oyabun_v2.7z
4.7 MB
#Penetration_Testing
#oyabun_v2 #leak
_ More sandbox detection methods
_ Fresh modules for data exfiltration and administration
_ AV evasion options
_ Ngrok’s region selection
_ Possibility to manage multiple connections
_ Language-specific command stagers
_ Tunnels …
_ Dedicated command for testing connectivity of each endpoint
_ Experimental hardware disruptors
_ Improved authtoken initialization
_ Indicator of active implants count in the prompt
_ New approach for SSL keypairs regeneration
_ New custom banner and ASCII art
_ Other useful command-line options
#and_more .. .
#oyabun_v2 #leak
_ More sandbox detection methods
_ Fresh modules for data exfiltration and administration
_ AV evasion options
_ Ngrok’s region selection
_ Possibility to manage multiple connections
_ Language-specific command stagers
_ Tunnels …
_ Dedicated command for testing connectivity of each endpoint
_ Experimental hardware disruptors
_ Improved authtoken initialization
_ Indicator of active implants count in the prompt
_ New approach for SSL keypairs regeneration
_ New custom banner and ASCII art
_ Other useful command-line options
#and_more .. .
#CVE-2021-43557 Apache APISIX Path traversal in request_uri variable
https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable
#poc for CVE-2021-43557
https://github.com/xvnpw/k8s-CVE-2021-43557-poc
https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable
#poc for CVE-2021-43557
https://github.com/xvnpw/k8s-CVE-2021-43557-poc
The_Complete_Guide_to_Understanding_Apple_Mac_Security_for_Enterprise.pdf
10.7 MB
#SentinelOne
The Complete Guide to Understanding Apple Mac Security for Enterprise
direct download ⬇️
https://www.sentinelone.com/wp-content/uploads/2021/11/The-Complete-Guide-to-Understanding-Apple-Mac-Security-for-Enterprise.pdf
GSOh No! Hunting for Vulnerabilities in VirtualBox Network Offloads
https://www.sentinelone.com/labs/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads
The Complete Guide to Understanding Apple Mac Security for Enterprise
direct download ⬇️
https://www.sentinelone.com/wp-content/uploads/2021/11/The-Complete-Guide-to-Understanding-Apple-Mac-Security-for-Enterprise.pdf
GSOh No! Hunting for Vulnerabilities in VirtualBox Network Offloads
https://www.sentinelone.com/labs/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads
notable code snippets for Offensive Security's PEN-300 (OSEP) course
https://github.com/chvancooten/OSEP-Code-Snippets?s=09
https://github.com/chvancooten/OSEP-Code-Snippets?s=09
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures
https://github.com/mytechnotalent/Reverse-Engineering
https://github.com/mytechnotalent/Reverse-Engineering
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together
https://github.com/signorrayan/RedTeam_toolkit
Offensive tooling notes and experiments in AutoIt_v3
https://github.com/V1V1/OffensiveAutoIt
https://github.com/signorrayan/RedTeam_toolkit
Offensive tooling notes and experiments in AutoIt_v3
https://github.com/V1V1/OffensiveAutoIt
Run binaries straight from memory in Linux
https://github.com/liamg/memit
403/401 Bypass Methods + Bash Automation + Your Support ;)
https://github.com/Dheerajmadhukar/4-ZERO-3
https://github.com/liamg/memit
403/401 Bypass Methods + Bash Automation + Your Support ;)
https://github.com/Dheerajmadhukar/4-ZERO-3
information about EDRs that can be useful during red team exercise
https://github.com/Mr-Un1k0d3r/EDRs
AV/EDR evasion via direct system calls
https://github.com/jthuraisamy/SysWhispers2
https://github.com/Mr-Un1k0d3r/EDRs
AV/EDR evasion via direct system calls
https://github.com/jthuraisamy/SysWhispers2
#cracken a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust
https://github.com/shmuelamar/cracken
#karma_v2 is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
https://github.com/Dheerajmadhukar/karma_v2
https://github.com/shmuelamar/cracken
#karma_v2 is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
https://github.com/Dheerajmadhukar/karma_v2
The fastest and safest AV1 encoder
https://github.com/xiph/rav1e
Safe, fast, small crypto using Rust
https://github.com/briansmith/ring
https://github.com/xiph/rav1e
Safe, fast, small crypto using Rust
https://github.com/briansmith/ring
proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool
https://github.com/FDlucifer/Proxy-Attackchain
ProxyVulns
https://github.com/hosch3n/ProxyVulns
https://github.com/FDlucifer/Proxy-Attackchain
ProxyVulns
https://github.com/hosch3n/ProxyVulns
VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
https://github.com/l0ggg/VMware_vCenter
https://github.com/l0ggg/VMware_vCenter
A Visual Studio template used to create #Cobalt_Strike BOFs
https://github.com/securifybv/Visual-Studio-BOF-template
#Cobalt_Strike BOF - Bypass AMSI in a remote process with code injection
https://github.com/boku7/injectAmsiBypass
Tool for working with Direct System Calls in #Cobalt_Strike's Beacon Object Files (BOF) via Syswhispers2
https://github.com/Sh0ckFR/InlineWhispers2
A Beacon Object File (BOF) for #Cobalt_Strike which uses direct system calls to enable WDigest credential caching
https://github.com/outflanknl/WdToggle
https://github.com/securifybv/Visual-Studio-BOF-template
#Cobalt_Strike BOF - Bypass AMSI in a remote process with code injection
https://github.com/boku7/injectAmsiBypass
Tool for working with Direct System Calls in #Cobalt_Strike's Beacon Object Files (BOF) via Syswhispers2
https://github.com/Sh0ckFR/InlineWhispers2
A Beacon Object File (BOF) for #Cobalt_Strike which uses direct system calls to enable WDigest credential caching
https://github.com/outflanknl/WdToggle