Vulnerability Intelligence Center / Exploits
https://github.com/Patrowl/PatrowlHears
Open-Source Vulnerability Intelligence Center Unified source of vulnerability, exploit and threat Intelligence feeds
https://github.com/Patrowl/PatrowlHearsData
https://github.com/Patrowl/PatrowlHears
Open-Source Vulnerability Intelligence Center Unified source of vulnerability, exploit and threat Intelligence feeds
https://github.com/Patrowl/PatrowlHearsData
XXE Injection Payload List
SQL Injection Payload List
RFI/LFI Payload List
Open Redirect Payload List
Command Injection Payload List
https://github.com/payloadbox
SQL Injection Payload List
RFI/LFI Payload List
Open Redirect Payload List
Command Injection Payload List
https://github.com/payloadbox
generate QR codes in a jiffy
https://github.com/endroid/qr-code
Simple Asset Mapping Tool
https://github.com/lcvvvv/kscan
Automated Penetration Tool After Border Dotting
https://github.com/inbug-team/InScan
An Adavnced Automation Tool For Web-Recon
https://github.com/Cyber-Guy1/BlackDragon
Building and Executing Position Independent Shellcode from Object Files in Memory
https://github.com/paranoidninja/PIC-Get-Privileges
https://github.com/endroid/qr-code
Simple Asset Mapping Tool
https://github.com/lcvvvv/kscan
Automated Penetration Tool After Border Dotting
https://github.com/inbug-team/InScan
An Adavnced Automation Tool For Web-Recon
https://github.com/Cyber-Guy1/BlackDragon
Building and Executing Position Independent Shellcode from Object Files in Memory
https://github.com/paranoidninja/PIC-Get-Privileges
This media is not supported in your browser
VIEW IN TELEGRAM
الشرطة الروسية اعتقلت باقي أعضاء مجموعة REvil وصادرت كل ممتلكاتهم من أموال وأجهزة كومبيوتر وسيارات
المصدر
https://www.bleepingcomputer.com/news/security/russian-government-arrests-revil-ransomware-gang-members
المصدر
https://www.bleepingcomputer.com/news/security/russian-government-arrests-revil-ransomware-gang-members
#poc CVE-2022-21907 HTTP Protocol Stack RCE. Windows 10 Exploits
https://github.com/nu11secur1ty/Windows10Exploits/blob/master/2022/CVE-2022-21907/PoC/PoC-CVE-2022-21907.py
https://github.com/nu11secur1ty/Windows10Exploits/blob/master/2022/CVE-2022-21907/PoC/PoC-CVE-2022-21907.py
detect vulnerabilities, access the target server using POC / EXP for a large number of high-risk vulnerabilities
https://github.com/tr0uble-mAker/POC-bomber
https://github.com/tr0uble-mAker/POC-bomber
windows HTTP RCE CVE-2022-21907
https://github.com/antx-code/CVE-2022-21907
An exploit / PoC for CVE-2021-42237
https://github.com/PinkDev1/CVE-2021-42237
Apache Dubbo Hessian2 CVE-2021-43297 demo
https://github.com/longofo/Apache-Dubbo-Hessian2-CVE-2021-43297
https://github.com/antx-code/CVE-2022-21907
An exploit / PoC for CVE-2021-42237
https://github.com/PinkDev1/CVE-2021-42237
Apache Dubbo Hessian2 CVE-2021-43297 demo
https://github.com/longofo/Apache-Dubbo-Hessian2-CVE-2021-43297
A tool for creating hidden accounts using the registry
https://github.com/wgpsec/CreateHiddenAccount
Check for LDAP protections regarding the relay of NTLM authentication
https://github.com/zyn3rgy/LdapRelayScan
Cryptor is a basic console application meant to encrypt the payload before adding it as a PE resource to the Injector
https://github.com/Cerbersec/Ares
https://github.com/wgpsec/CreateHiddenAccount
Check for LDAP protections regarding the relay of NTLM authentication
https://github.com/zyn3rgy/LdapRelayScan
Cryptor is a basic console application meant to encrypt the payload before adding it as a PE resource to the Injector
https://github.com/Cerbersec/Ares
Hide your payload in DNS
https://github.com/mhaskar/DNSStager
.NET Project for Attacking vCenter
https://github.com/grzryc/SharpSphere
tool for Shadow Credentials attacks
https://github.com/ShutdownRepo/pywhisker
https://github.com/mhaskar/DNSStager
.NET Project for Attacking vCenter
https://github.com/grzryc/SharpSphere
tool for Shadow Credentials attacks
https://github.com/ShutdownRepo/pywhisker
obfuscation toolkit for C# post-exploitation tools
https://github.com/h4wkst3r/InvisibilityCloak
Inject .NET assemblies into an existing process
https://github.com/kyleavery/inject-assembly
Get file less command execution for lateral movement
https://github.com/juliourena/SharpNoPSExec
https://github.com/h4wkst3r/InvisibilityCloak
Inject .NET assemblies into an existing process
https://github.com/kyleavery/inject-assembly
Get file less command execution for lateral movement
