Wishing: Webhook Phishing in Teams
https://www.blackhillsinfosec.com/wishing-webhook-phishing-in-teams
https://www.blackhillsinfosec.com/wishing-webhook-phishing-in-teams
Using Backup Utilities for Data Exfiltration
https://www.huntress.com/blog/using-backup-utilities-for-data-exfiltration
https://www.huntress.com/blog/using-backup-utilities-for-data-exfiltration
A patched Windows attack surface is still exploitable
https://securelist.com/windows-vulnerabilities
https://securelist.com/windows-vulnerabilities
Infected text editors load backdoor into macOS
https://securelist.com/trojanized-text-editor-apps
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma
https://securelist.com/trojanized-text-editor-apps
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma
NoArgs: is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go
https://github.com/oh-az/NoArgs
https://github.com/oh-az/NoArgs
CVE-2024-2432 Palo Alto GlobalProtect EoP
https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP
https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP
SANS Offensive CTF — JavaScript☕::001–004
https://infosecwriteups.com/sans-offensive-ctf-javascript-001-004-8737ad95c617
https://infosecwriteups.com/sans-offensive-ctf-javascript-001-004-8737ad95c617
Unveiling the depths of Residential Proxies providers
https://blog.sekoia.io/unveiling-the-depths-of-residential-proxies-providers
https://blog.sekoia.io/unveiling-the-depths-of-residential-proxies-providers
Program to Inject a DLL into a process from memory
https://github.com/BlackHat-Ashura/Reflective_DLL_Injection
https://github.com/BlackHat-Ashura/Reflective_DLL_Injection
mindgraph: proof of concept prototype for generating and querying against a large knowledge graph with ai
https://github.com/yoheinakajima/mindgraph
https://github.com/yoheinakajima/mindgraph
CVE-2024-21407 PoC: Windows Hyper-V RCE
https://github.com/swagcrafte/CVE-2024-21407-POC
A PoC exploit for CVE-2023-43208 - Mirth Connect RCE
https://github.com/K3ysTr0K3R/CVE-2023-43208-EXPLOIT
https://github.com/swagcrafte/CVE-2024-21407-POC
A PoC exploit for CVE-2023-43208 - Mirth Connect RCE
https://github.com/K3ysTr0K3R/CVE-2023-43208-EXPLOIT
From LDAP injection till System Privileges
https://medium.com/@ippll/from-ldap-injection-till-system-privileges-f0a25fa41b97
https://medium.com/@ippll/from-ldap-injection-till-system-privileges-f0a25fa41b97
Mastering Cyber Threat Intelligence with Obsidian
https://bank-security.medium.com/mastering-cyber-threat-intelligence-with-obsidian-cef6052a0d02
https://bank-security.medium.com/mastering-cyber-threat-intelligence-with-obsidian-cef6052a0d02
Todesstern: A simple mutator engine which focuses on finding unknown classes of injection vulnerabilities
https://github.com/kleiton0x00/Todesstern
https://github.com/kleiton0x00/Todesstern
jsmug: A PoC code for JSON Smuggling technique to smuggle arbitrary files through JSON
https://github.com/xscorp/jsmug
https://github.com/xscorp/jsmug
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
https://github.com/RedefiningReality/Cobalt-Strike
https://github.com/RedefiningReality/Cobalt-Strike
CobaltStrike post-penetration automation chain based on OPSEC
https://github.com/lintstar/CS-AutoPostChain
https://github.com/lintstar/CS-AutoPostChain
Identity Providers for RedTeamers
https://blog.xpnsec.com/identity-providers-redteamers
https://blog.xpnsec.com/identity-providers-redteamers
Overview of GLIBC heap exploitation techniques
https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques
https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques
Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments
https://bishopfox.com/blog/poisoned-pipeline-attack-execution-a-look-at-ci-cd-environments
https://bishopfox.com/blog/poisoned-pipeline-attack-execution-a-look-at-ci-cd-environments