GhostDriver: is a Rust-built AV killer tool using BYOVD
https://github.com/BlackSnufkin/GhostDriver
https://github.com/BlackSnufkin/GhostDriver
CTFCON2023-POC: This report documents a local elevation of privilege vulnerability in Active Directory Certificate Services (AD CS)
https://github.com/wh0amitz/CTFCON2023-POC
https://github.com/wh0amitz/CTFCON2023-POC
Autonomous Hacking of PHP Web Applications at the Bytecode Level
https://finixbit.github.io/posts/autonomous-Hacking-of-PHP-Web-Applications-at-the-Bytecode-Level
https://finixbit.github.io/posts/autonomous-Hacking-of-PHP-Web-Applications-at-the-Bytecode-Level
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100
Owncloud: details about CVE-2023-49103 and CVE-2023-49105
https://www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105
https://www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105
EDR Evasion Techniques Using Syscalls
https://hadess.io/edr-evasion-techniques-using-syscalls
https://hadess.io/edr-evasion-techniques-using-syscalls
SQL Brute Force leads to Bluesky Ransomware
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware
PoCs for Kernel-mode rootkit techniques research
https://github.com/daem0nc0re/VectorKernel
https://github.com/daem0nc0re/VectorKernel
ADOKit: Azure DevOps Services Attack Toolkit
https://github.com/xforcered/ADOKit
https://github.com/xforcered/ADOKit
SharpTokenFinder: A C# implementation of TokenFinder. Enumerates M365 Desktop Office applications for plain text authentication tokens
https://github.com/HuskyHacks/SharpTokenFinder
https://github.com/HuskyHacks/SharpTokenFinder
Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-headers-and-hardcoded-static-strings-2d7bb4e46d64
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-headers-and-hardcoded-static-strings-2d7bb4e46d64
BlueNoroff: new Trojan attacking macOS users
https://securelist.com/bluenoroff-new-macos-malware
https://securelist.com/bluenoroff-new-macos-malware
ownCloud exploits for CVE-2023-49105
https://github.com/ambionics/owncloud-exploits
https://github.com/ambionics/owncloud-exploits
BYOVD: Finding and exploiting process killer drivers with LOL
https://github.com/BlackSnufkin/BYOVD
https://github.com/BlackSnufkin/BYOVD
Virus.xcheck: is a Python tool designed to verify the existence of file hashes in the Virus Exchange database
https://github.com/lewiswigmore/Virus.xcheck
https://github.com/lewiswigmore/Virus.xcheck
Blind CSS Exfiltration: exfiltrate unknown web pages
https://portswigger.net/research/blind-css-exfiltration
https://portswigger.net/research/blind-css-exfiltration
Kali Linux 2023.4 Release
(Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)
https://www.kali.org/blog/kali-linux-2023-4-release
(Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)
https://www.kali.org/blog/kali-linux-2023-4-release
Obfuscator: Native code PE bin2bin obfuscator
https://github.com/es3n1n/obfuscator
https://github.com/es3n1n/obfuscator
Pentest Muse: Building an AI agent that can automate parts of pentesting jobs. This application utilizes advanced algorithms and techniques to simulate penetration testing activities, aiming to streamline and enhance the efficiency of security testing processes
https://github.com/pentestmuse-ai/PentestMuse
https://github.com/pentestmuse-ai/PentestMuse
PDF Upload Leading to Stored XSS
https://medium.com/@katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee
https://medium.com/@katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee