Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053

Bypass CVE-2021-41379 patch in Windows 11 and Server 2022 with November 2021
https://github.com/klinix5/InstallerFileTakeOver

get SYSTEM via SeImpersonate privileges this project is able to open up a NamedPipe Server, impersonates any user connecting to it
https://github.com/S3cur3Th1sSh1t/MultiPotato

An easy-to-use library for emulating code in minidump files
https://github.com/mrexodia/dumpulator

Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu

Penetration Testing Step by Step Guide
Second Edition
beginners practical guide to ethical hacking and penetration testing

how to #fuzz the Linux kernel
https://hackmag.com/security/linux-fuzzing

PPID #Spoofing
https://captmeelo.com/redteam/maldev/2021/11/22/picky-ppid-spoofing.html

C3 (Custom Command and Control) is a tool that allows #Red_Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It allows the Red Team to concern themselves only with the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest
https://github.com/FSecureLABS/C3

for a detailed tutorial
https://labs.f-secure.com/tools/c3

#Penetration_Testing
#oyabun_v2 #leak
_ More sandbox detection methods
_ Fresh modules for data exfiltration and administration
_ AV evasion options
_ Ngrok’s region selection
_ Possibility to manage multiple connections
_ Language-specific command stagers
_ Tunnels …
_ Dedicated command for testing connectivity of each endpoint
_ Experimental hardware disruptors
_ Improved authtoken initialization
_ Indicator of active implants count in the prompt
_ New approach for SSL keypairs regeneration
_ New custom banner and ASCII art
_ Other useful command-line options
#and_more .. .

Black Hat Rust
https://github.com/skerkour/black-hat-rust

#CVE-2021-43557 Apache APISIX Path traversal in request_uri variable
https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable

#poc for CVE-2021-43557
https://github.com/xvnpw/k8s-CVE-2021-43557-poc

#SentinelOne

The Complete Guide to Understanding Apple Mac Security for Enterprise
direct download ⬇️
https://www.sentinelone.com/wp-content/uploads/2021/11/The-Complete-Guide-to-Understanding-Apple-Mac-Security-for-Enterprise.pdf

GSOh No! Hunting for Vulnerabilities in VirtualBox Network Offloads
https://www.sentinelone.com/labs/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads

notable code snippets for Offensive Security's PEN-300 (OSEP) course

https://github.com/chvancooten/OSEP-Code-Snippets?s=09

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures

https://github.com/mytechnotalent/Reverse-Engineering

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together
https://github.com/signorrayan/RedTeam_toolkit

Offensive tooling notes and experiments in AutoIt_v3
https://github.com/V1V1/OffensiveAutoIt