Sorting out some key system #vulnerabilities that are vulnerable to attack in the #Red_Team
https://github.com/r0eXpeR/redteam_vul
C# Script used for #Red_Team, These binaries can be used by Cobalt Strike execute-assembly or as standalone executable
https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts
Official #Black_Hat Arsenal Security Tools Repository
https://github.com/toolswatch/blackhat-arsenal-tools
All about #Bug_Bounty (bypasses, payloads, and etc)
https://github.com/daffainfo/AllAboutBugBounty
A collection of several hundred online tools for #OSINT
https://github.com/cipher387/osint_stuff_tool_collection
https://github.com/r0eXpeR/redteam_vul
C# Script used for #Red_Team, These binaries can be used by Cobalt Strike execute-assembly or as standalone executable
https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts
Official #Black_Hat Arsenal Security Tools Repository
https://github.com/toolswatch/blackhat-arsenal-tools
All about #Bug_Bounty (bypasses, payloads, and etc)
https://github.com/daffainfo/AllAboutBugBounty
A collection of several hundred online tools for #OSINT
https://github.com/cipher387/osint_stuff_tool_collection
Execute ELF files without dropping them on disk
https://github.com/nnsee/fileless-elf-exec
A Beacon Object File that creates a minidump of the LSASS process
https://github.com/helpsystems/nanodump
#EHole is a tool for fingerprint identification of key systems in assets. In red team operations
https://github.com/EdgeSecurityTeam/EHole
#CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions
https://github.com/iangcarroll/cookiemonster
#RollerScanner Fast Port Scanner Written On Python
https://github.com/MajorRaccoon/RollerScanner
https://github.com/nnsee/fileless-elf-exec
A Beacon Object File that creates a minidump of the LSASS process
https://github.com/helpsystems/nanodump
#EHole is a tool for fingerprint identification of key systems in assets. In red team operations
https://github.com/EdgeSecurityTeam/EHole
#CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions
https://github.com/iangcarroll/cookiemonster
#RollerScanner Fast Port Scanner Written On Python
https://github.com/MajorRaccoon/RollerScanner
Advanced Exploitation of Simple Bugs.pdf
8.5 MB
Advanced Exploitation of Simple Bugs A Parallels Desktop Case Study ( Pwn2Own2021 )
direct download ⬇️
https://zerodayengineering.com/projects/slides/ZDE2021_AdvancedSimplePwn2Own2021.pdf
direct download ⬇️
https://zerodayengineering.com/projects/slides/ZDE2021_AdvancedSimplePwn2Own2021.pdf
Mobile Malware Mimicking Framework.pdf
762.9 KB
Mobile Malware Mimicking
Framework
BlackHat Europe 2021
Framework
BlackHat Europe 2021
#poc CVE-2021-41351 Microsoft Edge (Chrome based) Spoofing on IE Mode
https://github.com/JaneMandy/CVE-2021-41351-POC
Week in review : Critical RCE in Palo Alto Networks firewalls, how to select a DRaaS solution
https://www.helpnetsecurity.com/2021/11/14/week-in-review-critical-rce-in-palo-alto-networks-firewalls-how-to-select-a-draas-solution
https://github.com/JaneMandy/CVE-2021-41351-POC
Week in review : Critical RCE in Palo Alto Networks firewalls, how to select a DRaaS solution
https://www.helpnetsecurity.com/2021/11/14/week-in-review-critical-rce-in-palo-alto-networks-firewalls-how-to-select-a-draas-solution
Sincon2021_MobileAppHardeningRE.pdf
1.8 MB
Mobile App Hardening
Against Reverse Engineering
direct download ⬇️
https://github.com/su-vikas/Presentations/raw/main/Sincon2021.MobileAppHardeningRE.pdf
Against Reverse Engineering
direct download ⬇️
https://github.com/su-vikas/Presentations/raw/main/Sincon2021.MobileAppHardeningRE.pdf
#ChopChop is a command-line tool for dynamic application security testing on web applications
https://github.com/michelin/ChopChop
#NTFS_parser for digital forensics & incident response
