PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Affect the all major Linux distributions and can be exploited to gain full root privileges on the system
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

CVE-2021-4034 1day
https://github.com/berdav/CVE-2021-4034

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec CVE-2021-4034
https://github.com/arthepsy/CVE-2021-4034

Exploits for CVE-2022-0185
https://github.com/Crusaders-of-Rust/CVE-2022-0185

PoC for CVE-2022-0332
Moodle 3.11 to 3.11.4 - SQL injection
https://github.com/numanturle/CVE-2022-0332

CVE-2022-21882 win32k LPE bypass
https://github.com/KaLendsi/CVE-2022-21882

CVE-2022-23967 TightVNC Vulnerability
https://github.com/MaherAzzouzi/CVE-2022-23967

CVE-2022-21371 Oracle WebLogic Server
https://github.com/Mr-xn/CVE-2022-21371

new technique for shellcode injection to evade AVs and EDRs
https://github.com/Idov31/FunctionStomping

written in Golang to bypass AV / EDR protection
https://github.com/EmYiQing/GoBypass

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc
https://github.com/hlldz/RefleXXion

CobaltStrike Synthesis Post Penetration Plugin
https://github.com/lintstar/LSTAR

ROP userland execution for PS5 (4.03)
https://github.com/ChendoChap/PS5-Webkit-Execution

This Week in Security News
January 28th, 2022
https://www.trendmicro.com/en_us/research/22/a/this-week-in-security-news-january-28th-2022

PHP reverse shell script
https://github.com/ivan-sincek/php-reverse-shell

Automatic Reverse Shell Generator
https://github.com/d4t4s3c/Shelly

A simple ruby reverse-shell windows 10, 11
https://github.com/DioBruh/reverse-shell-windows

Granular, Actionable Adversary Emulation for the Cloud
https://github.com/DataDog/stratus-red-team

Bypass 4xx HTTP response status codes Based on PycURL
https://github.com/ivan-sincek/forbidden

Weaponizing WaybackUrls for Recon, BugBounties, OSINT, Sensitive Endpoints and what not
https://github.com/anmolksachan/TheTimeMachine

Statically-linked ssh server with reverse shell functionality for CTFs and such
https://github.com/Fahrj/reverse-ssh

An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
https://github.com/wallarm/gotestwaf

Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
https://github.com/FunnyWolf/Viper

An open-source #post-exploitation framework for students, researchers and developers
https://github.com/malwaredllc/byob

Empire is a PowerShell and Python 3.x #post-exploitation framework
https://github.com/BC-SECURITY/Empire

Kubesploit is a cross-platform #post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments
https://github.com/cyberark/kubesploit

Python AV Evasion Tools
https://github.com/G1ft3dC0d3/MsfMania

C++ WinRM API via Reflective DLL
https://github.com/mez-0/winrmdll

The ultimate WinRM shell for hacking/pentesting
https://github.com/mubix/evil-winrm

Infosec resource center for offensive and defensive security operations
https://github.com/InfosecHouse/InfosecHouse

A Huge Learning Resources with Labs For Offensive Security Players
https://github.com/Zeyad-Azima/Offensive-Resources

A list of useful resources for pentesting, Bug Bounty, CTF and similars
https://github.com/D3Ext/PentestDictionary

Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/penetration-testing-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password
https://github.com/ihebski/DefaultCreds-cheat-sheet

A #browser_extension for OSINT search
https://github.com/ninoseki/mitaka

The all-in-one Red Team #extension for Web Pentest
https://github.com/LasCC/Hack-Tools

Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine

Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html?m=1

The latest bug bounty programs for February 2022
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-february-2022

Announcing the public launch of Cloudflare's Bug Bounty program
https://blog.cloudflare.com/cloudflare-bug-bounty-program

Intel Launches Project Circuit Breaker A new expansion of its Bug Bounty program, Intel’s Project Circuit Breaker brings together a community of elite hackers to reshape vulnerability management
https://www.intel.com/content/www/us/en/newsroom/news/intel-launches-project-circuit-breaker

TartarusGate, Bypassing EDRs
https://github.com/trickster0/TartarusGate

Process Ghosting (x64 only) in C#
https://github.com/Wra7h/SharpGhosting

Malleable C2 profiles parser and assembler
https://github.com/D00Movenok/goMalleable

Just Simple Code To Play With Android Payloads
https://github.com/Djawad-Hammadi/Horus-Eye

Android RAT with WebPanel For Controlling Victims
https://github.com/swagkarna/Rafel-Rat

Android RAT with web panel and undetectable App
https://github.com/Th30neAnd0nly/Ohm

Keylogger Generator for Windows written in Python
https://github.com/FZGbzuw412/SATANKLGR

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
https://github.com/jafarlihi/serpentine

Stowaway Multi-hop Proxy Tool for pentesters
https://github.com/ph4ntonn/Stowaway

Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading
https://github.com/alechilczenko/pwndora