LoadLibrary for offensive operations
https://github.com/bats3c/DarkLoadLibrary

Hundreds of Offensive and Useful Docker Images for Network Intrusion
https://github.com/cybersecsi/HOUDINI

A Workflow Engine for Offensive Security
https://github.com/j3ssie/osmedeus

Second-order subdomain takeover scanner
https://github.com/mhmdiaa/second-order

bypass IP source restrictions using HTTP headers
https://github.com/p0dalirius/ipsourcebypass

weaponize a vulnerable signed driver to bypass EDR detections
https://github.com/wavestone-cdt/EDRSandblast

Flutter Roadmap 2022
https://github.com/Flutterando/roadmap

Collection of Flutter and Dart Tips and Tricks
https://github.com/vandadnp/flutter-tips-and-tricks

Flutter Reverse Engineering Framework
Android: arm64, arm32 & iOS: arm64;
https://github.com/ptswarm/reFlutter

CVE-2021-26084 Confluence Server Webwork OGNL injection
https://github.com/thomsdev/CVE-2021-26084

PoC script to exploit Pulse Secure CVE-2021-22893
https://github.com/thomsdev/CVE-2021-22893

Automation for internal Windows Penetest/AD-Security
https://github.com/S3cur3Th1sSh1t/WinPwn

some code execution and AV Evasion methods for Macros in Office documents
https://github.com/S3cur3Th1sSh1t/OffensiveVBA

A small reverse shell for Linux & Windows
https://github.com/xct/xc

A repository of Windows Shellcode runners and supporting utilities
https://github.com/Ne0nd0g/go-shellcode

A method of bypassing EDR's active projection DLL's by preventing entry point exection
https://github.com/CCob/SharpBlock

A utility to safely generate malicious network traffic patterns and evaluate controls
https://github.com/alphasoc/flightsim

Sliver is an open source cross-platform adversary emulation / red team framework
https://github.com/BishopFox/sliver

An introduction to Active Directory security
https://github.com/cfalta/adsec

Python implementation for Active Directory certificate abuse
https://github.com/ly4k/Certipy

Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant

TianySpy Malware Uses Smishing Disguised as Message From Telco
https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Affect the all major Linux distributions and can be exploited to gain full root privileges on the system
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

CVE-2021-4034 1day
https://github.com/berdav/CVE-2021-4034

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec CVE-2021-4034
https://github.com/arthepsy/CVE-2021-4034

Exploits for CVE-2022-0185
https://github.com/Crusaders-of-Rust/CVE-2022-0185

PoC for CVE-2022-0332
Moodle 3.11 to 3.11.4 - SQL injection
https://github.com/numanturle/CVE-2022-0332

CVE-2022-21882 win32k LPE bypass
https://github.com/KaLendsi/CVE-2022-21882

CVE-2022-23967 TightVNC Vulnerability
https://github.com/MaherAzzouzi/CVE-2022-23967

CVE-2022-21371 Oracle WebLogic Server
https://github.com/Mr-xn/CVE-2022-21371

new technique for shellcode injection to evade AVs and EDRs
https://github.com/Idov31/FunctionStomping

written in Golang to bypass AV / EDR protection
https://github.com/EmYiQing/GoBypass

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc
https://github.com/hlldz/RefleXXion

CobaltStrike Synthesis Post Penetration Plugin
https://github.com/lintstar/LSTAR

ROP userland execution for PS5 (4.03)
https://github.com/ChendoChap/PS5-Webkit-Execution

This Week in Security News
January 28th, 2022
https://www.trendmicro.com/en_us/research/22/a/this-week-in-security-news-january-28th-2022