An educational robot security research
https://securelist.com/smart-robot-security-research
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor
Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT
https://blog.morphisec.com/unveiling-uac-0184-the-remcos-rat-steganography-saga
https://securelist.com/smart-robot-security-research
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor
Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT
https://blog.morphisec.com/unveiling-uac-0184-the-remcos-rat-steganography-saga
Common ADCS Vulnerabilities: Logging, Exploitation, and Investigation - Part 2
https://labs.lares.com/adcs-exploits-investigations-pt2
https://labs.lares.com/adcs-exploits-investigations-pt2
Weaponization of Token Theft – A Red Team Perspective
https://trustedsec.com/blog/weaponization-of-token-theft-a-red-team-perspective
https://trustedsec.com/blog/weaponization-of-token-theft-a-red-team-perspective
DigitalOcean OpenVPN/SOCKS for Burp Suite
https://github.com/honoki/burp-digitalocean-droplet-openvpn
https://github.com/honoki/burp-digitalocean-droplet-openvpn
Script to dump emails through Microsoft Graph API. it also include another script to push a file on the Azure tenant
https://github.com/Mr-Un1k0d3r/MsGraphFunzy
https://github.com/Mr-Un1k0d3r/MsGraphFunzy
Hacking Terraform State for Privilege Escalation
https://blog.plerion.com/hacking-terraform-state-privilege-escalation
https://blog.plerion.com/hacking-terraform-state-privilege-escalation
Leaking ObjRefs to Exploit HTTP .NET Remoting
https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting
https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting
AndroidSuperInject: Injecting into SELinux-protected system service processes under root on Android
https://github.com/cs1ime/AndroidSuperInject
https://github.com/cs1ime/AndroidSuperInject
Xeno-RAT: is an open-source remote access tool (RAT) developed in C#, providing a comprehensive set of features for remote system management. Has features such as HVNC, live microphone, reverse proxy, and much more!
https://github.com/moom825/xeno-rat
https://github.com/moom825/xeno-rat
ADCS ESC14 Abuse Technique
https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9
https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9
Navigating the Cloud: Exploring Lateral Movement Techniques
https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques
https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques
Real profit
Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM) https://github.com/EvilGreys/Disable-Windows-Defender-
Disable Windows Defender
(+ UAC Bypass, + Upgrade to SYSTEM)
https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system
(+ UAC Bypass, + Upgrade to SYSTEM)
https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system
How to make a Keylogger Payload Undectatable
https://medium.com/@Scofield_Idehen/how-to-make-a-keylogger-payload-undectatable-99840e404d45
https://medium.com/@Scofield_Idehen/how-to-make-a-keylogger-payload-undectatable-99840e404d45
OffensiveLAM: A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or BRC4
https://github.com/vysecurity/OffensiveLAM
https://github.com/vysecurity/OffensiveLAM
Exploiting CSP Wildcards for Google Domains
https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google
https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google
The Art of Domain Deception: Bifrost's New Tactic to Deceive Users
https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware
https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware
LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities
https://github.com/sea-erkin/log-snare
https://github.com/sea-erkin/log-snare
SharpLansweeperDecrypt:
Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance
https://github.com/Yeeb1/SharpLansweeperDecrypt
Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance
https://github.com/Yeeb1/SharpLansweeperDecrypt
Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIs
https://github.com/referefref/gitdoorcheck
How To Hunt For UEFI Malware Using Velociraptor
https://www.rapid7.com/blog/post/2024/02/29/how-to-hunt-for-uefi-malware-using-velociraptor
https://github.com/referefref/gitdoorcheck
How To Hunt For UEFI Malware Using Velociraptor
https://www.rapid7.com/blog/post/2024/02/29/how-to-hunt-for-uefi-malware-using-velociraptor