A simple PoC of injection shellcode into a remote process and get the output using namepipe
https://github.com/MaorSabag/interactive-execute-shellcode
https://github.com/MaorSabag/interactive-execute-shellcode
whats-spoofing: Whatsapp Exploit to spoofing impersonate of reply message
https://github.com/lichti/whats-spoofing
https://github.com/lichti/whats-spoofing
Some tips to earn your first bounty to find XSS,Blind-XSS,SQLI,SSRF,LFI,LOG4J using some handy automation tools
https://medium.com/@Alra3ees/some-tips-to-earn-your-first-bounty-find-xss-blind-xss-sqli-ssrf-lfi-log4j-using-some-handy-tools-2ae31afeae1a
https://medium.com/@Alra3ees/some-tips-to-earn-your-first-bounty-find-xss-blind-xss-sqli-ssrf-lfi-log4j-using-some-handy-tools-2ae31afeae1a
AtlasLdr: Reflective x64 loader implemented using dynamic indirect syscalls
https://github.com/Krypteria/AtlasLdr
https://github.com/Krypteria/AtlasLdr
NotEnough: This tool calculates tricky canonical huffman histogram for CVE-2023-4863
https://github.com/caoweiquan322/NotEnough
https://github.com/caoweiquan322/NotEnough
Useful tools for searching for WebCams, Information Channels and public access Wifi for the collection of information useful for analysis activities
https://github.com/CScorza/OSINTSurveillance
https://github.com/CScorza/OSINTSurveillance
What Are Server-Side Request Forgeries And How To Exploit Them
https://blog.novasec.io/what-are-server-side-request-forgeries-ssrf-and-how-to-exploit-them
https://blog.novasec.io/what-are-server-side-request-forgeries-ssrf-and-how-to-exploit-them
npm search RCE? - Escape Sequence Injection
https://blog.solidsnail.com/posts/npm-esc-seq
https://blog.solidsnail.com/posts/npm-esc-seq
Introducing YARA-Forge
https://cyb3rops.medium.com/introducing-yara-forge-a77cbb77dcab
https://cyb3rops.medium.com/introducing-yara-forge-a77cbb77dcab
Android Banking Trojan Chameleon is Back in Action
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
Windows CLFS and five exploits used by ransomware operators
https://securelist.com/windows-clfs-exploits-ransomware
https://securelist.com/windows-clfs-exploits-ransomware
WAZAWAKA_TLPCLEAR_Report.pdf
16.7 MB
Understanding The Workings of Russian Hacker "Wazawaka"
https://25491742.fs1.hubspotusercontent-eu1.net/hubfs/25491742/WAZAWAKA_TLPCLEAR_Report.pd
https://25491742.fs1.hubspotusercontent-eu1.net/hubfs/25491742/WAZAWAKA_TLPCLEAR_Report.pd
codecave hook: reverse engineering toolkit
https://github.com/byte2mov/codecave-hook
https://github.com/byte2mov/codecave-hook
Just another C2 Redirector using CloudFlare
https://github.com/som3canadian/Cloudflare-Redirector
https://github.com/som3canadian/Cloudflare-Redirector
SharpHIBP: A C# Tool to gather information about email breaches
https://github.com/dmcxblue/SharpHIBP
https://github.com/dmcxblue/SharpHIBP
smtpsmug: Script to help analyze mail servers for SMTP Smuggling vulnerabilities.
https://github.com/hannob/smtpsmug
https://github.com/hannob/smtpsmug
sessionless: TokenSigner is a Burp Suite extension for editing, signing, verifying various signed web tokens
https://github.com/d0ge/sessionless
https://github.com/d0ge/sessionless
AuthLogParser: is a powerful DFIR tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log
https://github.com/YosfanEilay/AuthLogParser
https://github.com/YosfanEilay/AuthLogParser
SSH ProxyCommand == unexpected code execution (CVE-2023-51385)
https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce
https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce