Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100
Owncloud: details about CVE-2023-49103 and CVE-2023-49105
https://www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105
https://www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105
EDR Evasion Techniques Using Syscalls
https://hadess.io/edr-evasion-techniques-using-syscalls
https://hadess.io/edr-evasion-techniques-using-syscalls
SQL Brute Force leads to Bluesky Ransomware
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware
PoCs for Kernel-mode rootkit techniques research
https://github.com/daem0nc0re/VectorKernel
https://github.com/daem0nc0re/VectorKernel
ADOKit: Azure DevOps Services Attack Toolkit
https://github.com/xforcered/ADOKit
https://github.com/xforcered/ADOKit
SharpTokenFinder: A C# implementation of TokenFinder. Enumerates M365 Desktop Office applications for plain text authentication tokens
https://github.com/HuskyHacks/SharpTokenFinder
https://github.com/HuskyHacks/SharpTokenFinder
Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-headers-and-hardcoded-static-strings-2d7bb4e46d64
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-headers-and-hardcoded-static-strings-2d7bb4e46d64
BlueNoroff: new Trojan attacking macOS users
https://securelist.com/bluenoroff-new-macos-malware
https://securelist.com/bluenoroff-new-macos-malware
ownCloud exploits for CVE-2023-49105
https://github.com/ambionics/owncloud-exploits
https://github.com/ambionics/owncloud-exploits
BYOVD: Finding and exploiting process killer drivers with LOL
https://github.com/BlackSnufkin/BYOVD
https://github.com/BlackSnufkin/BYOVD
Virus.xcheck: is a Python tool designed to verify the existence of file hashes in the Virus Exchange database
https://github.com/lewiswigmore/Virus.xcheck
https://github.com/lewiswigmore/Virus.xcheck
Blind CSS Exfiltration: exfiltrate unknown web pages
https://portswigger.net/research/blind-css-exfiltration
https://portswigger.net/research/blind-css-exfiltration
Kali Linux 2023.4 Release
(Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)
https://www.kali.org/blog/kali-linux-2023-4-release
(Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)
https://www.kali.org/blog/kali-linux-2023-4-release
Obfuscator: Native code PE bin2bin obfuscator
https://github.com/es3n1n/obfuscator
https://github.com/es3n1n/obfuscator
Pentest Muse: Building an AI agent that can automate parts of pentesting jobs. This application utilizes advanced algorithms and techniques to simulate penetration testing activities, aiming to streamline and enhance the efficiency of security testing processes
https://github.com/pentestmuse-ai/PentestMuse
https://github.com/pentestmuse-ai/PentestMuse
PDF Upload Leading to Stored XSS
https://medium.com/@katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee
https://medium.com/@katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee
Javascript Analysis to SQL injection
https://melguerdawi.medium.com/javascript-analysis-to-sql-injection-ca763f9c4c4e
https://melguerdawi.medium.com/javascript-analysis-to-sql-injection-ca763f9c4c4e
Rise of Broken Access Control
https://medium.com/@rafinrahmanchy/rise-of-broken-access-control-51356916235f
https://medium.com/@rafinrahmanchy/rise-of-broken-access-control-51356916235f
Critical misconfiguration in Firebase — Bug bounty
https://medium.com/@facu.tha/critical-misconfiguration-in-firebase-e682ec4239d6
https://medium.com/@facu.tha/critical-misconfiguration-in-firebase-e682ec4239d6