Twitter subdomain XSS + CSRF vulnerability
Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)
https://twitter.com/shoucccc/status/1734802168723734764
Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)
https://twitter.com/shoucccc/status/1734802168723734764
UnlinkDLL: DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
https://github.com/frkngksl/UnlinkDLL
https://github.com/frkngksl/UnlinkDLL
Monarch: is a C2 Framework designed to give implant developers the convenience of integrating with an existing backend, so that more time can be spent creating cutting-edge features and enhancing overall efficiency
https://github.com/pygrum/monarch
https://github.com/pygrum/monarch
CloakQuest3r: is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service
https://github.com/spyboy-productions/CloakQuest3r
https://github.com/spyboy-productions/CloakQuest3r
Security Researcher Note: Cover various security approaches to attack techniques and also provides new discoveries about security breaches
https://github.com/LearningKijo/SecurityResearcher-Note
https://github.com/LearningKijo/SecurityResearcher-Note
FuncIn Unprotect Evasion Technique Demo: This demonstration showcases the utilization of FuncIn evasion technique for spawning a remote shell
https://github.com/Unprotect-Project/FuncInEvasionTechniqueDemo
https://github.com/Unprotect-Project/FuncInEvasionTechniqueDemo
CVE-2023-50164 Apache Struts RCE
https://github.com/jakabakos/CVE-2023-50164-Apache-Struts-RCE
CVE-2023-6553 Exploit V2: Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
https://github.com/Chocapikk/CVE-2023-6553
https://github.com/jakabakos/CVE-2023-50164-Apache-Struts-RCE
CVE-2023-6553 Exploit V2: Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
https://github.com/Chocapikk/CVE-2023-6553
Bluetooth Security Assessment Methodology
https://github.com/TarlogicSecurity/BSAM
https://github.com/TarlogicSecurity/BSAM
Abusing Liftoff assembly and efficiently escaping from sbx
https://retr0.zip/blog/abusing-Liftoff-assembly-and-efficiently-escaping-from-sbx.html
https://retr0.zip/blog/abusing-Liftoff-assembly-and-efficiently-escaping-from-sbx.html
Spamming Microsoft 365 Like It’s 1995
https://www.blackhillsinfosec.com/spamming-microsoft-365-like-its-1995
https://www.blackhillsinfosec.com/spamming-microsoft-365-like-its-1995
Dashboard for Nuclei Results ProjectDiscovery Cloud Platform Integration
https://blog.projectdiscovery.io/dashboard-for-nuclei-results-projectdiscovery-cloud-platform-integration
https://blog.projectdiscovery.io/dashboard-for-nuclei-results-projectdiscovery-cloud-platform-integration
Unravelling the Web: AI’s Tangled Web of Prompt Injection Woes
https://labs.nettitude.com/blog/artificial-intelligence/unravelling-the-web-ais-tangled-web-of-prompt-injection-woes
https://labs.nettitude.com/blog/artificial-intelligence/unravelling-the-web-ais-tangled-web-of-prompt-injection-woes
Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
https://securelist.com/unveiling-nkabuse
https://securelist.com/unveiling-nkabuse
Adcshunter: Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective
https://github.com/danti1988/adcshunter
https://github.com/danti1988/adcshunter
SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
https://gist.github.com/testanull/dac6029d306147e6cc8dce9424d09868
https://gist.github.com/testanull/dac6029d306147e6cc8dce9424d09868
Atlassian Companion RCE Vulnerability Proof of Concept (CVE-2023-22524)
https://github.com/ron-imperva/CVE-2023-22524
https://github.com/ron-imperva/CVE-2023-22524
Observed Exploitation Attempts of Struts 2 S2-066 Vulnerability (CVE-2023-50164)
https://www.akamai.com/blog/security-research/apache-struts-cve-exploitation-attempts
https://www.akamai.com/blog/security-research/apache-struts-cve-exploitation-attempts
MilkBox: PoC of dumping EFI runtime drivers
https://github.com/0x00Alchemist/MilkBox
https://github.com/0x00Alchemist/MilkBox
PEAs: Process Enumeration alternatives that avoid the use of CreateToolhelp32Snapshot, Process32First, Process32Next WinAPIs to enumerate running processes on windows
https://github.com/Bl4ckM1rror/PEAs
https://github.com/Bl4ckM1rror/PEAs
PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record
https://github.com/knight0x07/DarkGate-Install-Script-via-DNS-TXT-Record
https://github.com/knight0x07/DarkGate-Install-Script-via-DNS-TXT-Record
SMTP Smuggling - Spoofing E-Mails Worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide