This media is not supported in your browser
VIEW IN TELEGRAM
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Affect the all major Linux distributions and can be exploited to gain full root privileges on the system
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
CVE-2021-4034 1day
https://github.com/berdav/CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec CVE-2021-4034
https://github.com/arthepsy/CVE-2021-4034
Affect the all major Linux distributions and can be exploited to gain full root privileges on the system
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
CVE-2021-4034 1day
https://github.com/berdav/CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec CVE-2021-4034
https://github.com/arthepsy/CVE-2021-4034
Exploits for CVE-2022-0185
https://github.com/Crusaders-of-Rust/CVE-2022-0185
PoC for CVE-2022-0332
Moodle 3.11 to 3.11.4 - SQL injection
https://github.com/numanturle/CVE-2022-0332
https://github.com/Crusaders-of-Rust/CVE-2022-0185
PoC for CVE-2022-0332
Moodle 3.11 to 3.11.4 - SQL injection
https://github.com/numanturle/CVE-2022-0332
CVE-2022-21882 win32k LPE bypass
https://github.com/KaLendsi/CVE-2022-21882
CVE-2022-23967 TightVNC Vulnerability
https://github.com/MaherAzzouzi/CVE-2022-23967
CVE-2022-21371 Oracle WebLogic Server
https://github.com/Mr-xn/CVE-2022-21371
https://github.com/KaLendsi/CVE-2022-21882
CVE-2022-23967 TightVNC Vulnerability
https://github.com/MaherAzzouzi/CVE-2022-23967
CVE-2022-21371 Oracle WebLogic Server
https://github.com/Mr-xn/CVE-2022-21371
new technique for shellcode injection to evade AVs and EDRs
https://github.com/Idov31/FunctionStomping
written in Golang to bypass AV / EDR protection
https://github.com/EmYiQing/GoBypass
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc
https://github.com/hlldz/RefleXXion
https://github.com/Idov31/FunctionStomping
written in Golang to bypass AV / EDR protection
https://github.com/EmYiQing/GoBypass
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc
https://github.com/hlldz/RefleXXion
CobaltStrike Synthesis Post Penetration Plugin
https://github.com/lintstar/LSTAR
https://github.com/lintstar/LSTAR
ROP userland execution for PS5 (4.03)
https://github.com/ChendoChap/PS5-Webkit-Execution
https://github.com/ChendoChap/PS5-Webkit-Execution
This Week in Security News
January 28th, 2022
https://www.trendmicro.com/en_us/research/22/a/this-week-in-security-news-january-28th-2022
January 28th, 2022
https://www.trendmicro.com/en_us/research/22/a/this-week-in-security-news-january-28th-2022
PHP reverse shell script
https://github.com/ivan-sincek/php-reverse-shell
Automatic Reverse Shell Generator
https://github.com/d4t4s3c/Shelly
A simple ruby reverse-shell windows 10, 11
https://github.com/DioBruh/reverse-shell-windows
https://github.com/ivan-sincek/php-reverse-shell
Automatic Reverse Shell Generator
https://github.com/d4t4s3c/Shelly
A simple ruby reverse-shell windows 10, 11
https://github.com/DioBruh/reverse-shell-windows
Granular, Actionable Adversary Emulation for the Cloud
https://github.com/DataDog/stratus-red-team
Bypass 4xx HTTP response status codes Based on PycURL
https://github.com/ivan-sincek/forbidden
Weaponizing WaybackUrls for Recon, BugBounties, OSINT, Sensitive Endpoints and what not
https://github.com/anmolksachan/TheTimeMachine
https://github.com/DataDog/stratus-red-team
Bypass 4xx HTTP response status codes Based on PycURL
https://github.com/ivan-sincek/forbidden
Weaponizing WaybackUrls for Recon, BugBounties, OSINT, Sensitive Endpoints and what not
https://github.com/anmolksachan/TheTimeMachine
Statically-linked ssh server with reverse shell functionality for CTFs and such
https://github.com/Fahrj/reverse-ssh
An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
https://github.com/wallarm/gotestwaf
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
https://github.com/FunnyWolf/Viper
https://github.com/Fahrj/reverse-ssh
An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
https://github.com/wallarm/gotestwaf
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
https://github.com/FunnyWolf/Viper
An open-source #post-exploitation framework for students, researchers and developers
https://github.com/malwaredllc/byob
Empire is a PowerShell and Python 3.x #post-exploitation framework
https://github.com/BC-SECURITY/Empire
Kubesploit is a cross-platform #post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments
https://github.com/cyberark/kubesploit
https://github.com/malwaredllc/byob
Empire is a PowerShell and Python 3.x #post-exploitation framework
https://github.com/BC-SECURITY/Empire
Kubesploit is a cross-platform #post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments
https://github.com/cyberark/kubesploit
Python AV Evasion Tools
https://github.com/G1ft3dC0d3/MsfMania
C++ WinRM API via Reflective DLL
https://github.com/mez-0/winrmdll
The ultimate WinRM shell for hacking/pentesting
https://github.com/mubix/evil-winrm
https://github.com/G1ft3dC0d3/MsfMania
C++ WinRM API via Reflective DLL
https://github.com/mez-0/winrmdll
The ultimate WinRM shell for hacking/pentesting
https://github.com/mubix/evil-winrm
Infosec resource center for offensive and defensive security operations
https://github.com/InfosecHouse/InfosecHouse
A Huge Learning Resources with Labs For Offensive Security Players
https://github.com/Zeyad-Azima/Offensive-Resources
A list of useful resources for pentesting, Bug Bounty, CTF and similars
https://github.com/D3Ext/PentestDictionary
https://github.com/InfosecHouse/InfosecHouse
A Huge Learning Resources with Labs For Offensive Security Players
https://github.com/Zeyad-Azima/Offensive-Resources
A list of useful resources for pentesting, Bug Bounty, CTF and similars
https://github.com/D3Ext/PentestDictionary
Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/penetration-testing-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password
https://github.com/ihebski/DefaultCreds-cheat-sheet
https://github.com/ivan-sincek/penetration-testing-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password
https://github.com/ihebski/DefaultCreds-cheat-sheet
A #browser_extension for OSINT search
https://github.com/ninoseki/mitaka
The all-in-one Red Team #extension for Web Pentest
https://github.com/LasCC/Hack-Tools
https://github.com/ninoseki/mitaka
The all-in-one Red Team #extension for Web Pentest
https://github.com/LasCC/Hack-Tools
Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html?m=1
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html?m=1
The latest bug bounty programs for February 2022
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-february-2022
Announcing the public launch of Cloudflare's Bug Bounty program
https://blog.cloudflare.com/cloudflare-bug-bounty-program
Intel Launches Project Circuit Breaker A new expansion of its Bug Bounty program, Intel’s Project Circuit Breaker brings together a community of elite hackers to reshape vulnerability management
https://www.intel.com/content/www/us/en/newsroom/news/intel-launches-project-circuit-breaker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-february-2022
Announcing the public launch of Cloudflare's Bug Bounty program
https://blog.cloudflare.com/cloudflare-bug-bounty-program
Intel Launches Project Circuit Breaker A new expansion of its Bug Bounty program, Intel’s Project Circuit Breaker brings together a community of elite hackers to reshape vulnerability management
https://www.intel.com/content/www/us/en/newsroom/news/intel-launches-project-circuit-breaker