A small reverse shell for Linux & Windows
https://github.com/xct/xc
A repository of Windows Shellcode runners and supporting utilities
https://github.com/Ne0nd0g/go-shellcode
A method of bypassing EDR's active projection DLL's by preventing entry point exection
https://github.com/CCob/SharpBlock
https://github.com/xct/xc
A repository of Windows Shellcode runners and supporting utilities
https://github.com/Ne0nd0g/go-shellcode
A method of bypassing EDR's active projection DLL's by preventing entry point exection
https://github.com/CCob/SharpBlock
A utility to safely generate malicious network traffic patterns and evaluate controls
https://github.com/alphasoc/flightsim
Sliver is an open source cross-platform adversary emulation / red team framework
https://github.com/BishopFox/sliver
https://github.com/alphasoc/flightsim
Sliver is an open source cross-platform adversary emulation / red team framework
https://github.com/BishopFox/sliver
An introduction to Active Directory security
https://github.com/cfalta/adsec
Python implementation for Active Directory certificate abuse
https://github.com/ly4k/Certipy
https://github.com/cfalta/adsec
Python implementation for Active Directory certificate abuse
https://github.com/ly4k/Certipy
Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant
TianySpy Malware Uses Smishing Disguised as Message From Telco
https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco
https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant
TianySpy Malware Uses Smishing Disguised as Message From Telco
https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco
This media is not supported in your browser
VIEW IN TELEGRAM
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Affect the all major Linux distributions and can be exploited to gain full root privileges on the system
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
CVE-2021-4034 1day
https://github.com/berdav/CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec CVE-2021-4034
https://github.com/arthepsy/CVE-2021-4034
Affect the all major Linux distributions and can be exploited to gain full root privileges on the system
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
CVE-2021-4034 1day
https://github.com/berdav/CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec CVE-2021-4034
https://github.com/arthepsy/CVE-2021-4034
Exploits for CVE-2022-0185
https://github.com/Crusaders-of-Rust/CVE-2022-0185
PoC for CVE-2022-0332
Moodle 3.11 to 3.11.4 - SQL injection
https://github.com/numanturle/CVE-2022-0332
https://github.com/Crusaders-of-Rust/CVE-2022-0185
PoC for CVE-2022-0332
Moodle 3.11 to 3.11.4 - SQL injection
https://github.com/numanturle/CVE-2022-0332
CVE-2022-21882 win32k LPE bypass
https://github.com/KaLendsi/CVE-2022-21882
CVE-2022-23967 TightVNC Vulnerability
https://github.com/MaherAzzouzi/CVE-2022-23967
CVE-2022-21371 Oracle WebLogic Server
https://github.com/Mr-xn/CVE-2022-21371
https://github.com/KaLendsi/CVE-2022-21882
CVE-2022-23967 TightVNC Vulnerability
https://github.com/MaherAzzouzi/CVE-2022-23967
CVE-2022-21371 Oracle WebLogic Server
https://github.com/Mr-xn/CVE-2022-21371
new technique for shellcode injection to evade AVs and EDRs
https://github.com/Idov31/FunctionStomping
written in Golang to bypass AV / EDR protection
https://github.com/EmYiQing/GoBypass
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc
https://github.com/hlldz/RefleXXion
https://github.com/Idov31/FunctionStomping
written in Golang to bypass AV / EDR protection
https://github.com/EmYiQing/GoBypass
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc
https://github.com/hlldz/RefleXXion
CobaltStrike Synthesis Post Penetration Plugin
https://github.com/lintstar/LSTAR
https://github.com/lintstar/LSTAR
ROP userland execution for PS5 (4.03)
https://github.com/ChendoChap/PS5-Webkit-Execution
https://github.com/ChendoChap/PS5-Webkit-Execution
This Week in Security News
January 28th, 2022
https://www.trendmicro.com/en_us/research/22/a/this-week-in-security-news-january-28th-2022
January 28th, 2022
https://www.trendmicro.com/en_us/research/22/a/this-week-in-security-news-january-28th-2022
PHP reverse shell script
https://github.com/ivan-sincek/php-reverse-shell
Automatic Reverse Shell Generator
https://github.com/d4t4s3c/Shelly
A simple ruby reverse-shell windows 10, 11
https://github.com/DioBruh/reverse-shell-windows
https://github.com/ivan-sincek/php-reverse-shell
Automatic Reverse Shell Generator
https://github.com/d4t4s3c/Shelly
A simple ruby reverse-shell windows 10, 11
https://github.com/DioBruh/reverse-shell-windows
Granular, Actionable Adversary Emulation for the Cloud
https://github.com/DataDog/stratus-red-team
Bypass 4xx HTTP response status codes Based on PycURL
https://github.com/ivan-sincek/forbidden
Weaponizing WaybackUrls for Recon, BugBounties, OSINT, Sensitive Endpoints and what not
https://github.com/anmolksachan/TheTimeMachine
https://github.com/DataDog/stratus-red-team
Bypass 4xx HTTP response status codes Based on PycURL
https://github.com/ivan-sincek/forbidden
Weaponizing WaybackUrls for Recon, BugBounties, OSINT, Sensitive Endpoints and what not
https://github.com/anmolksachan/TheTimeMachine
Statically-linked ssh server with reverse shell functionality for CTFs and such
https://github.com/Fahrj/reverse-ssh
An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
https://github.com/wallarm/gotestwaf
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
https://github.com/FunnyWolf/Viper
https://github.com/Fahrj/reverse-ssh
An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
https://github.com/wallarm/gotestwaf
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
https://github.com/FunnyWolf/Viper
An open-source #post-exploitation framework for students, researchers and developers
https://github.com/malwaredllc/byob
Empire is a PowerShell and Python 3.x #post-exploitation framework
https://github.com/BC-SECURITY/Empire
Kubesploit is a cross-platform #post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments
https://github.com/cyberark/kubesploit
https://github.com/malwaredllc/byob
Empire is a PowerShell and Python 3.x #post-exploitation framework
https://github.com/BC-SECURITY/Empire
Kubesploit is a cross-platform #post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments
https://github.com/cyberark/kubesploit
Python AV Evasion Tools
https://github.com/G1ft3dC0d3/MsfMania
C++ WinRM API via Reflective DLL
https://github.com/mez-0/winrmdll
The ultimate WinRM shell for hacking/pentesting
https://github.com/mubix/evil-winrm
https://github.com/G1ft3dC0d3/MsfMania
C++ WinRM API via Reflective DLL
https://github.com/mez-0/winrmdll
The ultimate WinRM shell for hacking/pentesting
https://github.com/mubix/evil-winrm
Infosec resource center for offensive and defensive security operations
https://github.com/InfosecHouse/InfosecHouse
A Huge Learning Resources with Labs For Offensive Security Players
https://github.com/Zeyad-Azima/Offensive-Resources
A list of useful resources for pentesting, Bug Bounty, CTF and similars
https://github.com/D3Ext/PentestDictionary
https://github.com/InfosecHouse/InfosecHouse
A Huge Learning Resources with Labs For Offensive Security Players
https://github.com/Zeyad-Azima/Offensive-Resources
A list of useful resources for pentesting, Bug Bounty, CTF and similars
https://github.com/D3Ext/PentestDictionary