https://github.com/msuhanov/dfir_ntfs
https://github.com/michelin/ChopChop
#NTFS_parser for digital forensics & incident response
https://github.com/msuhanov/dfir_ntfs
#TLS_poison A tool that allows for generic SSRF via TLS, as well as CSRF via image tags in most browsers
https://github.com/jmdx/TLS-poison
#EXOCET AV-evading, undetectable, payload delivery tool
https://github.com/tanc7/EXOCET-AV-Evasion
https://github.com/jmdx/TLS-poison
#EXOCET AV-evading, undetectable, payload delivery tool
https://github.com/tanc7/EXOCET-AV-Evasion
Malicious Command-Line
https://github.com/3CORESec/MAL-CL
A Full-Featured HexEditor compatible with Linux/Windows/MacOS
https://github.com/echo-devim/fhex
https://github.com/3CORESec/MAL-CL
A Full-Featured HexEditor compatible with Linux/Windows/MacOS
https://github.com/echo-devim/fhex
#poc CVE-2021-41794 Exploit the Fuzz
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks
#CVE-2021-41228 TensorFlow Python Code Injection: More eval() Woes
https://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes
#poc CVE-2021-37580
https://github.com/fengwenhua/CVE-2021-37580
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks
#CVE-2021-41228 TensorFlow Python Code Injection: More eval() Woes
https://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes
#poc CVE-2021-37580
https://github.com/fengwenhua/CVE-2021-37580
#Web_Attack Cheat Sheet
https://github.com/riramar/Web-Attack-Cheat-Sheet
Official #Matplotlib Cheat Sheets
https://github.com/matplotlib/cheatsheets
https://github.com/riramar/Web-Attack-Cheat-Sheet
Official #Matplotlib Cheat Sheets
https://github.com/matplotlib/cheatsheets
#PowerShell Tools #Red_Team
Small and highly portable detection tests based on MITRE's ATT&CK
https://github.com/redcanaryco/atomic-red-team
PowerSploit A PowerShell Post Exploitation
https://github.com/PowerShellMafia/PowerSploit
obfuscation script designed to bypass AMSI and commercial antivirus solutions
https://github.com/tokyoneon/Chimera
Shellcode implementation of Reflective DLL Injection Convert DLLs to position independent shellcode
https://github.com/monoxgas/sRDI
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
https://github.com/Kevin-Robertson/Inveigh
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
https://github.com/WazeHell/vulnerable-AD
Small and highly portable detection tests based on MITRE's ATT&CK
https://github.com/redcanaryco/atomic-red-team
PowerSploit A PowerShell Post Exploitation
https://github.com/PowerShellMafia/PowerSploit
obfuscation script designed to bypass AMSI and commercial antivirus solutions
https://github.com/tokyoneon/Chimera
Shellcode implementation of Reflective DLL Injection Convert DLLs to position independent shellcode
https://github.com/monoxgas/sRDI
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
https://github.com/Kevin-Robertson/Inveigh
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
https://github.com/WazeHell/vulnerable-AD
Brutally effective DNS amplification ddos attack tool Can cripple a target machine from a single host. Use with extreme caution
https://github.com/thesc1ent1st/j0lt-ddos-tool
https://github.com/thesc1ent1st/j0lt-ddos-tool
GHSL-2021-1031 Information leak in Qualcomm npu driver - CVE-2021-1969
https://securitylab.github.com/advisories/GHSL-2021-1031-npu
2230 - Linux: UAF read: SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) - project-zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
https://securitylab.github.com/advisories/GHSL-2021-1031-npu
2230 - Linux: UAF read: SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) - project-zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
A simple, modern and secure #encryption tool (and Go library) with small explicit keys, no config options
https://github.com/FiloSottile/age
https://github.com/FiloSottile/age