Social Media OSINT Tools Collection
https://github.com/osintambition/Social-Media-OSINT-Tools-Collection
https://github.com/osintambition/Social-Media-OSINT-Tools-Collection
Data-bouncing - New Exfil and C2 Technique
https://thecontractor.io/data-bouncing
https://thecontractor.io/data-bouncing
Bypassing an Admin Panel with SQL Injection
https://medium.com/@medz20876/blog-post-bypassing-an-admin-panel-with-sql-injection-20b844442711
https://medium.com/@medz20876/blog-post-bypassing-an-admin-panel-with-sql-injection-20b844442711
Abusing Entra ID Misconfigurations to Bypass MFA
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-entra-id-misconfigurations-to-bypass-mfa
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-entra-id-misconfigurations-to-bypass-mfa
DFIR Resources: A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more
https://github.com/cyb3rmik3/MDE-DFIR-Resources
https://github.com/cyb3rmik3/MDE-DFIR-Resources
Android Security Exploits YouTube Curriculum: A curated list of modern Android exploitation conference talks
https://github.com/actuator/Android-Security-Exploits-YouTube-Curriculum
https://github.com/actuator/Android-Security-Exploits-YouTube-Curriculum
Breaking Barriers: Unmasking the Easy Password Validation Bypass in Security Key Registration | How a Dumb Frontend Led to 750 $ Bounty
https://thecyberneh.medium.com/breaking-barriers-unmasking-the-easy-password-validation-bypass-in-security-key-registration-4cb0d8103a93
https://thecyberneh.medium.com/breaking-barriers-unmasking-the-easy-password-validation-bypass-in-security-key-registration-4cb0d8103a93
Use Wasm to Bypass Latest Chrome v8sbx Again
https://medium.com/@numencyberlabs/use-wasm-to-bypass-latest-chrome-v8sbx-again-639c4c05b157
https://medium.com/@numencyberlabs/use-wasm-to-bypass-latest-chrome-v8sbx-again-639c4c05b157
Phishing With Dynamite
https://medium.com/@fakasler/phishing-with-dynamite-7d33d8fac038
https://medium.com/@fakasler/phishing-with-dynamite-7d33d8fac038
ladder: Alternative to 12ft•io. Bypass paywalls with a proxy ladder and remove CORS headers from any URL
https://github.com/kubero-dev/ladder
https://github.com/kubero-dev/ladder
No-Consolation: A BOF that runs unmanaged PEs inline
https://github.com/fortra/No-Consolation
https://github.com/fortra/No-Consolation
LdrLibraryEx: A small x64 library to load dll's into memory
https://github.com/Cracked5pider/LdrLibraryEx
https://github.com/Cracked5pider/LdrLibraryEx
Fuzzer Development: The Soul of a New Machine
https://h0mbre.github.io/New_Fuzzer_Project
Source Code:
https://github.com/h0mbre/Lucid
https://h0mbre.github.io/New_Fuzzer_Project
Source Code:
https://github.com/h0mbre/Lucid
Persistence – Windows Telemetry
https://pentestlab.blog/2023/11/06/persistence-windows-telemetry
https://pentestlab.blog/2023/11/06/persistence-windows-telemetry
Bypassing Android 13 Restrictions with SecuriDropper
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Nuclei templates for honeypots detection
https://github.com/UnaPibaGeek/honeypots-detection
https://github.com/UnaPibaGeek/honeypots-detection
SharpVeeamDecryptor: Decrypt Veeam database passwords
https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor
https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor
WolfPack: combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale
https://github.com/RoseSecurity-Research/WolfPack
https://github.com/RoseSecurity-Research/WolfPack
teams_dump: PoC for dumping and decrypting cookies in the latest version of Microsoft Teams
https://github.com/byinarie/teams_dump
https://github.com/byinarie/teams_dump
DuckDuckC2: A proof-of-concept C2 channel through DuckDuckGo's image proxy service
https://github.com/nopcorn/DuckDuckC2
https://github.com/nopcorn/DuckDuckC2