https://github.com/juliourena/SharpNoPSExec
patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature
https://github.com/med0x2e/SigFlip
Quickly search for references to a GUID in DLLs, EXEs, and drivers
https://github.com/matterpreter/FindETWProviderImage
Dump the memory of a PPL with a userland exploit
https://github.com/itm4n/PPLdump
https://github.com/med0x2e/SigFlip
Quickly search for references to a GUID in DLLs, EXEs, and drivers
https://github.com/matterpreter/FindETWProviderImage
Dump the memory of a PPL with a userland exploit
https://github.com/itm4n/PPLdump
Stop Windows Defender programmatically
https://github.com/lab52io/StopDefender
MS-FSRVP coercion abuse PoC
https://github.com/ShutdownRepo/ShadowCoerce
Privilege Escalation Enumeration Script for Windows
https://github.com/h4wkst3r/InvisibilityCloak
https://github.com/lab52io/StopDefender
MS-FSRVP coercion abuse PoC
https://github.com/ShutdownRepo/ShadowCoerce
Privilege Escalation Enumeration Script for Windows
https://github.com/h4wkst3r/InvisibilityCloak
Offensive PowerShell for red team, penetration testing and offensive security
https://github.com/samratashok/nishang
utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities
https://github.com/bitsadmin/wesng
A little tool to play with Windows security
https://github.com/vletoux/mimikatz
https://github.com/samratashok/nishang
utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities
https://github.com/bitsadmin/wesng
A little tool to play with Windows security
https://github.com/vletoux/mimikatz
Zooming in on Zero-click Exploits
https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html?m=1
Seeyoucm thief Exploiting Common Misconfigurations in Cisco Phone Systems
https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems
https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html?m=1
Seeyoucm thief Exploiting Common Misconfigurations in Cisco Phone Systems
https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems
FIN8 New Ransomware Spotted: White Rabbit and Its Evasion Tactics
https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics
Analysis of Destructive Malware (WhisperGate) targeting Ukraine
https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3
https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics
Analysis of Destructive Malware (WhisperGate) targeting Ukraine
https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3
CVE-2021-21661 Exposing Database info via WordPress SQL injection
https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
Vulnerable AWS Lambda function Initial access in cloud attacks
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre
https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
Vulnerable AWS Lambda function Initial access in cloud attacks
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre
Exploit for CVE-2021-25741 vulnerability
https://github.com/Betep0k/CVE-2021-25741
Critical Vulnerabilities in Trend Micro Deep Security Agent for Linux
https://github.com/modzero/MZ-21-02-Trendmicro
https://github.com/Betep0k/CVE-2021-25741
Critical Vulnerabilities in Trend Micro Deep Security Agent for Linux
https://github.com/modzero/MZ-21-02-Trendmicro
Fuzzware's main repository
Start here to install
https://github.com/fuzzware-fuzzer/fuzzware
Files used for reproducing
Fuzzware's experiments
https://github.com/fuzzware-fuzzer/fuzzware-experiments
Start here to install
https://github.com/fuzzware-fuzzer/fuzzware
Files used for reproducing
Fuzzware's experiments
https://github.com/fuzzware-fuzzer/fuzzware-experiments
dirsearch, subfinder, ksubdomain, httpx, nuclei tools to quickly check target assets and perform sensitive files, sensitive paths, and vulnerability verification detection on target assets
https://github.com/ExpLangcn/WanLi
https://github.com/ExpLangcn/WanLi
Make your First Malware Honeypot in Under 20 Minutes
https://www.intezer.com/blog/malware-analysis/how-to-make-malware-honeypot
Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike
https://www.intezer.com/blog/malware-analysis/how-to-make-malware-honeypot
Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike
CVE-2022-21658 Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability
https://blog.rust-lang.org/2022/01/20/cve-2022-21658
PoC for cve-2022-21658
https://github.com/sagittarius-a/cve-2022-21658
https://blog.rust-lang.org/2022/01/20/cve-2022-21658
PoC for cve-2022-21658
https://github.com/sagittarius-a/cve-2022-21658