How I Found Multiple XSS Vulnerabilities Using Unknown Techniques
https://infosecwriteups.com/how-i-found-multiple-xss-vulnerabilities-using-unknown-techniques-74f8e705ea0d
https://infosecwriteups.com/how-i-found-multiple-xss-vulnerabilities-using-unknown-techniques-74f8e705ea0d
How to Make Nmap Recognize New Services
https://shufflingbytes.com/posts/how-to-make-nmap-recognize-new-services
https://shufflingbytes.com/posts/how-to-make-nmap-recognize-new-services
Reverse Engineering Protobuf Definitions From Compiled Binaries
https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries
https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries
SharpThief: Steal a file's icon, resource information, version information, modification time, and digital signature with one click to reduce program entropy
https://github.com/INotGreen/SharpThief
https://github.com/INotGreen/SharpThief
Persistence – Explorer
https://pentestlab.blog/2024/03/05/persistence-explorer
List of 39 Documented Windows Persistence Techniques
https://pentestlab.blog/methodologies/red-teaming/persistence
https://pentestlab.blog/2024/03/05/persistence-explorer
List of 39 Documented Windows Persistence Techniques
https://pentestlab.blog/methodologies/red-teaming/persistence
Using form hijacking to bypass CSP
https://portswigger.net/research/using-form-hijacking-to-bypass-csp
https://portswigger.net/research/using-form-hijacking-to-bypass-csp
Smishing with EvilGophish
https://fin3ss3g0d.net/index.php/2024/03/04/smishing-with-evilgophish
https://fin3ss3g0d.net/index.php/2024/03/04/smishing-with-evilgophish
Network tunneling with… QEMU?
https://securelist.com/network-tunneling-with-qemu
https://securelist.com/network-tunneling-with-qemu
Cybersecurity threatscape: Q4 2023
https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2023-q4
https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2023-q4
TA577’s Unusual Attack Chain Leads to NTLM Data Theft
https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft
https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft
FuncAddressPro: demonstrates a sophisticated method of using an external assembly file to dynamically retrieve function addresses, serving as an advanced alternative to the standard GetProcAddress
https://github.com/WKL-Sec/FuncAddressPro
https://github.com/WKL-Sec/FuncAddressPro
Hijacking & Spoofing Context Menu Options
https://mrd0x.com/sentinelone-persistence-via-menu-context
https://mrd0x.com/sentinelone-persistence-via-menu-context
Code injection on Android without ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
P/Invoke definitions from the now offline pinvoke•net
https://github.com/ricardojoserf/p-invoke.net
The Gitbook: https://www.p-invoke.net
https://github.com/ricardojoserf/p-invoke.net
The Gitbook: https://www.p-invoke.net
DefenderYara: Extracted Yara rules from Windows Defender mpavbase and mpasbase
https://github.com/roadwy/DefenderYara
https://github.com/roadwy/DefenderYara
UAC-0050, Cracking The DaVinci Code
https://blog.bushidotoken.net/2024/03/tracking-adversaries-uac-0050-cracking.html
https://blog.bushidotoken.net/2024/03/tracking-adversaries-uac-0050-cracking.html
ByassX: The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously
https://github.com/vulnableone/BypassX
https://github.com/vulnableone/BypassX
IndicatorOfCanary: is a collection of PoCs from research on identifying canaries in various file formats
https://github.com/HackingLZ/IndicatorOfCanary
https://github.com/HackingLZ/IndicatorOfCanary
pgAdmin (<=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE)
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce
MacOs Malware Dev
https://0xf00sec.github.io/2024/03/09/MacOs-X
OSX-Injection:
https://github.com/0xf00sec/OSX-Injection
https://0xf00sec.github.io/2024/03/09/MacOs-X
OSX-Injection:
https://github.com/0xf00sec/OSX-Injection
EquationToolsGUI: scan and verify MS17-010, MS09-050, MS08-067 vulnerabilities
https://github.com/abc123info/EquationToolsGUI
https://github.com/abc123info/EquationToolsGUI