VBA: having fun with macros, overwritten pointers & R/W/X memory
https://adepts.of0x.cc/vba-hijack-pointers-rwa
https://adepts.of0x.cc/vba-hijack-pointers-rwa
MutationGate: is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall
https://github.com/senzee1984/MutationGate
https://github.com/senzee1984/MutationGate
A lightweight method to detect potential iOS malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method
iShutdown scripts: extracts, analyzes, and parses Shutdown.log forensic artifact from iOS Sysdiagnose archives
https://github.com/KasperskyLab/iShutdown
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method
iShutdown scripts: extracts, analyzes, and parses Shutdown.log forensic artifact from iOS Sysdiagnose archives
https://github.com/KasperskyLab/iShutdown
Hunting down the HVCI bug in UEFI
https://tandasat.github.io/blog/2024/01/15/CVE-2024-21305
https://tandasat.github.io/blog/2024/01/15/CVE-2024-21305
Lateral Movement – Visual Studio DTE
https://pentestlab.blog/2024/01/15/lateral-movement-visual-studio-dte
https://pentestlab.blog/2024/01/15/lateral-movement-visual-studio-dte
Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript
https://buer.haus/2024/01/16/reversing-and-tooling-a-signed-request-hash-in-obfuscated-javascript
https://buer.haus/2024/01/16/reversing-and-tooling-a-signed-request-hash-in-obfuscated-javascript
LOTL: This is a fileless living off the land reverse shell written in JScript and Powershell script
https://github.com/Null-byte-00/LOTL
https://github.com/Null-byte-00/LOTL
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time
https://github.com/janoglezcampos/llvm-yx-callobfuscator
https://github.com/janoglezcampos/llvm-yx-callobfuscator
Phishing using Google Sheets for Red Team Engagements
https://infosecwriteups.com/phishing-using-google-sheets-for-red-team-engagements-ac79298ddb90
https://infosecwriteups.com/phishing-using-google-sheets-for-red-team-engagements-ac79298ddb90
Dark web threats and dark market predictions for 2024
https://securelist.com/darknet-predictions-for-2024
https://securelist.com/darknet-predictions-for-2024
Cobalt Strike Profiles for EDR Evasion + SourcePoint is a C2 profile generator for Cobalt Strike
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion
Yet another C++ Cobalt Strike beacon dropper with Ntdll unhooking, PPID spoofing and custom Process hollowing
https://github.com/ProcessusT/Venoma
https://github.com/ProcessusT/Venoma
F31: is a bash script that hardens your Kali Linux and allows you to minimize noise in the air
https://github.com/wearecaster/F31
https://github.com/wearecaster/F31
Evil-M5Core2: is an innovative tool developed for ethical testing and exploration of WiFi networks
https://github.com/7h30th3r0n3/Evil-M5Core2
https://github.com/7h30th3r0n3/Evil-M5Core2
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
LiesGate: The idea came from an interesting project called MutationGate
In summary, the LiesGate code demonstrates advanced techniques related to system function manipulation, memory permission alterations, and execution context manipulation in a Windows environment, applicable in scenarios like reverse engineering, debugging, security testing, or malware development
https://github.com/CyberSecurityUP/LiesGate
In summary, the LiesGate code demonstrates advanced techniques related to system function manipulation, memory permission alterations, and execution context manipulation in a Windows environment, applicable in scenarios like reverse engineering, debugging, security testing, or malware development
https://github.com/CyberSecurityUP/LiesGate
Calling Home, Get Your Callbacks Through RBI
https://posts.specterops.io/calling-home-get-your-callbacks-through-rbi-50633a233999
https://posts.specterops.io/calling-home-get-your-callbacks-through-rbi-50633a233999
How I passed the Intigriti 0124 Challenge
https://medium.com/@rodriguezjorgex/how-i-passed-the-intigriti-0124-challenge-b6c2d1cd1b7b
https://medium.com/@rodriguezjorgex/how-i-passed-the-intigriti-0124-challenge-b6c2d1cd1b7b
This repository contains proof-of-concept scripts for CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230 Bluetooth vulnerabilities in Android, Linux, macOS, iOS and Windows can be exploited to pair an emulated Bluetooth keyboard and inject keystrokes without user confirmation
https://github.com/marcnewlin/hi_my_name_is_keyboard
https://github.com/marcnewlin/hi_my_name_is_keyboard
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution
https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution
https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution
Security Brief: TA866 Returns with a Large Email Campaign
https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign
Parrot TDS: A Persistent and Evolving Malware Campaign
https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign
Parrot TDS: A Persistent and Evolving Malware Campaign
https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers