#poc CVE-2021-41794 Exploit the Fuzz
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks
#CVE-2021-41228 TensorFlow Python Code Injection: More eval() Woes
https://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes
#poc CVE-2021-37580
https://github.com/fengwenhua/CVE-2021-37580
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks
#CVE-2021-41228 TensorFlow Python Code Injection: More eval() Woes
https://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes
#poc CVE-2021-37580
https://github.com/fengwenhua/CVE-2021-37580
#Web_Attack Cheat Sheet
https://github.com/riramar/Web-Attack-Cheat-Sheet
Official #Matplotlib Cheat Sheets
https://github.com/matplotlib/cheatsheets
https://github.com/riramar/Web-Attack-Cheat-Sheet
Official #Matplotlib Cheat Sheets
https://github.com/matplotlib/cheatsheets
#PowerShell Tools #Red_Team
Small and highly portable detection tests based on MITRE's ATT&CK
https://github.com/redcanaryco/atomic-red-team
PowerSploit A PowerShell Post Exploitation
https://github.com/PowerShellMafia/PowerSploit
obfuscation script designed to bypass AMSI and commercial antivirus solutions
https://github.com/tokyoneon/Chimera
Shellcode implementation of Reflective DLL Injection Convert DLLs to position independent shellcode
https://github.com/monoxgas/sRDI
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
https://github.com/Kevin-Robertson/Inveigh
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
https://github.com/WazeHell/vulnerable-AD
Small and highly portable detection tests based on MITRE's ATT&CK
https://github.com/redcanaryco/atomic-red-team
PowerSploit A PowerShell Post Exploitation
https://github.com/PowerShellMafia/PowerSploit
obfuscation script designed to bypass AMSI and commercial antivirus solutions
https://github.com/tokyoneon/Chimera
Shellcode implementation of Reflective DLL Injection Convert DLLs to position independent shellcode
https://github.com/monoxgas/sRDI
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
https://github.com/Kevin-Robertson/Inveigh
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
https://github.com/WazeHell/vulnerable-AD
Brutally effective DNS amplification ddos attack tool Can cripple a target machine from a single host. Use with extreme caution
https://github.com/thesc1ent1st/j0lt-ddos-tool
https://github.com/thesc1ent1st/j0lt-ddos-tool
GHSL-2021-1031 Information leak in Qualcomm npu driver - CVE-2021-1969
https://securitylab.github.com/advisories/GHSL-2021-1031-npu
2230 - Linux: UAF read: SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) - project-zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
https://securitylab.github.com/advisories/GHSL-2021-1031-npu
2230 - Linux: UAF read: SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) - project-zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
A simple, modern and secure #encryption tool (and Go library) with small explicit keys, no config options
https://github.com/FiloSottile/age
https://github.com/FiloSottile/age
Conti Ransomware In Depth Analysis.pdf
3.8 MB
Conti Ransomware In Depth Analysis
direct download ⬇️
https://www.prodaft.com/m/reports/Conti_TLPWHITE_v1.6_WVcSEtc.pdf
direct download ⬇️
https://www.prodaft.com/m/reports/Conti_TLPWHITE_v1.6_WVcSEtc.pdf
CVE-2021-42321 Microsoft Exchange Server Post-Auth RCE
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
Ghost let me Inject OS Commands RCE
https://medium.com/@Hossam.Mesbah/ghost-let-me-inject-os-commands-rce-a6e71e54445d
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
Ghost let me Inject OS Commands RCE
https://medium.com/@Hossam.Mesbah/ghost-let-me-inject-os-commands-rce-a6e71e54445d
Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
Bypass CVE-2021-41379 patch in Windows 11 and Server 2022 with November 2021
https://github.com/klinix5/InstallerFileTakeOver
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
Bypass CVE-2021-41379 patch in Windows 11 and Server 2022 with November 2021
https://github.com/klinix5/InstallerFileTakeOver
get SYSTEM via SeImpersonate privileges this project is able to open up a NamedPipe Server, impersonates any user connecting to it
https://github.com/S3cur3Th1sSh1t/MultiPotato
An easy-to-use library for emulating code in minidump files
https://github.com/mrexodia/dumpulator
Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu
https://github.com/S3cur3Th1sSh1t/MultiPotato
An easy-to-use library for emulating code in minidump files
https://github.com/mrexodia/dumpulator
Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu
Penetration Testing Step by Step Guide.pdf
56.3 MB
Penetration Testing Step by Step Guide
Second Edition
beginners practical guide to ethical hacking and penetration testing
Second Edition
beginners practical guide to ethical hacking and penetration testing
C3 (Custom Command and Control) is a tool that allows #Red_Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It allows the Red Team to concern themselves only with the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest
https://github.com/FSecureLABS/C3
for a detailed tutorial
https://labs.f-secure.com/tools/c3
https://github.com/FSecureLABS/C3
for a detailed tutorial
https://labs.f-secure.com/tools/c3