The Engineers Online Portal System

#CVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system
https://github.com/TheHackingRabbi/CVE-2021-42662

#CVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system
https://github.com/TheHackingRabbi/CVE-2021-42663

#CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system
https://github.com/TheHackingRabbi/CVE-2021-42664

#CVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system
https://github.com/TheHackingRabbi/CVE-2021-42665

#CVE-2021-42666 - SQL Injection vulnerability in the Engineers online portal system
https://github.com/TheHackingRabbi/CVE-2021-42666

#CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system
https://github.com/TheHackingRabbi/CVE-2021-42667

#RSA attack tool ( mainly for ctf ) retreive private key from weak public key and / or uncipher data

https://github.com/Ganapati/RsaCtfTool

#tor_rootkit Standalone executables for Windows and Linux, including python interpreter and tor
the whole communication works over tor hidden services which guarantees some degree of anonymity, The Listener can handle multiple clients
and generates payloads for different platforms on startup

https://github.com/emcruise/tor-rootkit

#CVE-2021-38001 #chrome #exploit
#poc CVE-2021-38001 tested on macOS exploit has super dependent for my macOS d8 environment
https://github.com/vngkv123/aSiagaming/tree/master/Chrome-v8-1260577

the first part of a series on the chrome browser and its javascript engine v8
https://seal9055.com/blog/browser/browser/chrome_browser_architecture

#Exploit for #CVE-2021-40449
Win32k Elevation
https://github.com/Kristal-g/CVE-2021-40449_poc

#poc for #CVE-2021-36799
ETS5 Password Recovery
https://github.com/robertguetzkow/ets5-password-recovery

A sample #poc for #CVE-2021-30657
affecting MacOS
https://github.com/shubham0d/CVE-2021-30657

#Exploitation code for #CVE-2021-40539
Zoho ManageEngine ADSelfService Plus
https://github.com/synacktiv/CVE-2021-40539

VMWARE VCENTER SERVER VIRTUAL SAN HEALTH CHECK PLUG-IN RCE #CVE-2021-21985
https://github.com/sknux/CVE-2021-21985_PoC

Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs
https://github.com/joernio/joern

#ExcelPeek is a tool designed to help investigate potentially malicious Microsoft Excel files
https://github.com/slaughterjames/excelpeek

REvil domain is back online
with a message .. .
" They are not the masters they think they are
We have the skills and experience
Do you want to be with the most qualified or losers ?

#cybersecurity #infosec #resources
A list of helpful infosec resources

https://github.com/stong/infosec-resources

Summary of some offensive #vulnerabilities from mainstream vendors

https://github.com/r0eXpeR/supplier

#natpass A new generation of NAT intranet penetration tool, support tcp tunnel, shell tunnel

https://github.com/lwch/natpass

#Hardentools simply reduces the attack surface on Microsoft Windows by disabling low-hanging fruit risky features
https://github.com/securitywithoutborders/hardentools

#RPC_Firewall to audit all remote RPC calls. Once executing any remote attack tools, you will see which RPC UUIDs and Opnums were called remotely
https://github.com/zeronetworks/rpcfirewall

the invisible #javaScript #backdoor
https://certitude.consulting/blog/en/invisible-backdoor/

#Trojan_Source invisible vulnerabilities
https://github.com/nickboucher/trojan-source

A Zeek package to detect #CVE-2021-42292, a Microsoft Excel local privilege escalation #exploit

https://github.com/corelight/CVE-2021-42292#detection-method

Attacks on ETW Blind EDR
BlackHat Europe
10 November 2021

direct download ⬇️
https://i.blackhat.com/EU-21/Wednesday/EU-21-Teodorescu-Veni-No-Vidi-No-Vici-Attacks-On-ETW-Blind-EDRs.pdf

وإن الحوائج لتُقضى
بكثرة الصلاة على النبي مُحمّد ﷺ ❤