TinyTurla-NG in-depth tooling and command and control analysis
https://blog.talosintelligence.com/tinyturla-ng-tooling-and-c2
https://blog.talosintelligence.com/tinyturla-ng-tooling-and-c2
Shelter: is a completely weaponized sleep obfuscation technique that allows to fully encrypt your in-memory payload making an extensive use of ROP
https://github.com/Kudaes/Shelter
https://github.com/Kudaes/Shelter
AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response
https://github.com/RandomRobbieBF/CVE-2023-5204
TP-Link NCXXX Authentication Bypass
https://ssd-disclosure.com/ssd-advisory-tp-link-ncxxx-authentication-bypass
https://github.com/RandomRobbieBF/CVE-2023-5204
TP-Link NCXXX Authentication Bypass
https://ssd-disclosure.com/ssd-advisory-tp-link-ncxxx-authentication-bypass
CLRInjector: A PoC .NET-specific process injection tool
https://github.com/bananabr/CLRInjector
https://github.com/bananabr/CLRInjector
EPSS (Exploit Prediction Scoring System) is a framework used to assess the likelihood of a vulnerability being exploited
https://github.com/KaanSK/go-epss
https://github.com/KaanSK/go-epss
Hello Lucee! Let us hack Apple again?
https://blog.projectdiscovery.io/hello-lucee-let-us-hack-apple-again
https://blog.projectdiscovery.io/hello-lucee-let-us-hack-apple-again
LockBit Attempts to Stay Afloat With a New Version
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version
This repository contains Resources for malware development using Rust
https://github.com/Whitecat18/Rust-for-Malware-Development
https://github.com/Whitecat18/Rust-for-Malware-Development
Chunking CobaltStrike Payloads + Jump Method
https://github.com/DamonMohammadbagher/NativePayload_LocalCreateThread7
https://github.com/DamonMohammadbagher/NativePayload_LocalCreateThread7
ADCSCoercePotato: Yet another technique for coercing machine authentication but specific for ADCS server
https://github.com/decoder-it/ADCSCoercePotato
https://github.com/decoder-it/ADCSCoercePotato
A handy tool to explore various string encoding
https://github.com/unixzii/StringExplorer
https://github.com/unixzii/StringExplorer
Unveiling custom packers: A comprehensive guide
https://estr3llas.github.io/unveiling-custom-packers-a-comprehensive-guide
https://estr3llas.github.io/unveiling-custom-packers-a-comprehensive-guide
I took over 10 Million Accounts, Easy API Hacking
https://ravaan21.medium.com/i-took-over-10-million-accounts-easy-api-hacking-89a7092abe40
https://ravaan21.medium.com/i-took-over-10-million-accounts-easy-api-hacking-89a7092abe40
Open a link, and your Wi-Fi password is changed
https://medium.com/@deadoverflow/open-a-link-and-your-wi-fi-password-is-changed-7c47ccb4d095
https://medium.com/@deadoverflow/open-a-link-and-your-wi-fi-password-is-changed-7c47ccb4d095
Bypass Rate Limits on authentication endpoints like a pro………!
https://medium.com/@a13h1/bypass-rate-limits-on-authentication-endpoints-like-a-pro-2054460a43c0
https://medium.com/@a13h1/bypass-rate-limits-on-authentication-endpoints-like-a-pro-2054460a43c0
SCCM Hierarchy Takeover with High Availability
https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
An educational robot security research
https://securelist.com/smart-robot-security-research
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor
Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT
https://blog.morphisec.com/unveiling-uac-0184-the-remcos-rat-steganography-saga
https://securelist.com/smart-robot-security-research
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor
Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT
https://blog.morphisec.com/unveiling-uac-0184-the-remcos-rat-steganography-saga
Common ADCS Vulnerabilities: Logging, Exploitation, and Investigation - Part 2
https://labs.lares.com/adcs-exploits-investigations-pt2
https://labs.lares.com/adcs-exploits-investigations-pt2
Weaponization of Token Theft – A Red Team Perspective
https://trustedsec.com/blog/weaponization-of-token-theft-a-red-team-perspective
https://trustedsec.com/blog/weaponization-of-token-theft-a-red-team-perspective
DigitalOcean OpenVPN/SOCKS for Burp Suite
https://github.com/honoki/burp-digitalocean-droplet-openvpn
https://github.com/honoki/burp-digitalocean-droplet-openvpn