CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)
https://www.openwall.com/lists/oss-security/2022/02/10/1
When MYSQL Cluster Encounters Taint Analysis
https://www.zerodayinitiative.com/blog/2022/2/10/mindshare-when-mysql-cluster-encounters-taint-analysis
https://www.openwall.com/lists/oss-security/2022/02/10/1
When MYSQL Cluster Encounters Taint Analysis
https://www.zerodayinitiative.com/blog/2022/2/10/mindshare-when-mysql-cluster-encounters-taint-analysis
Attacking an Ethereum L2 with Unbridled Optimism
https://www.saurik.com/optimism.html
https://www.saurik.com/optimism.html
Mars_Stealer_v6.1.zip
7.1 MB
MarsStealer v6.1
to steal data from all web browsers, 2FA components, cryptocurrency wallets
to steal data from all web browsers, 2FA components, cryptocurrency wallets
Sn1per Pro_v9.2.7z
238.3 KB
Sn1per Professional v9.2
to detect the attack surface
to detect the attack surface
to get Cobalt Strike BOFs
https://github.com/EspressoCake
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
https://github.com/Flangvik/CobaltBus
https://github.com/EspressoCake
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
https://github.com/Flangvik/CobaltBus
C# code to Sandbox Defender and most probably other AV/EDRs
https://github.com/plackyhacker/SandboxDefender
netspy is a tool for quickly detecting reachable network segments in the intranet
https://github.com/shmilylty/netspy
https://github.com/plackyhacker/SandboxDefender
netspy is a tool for quickly detecting reachable network segments in the intranet
https://github.com/shmilylty/netspy
Attacking kerberos unconstrained delegation
https://medium.com/r3d-buck3t/attacking-kerberos-unconstrained-delegation-ef77e1fb7203
https://medium.com/r3d-buck3t/attacking-kerberos-unconstrained-delegation-ef77e1fb7203
Collection of Facebook Bug Bounty Writeups
https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups
L.O.C extension: this extension will automatically grant a third-party server access to some of the user's Facebook data
https://github.com/brave/extension-whitelist/issues/48
https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups
L.O.C extension: this extension will automatically grant a third-party server access to some of the user's Facebook data
https://github.com/brave/extension-whitelist/issues/48
Mimikatz in JS Oneliner
https://gist.github.com/secdev-01/3edc6283bce6b5848a10b7001e030037
The Derby of Static Software Testing:
Joern vs CodeQl
https://elmanto.github.io/posts/sast_derby_joern_vs_codeql
https://gist.github.com/secdev-01/3edc6283bce6b5848a10b7001e030037
The Derby of Static Software Testing:
Joern vs CodeQl
https://elmanto.github.io/posts/sast_derby_joern_vs_codeql
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution as root
https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Austin_2021/flashback_connects/flashback_connects.md
https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Austin_2021/flashback_connects/flashback_connects.md
Gather and update all available and newest CVEs with their PoC
https://github.com/trickest/cve
https://github.com/trickest/cve
CVE-2022-21661 WordPress SQL Injection
https://github.com/purple-WL/wordpress-CVE-2022-21661
CVE-2022-22536 SAP memory pipes(MPI)
https://github.com/antx-code/CVE-2022-22536
https://github.com/purple-WL/wordpress-CVE-2022-21661
CVE-2022-22536 SAP memory pipes(MPI)
https://github.com/antx-code/CVE-2022-22536
PoC for CVE-2021-43893 EFSRPC Arbitrary File Upload Privilege Escalation
https://github.com/jbaines-r7/blankspace
Dropping Files on a Domain Controller
https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893
https://github.com/jbaines-r7/blankspace
Dropping Files on a Domain Controller
https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893
Kali Linux 2022.1 Release ♻️
New Features:
_Visual Refresh
_Kali Everything Image
_Shell Prompt Changes
_VMware i3 Improvements
_Refreshed Browser Landing Page
_Kali-Tweaks: Legacy SSH Made Easy
New Tools:
dnsx, naabu, nuclei, PoshC2, proxify, email2phonenumber
https://www.kali.org/blog/kali-linux-2022-1-release/
New Features:
_Visual Refresh
_Kali Everything Image
_Shell Prompt Changes
_VMware i3 Improvements
_Refreshed Browser Landing Page
_Kali-Tweaks: Legacy SSH Made Easy
New Tools:
dnsx, naabu, nuclei, PoshC2, proxify, email2phonenumber
https://www.kali.org/blog/kali-linux-2022-1-release/
Domain penetration one-stop
https://github.com/0range-x/Domain-penetration_one-stop/blob/master/Domain-penetration_one-stop.md
https://github.com/0range-x/Domain-penetration_one-stop/blob/master/Domain-penetration_one-stop.md
Windows Remote Administration Tool that uses Discord as C2
https://github.com/3ct0s/disctopia-c2
Process Overwriting is a PE injection technique, closely related to Process Hollowing and Module Overloading
https://github.com/hasherezade/process_overwriting
https://github.com/3ct0s/disctopia-c2
Process Overwriting is a PE injection technique, closely related to Process Hollowing and Module Overloading
https://github.com/hasherezade/process_overwriting