is capable of finding reflected, stored,

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). - dwisiswant0/proxylo...

PayloadBox

Repository for information about 0-days exploited in-the-wild. - googleprojectzero/0days-in-the-wild

Contribute to h4x0r-dz/CVE-2021-26855 development by creating an account on GitHub.

Introduction In recent weeks, Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in a ubiquitous global attack. ProxyLogon is the name given to CVE-2021-26855, a vulnerability on Microsoft…

Metasploit Post-Exploitation Gather module for Exchange Server - sophoslabs/metasploit_gather_exchange

Over the years of penetration testing, red teaming, and teaching, I (and I’m sure a lot of others) are often asked how to get started in infosec. More specifically, how to become a pentester/…

Last update: November 3rd, 2021
Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz sections. Fixed some whoopsies as well 🙃.
Updated June…

Read more on this initial access vector:
https://medium.com/@riffsandhacks/use-an-office-macro-to-download-and-execute-a-payload-red-team-tips-ddbc7cc1a99

The content in this video is purely for educational purposes only, the techniques shown here should…

Shadrak is a script to generate decompression bomb in various formats.

647 files

In this video walkthrough, we analyzed a pcap capture file with Wireshark looking for indicators of compromise with the Hacintor Malware---------Pcap file so...

  Introduction Dusting off a few new (old) vulns Have you ever been casually perusing the source code of the Linux kernel and thought to ...