Mobile App Hardening
Against Reverse Engineering

direct download ⬇️
https://github.com/su-vikas/Presentations/raw/main/Sincon2021.MobileAppHardeningRE.pdf

macos / ios #exploit writeup

https://github.com/houjingyi233/macOS-iOS-system-security

#ChopChop is a command-line tool for dynamic application security testing on web applications
https://github.com/michelin/ChopChop

#NTFS_parser for digital forensics & incident response
https://github.com/msuhanov/dfir_ntfs

#TLS_poison A tool that allows for generic SSRF via TLS, as well as CSRF via image tags in most browsers
https://github.com/jmdx/TLS-poison

#EXOCET AV-evading, undetectable, payload delivery tool
https://github.com/tanc7/EXOCET-AV-Evasion

Malicious Command-Line
https://github.com/3CORESec/MAL-CL

A Full-Featured HexEditor compatible with Linux/Windows/MacOS
https://github.com/echo-devim/fhex

#poc CVE-2021-41794 Exploit the Fuzz
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks

#CVE-2021-41228 TensorFlow Python Code Injection: More eval() Woes
https://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes

#poc CVE-2021-37580
https://github.com/fengwenhua/CVE-2021-37580

#Web_Attack Cheat Sheet
https://github.com/riramar/Web-Attack-Cheat-Sheet

Official #Matplotlib Cheat Sheets
https://github.com/matplotlib/cheatsheets

#PowerShell Tools #Red_Team

Small and highly portable detection tests based on MITRE's ATT&CK
https://github.com/redcanaryco/atomic-red-team

PowerSploit A PowerShell Post Exploitation
https://github.com/PowerShellMafia/PowerSploit

obfuscation script designed to bypass AMSI and commercial antivirus solutions
https://github.com/tokyoneon/Chimera

Shellcode implementation of Reflective DLL Injection Convert DLLs to position independent shellcode
https://github.com/monoxgas/sRDI

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
https://github.com/Kevin-Robertson/Inveigh

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
https://github.com/WazeHell/vulnerable-AD

Brutally effective DNS amplification ddos attack tool Can cripple a target machine from a single host. Use with extreme caution

https://github.com/thesc1ent1st/j0lt-ddos-tool

GHSL-2021-1031 Information leak in Qualcomm npu driver - CVE-2021-1969
https://securitylab.github.com/advisories/GHSL-2021-1031-npu

2230 - Linux: UAF read: SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) - project-zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230

Developing GDB Extension for Heap #Exploitation

https://youtube.com/watch?v=tzUrYsQRHfs

A simple, modern and secure #encryption tool (and Go library) with small explicit keys, no config options

https://github.com/FiloSottile/age

Conti Ransomware In Depth Analysis

direct download ⬇️
https://www.prodaft.com/m/reports/Conti_TLPWHITE_v1.6_WVcSEtc.pdf

CVE-2021-42321 Microsoft Exchange Server Post-Auth RCE
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398

Ghost let me Inject OS Commands RCE
https://medium.com/@Hossam.Mesbah/ghost-let-me-inject-os-commands-rce-a6e71e54445d

Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053

Bypass CVE-2021-41379 patch in Windows 11 and Server 2022 with November 2021
https://github.com/klinix5/InstallerFileTakeOver

get SYSTEM via SeImpersonate privileges this project is able to open up a NamedPipe Server, impersonates any user connecting to it
https://github.com/S3cur3Th1sSh1t/MultiPotato

An easy-to-use library for emulating code in minidump files
https://github.com/mrexodia/dumpulator

Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu