to get Cobalt Strike BOFs
https://github.com/EspressoCake
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
https://github.com/Flangvik/CobaltBus

C# code to Sandbox Defender and most probably other AV/EDRs
https://github.com/plackyhacker/SandboxDefender
netspy is a tool for quickly detecting reachable network segments in the intranet
https://github.com/shmilylty/netspy

Attacking kerberos unconstrained delegation
https://medium.com/r3d-buck3t/attacking-kerberos-unconstrained-delegation-ef77e1fb7203

Collection of Facebook Bug Bounty Writeups
https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups
L.O.C extension: this extension will automatically grant a third-party server access to some of the user's Facebook data
https://github.com/brave/extension-whitelist/issues/48

Mimikatz in JS Oneliner
https://gist.github.com/secdev-01/3edc6283bce6b5848a10b7001e030037
The Derby of Static Software Testing:
Joern vs CodeQl
https://elmanto.github.io/posts/sast_derby_joern_vs_codeql

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution as root
https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Austin_2021/flashback_connects/flashback_connects.md

Gather and update all available and newest CVEs with their PoC
https://github.com/trickest/cve

CVE-2022-21661 WordPress SQL Injection
https://github.com/purple-WL/wordpress-CVE-2022-21661

CVE-2022-22536 SAP memory pipes(MPI)
https://github.com/antx-code/CVE-2022-22536

PoC for CVE-2021-43893 EFSRPC Arbitrary File Upload Privilege Escalation
https://github.com/jbaines-r7/blankspace
Dropping Files on a Domain Controller
https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893

Kali Linux 2022.1 Release ♻️
New Features:
_Visual Refresh
_Kali Everything Image
_Shell Prompt Changes
_VMware i3 Improvements
_Refreshed Browser Landing Page
_Kali-Tweaks: Legacy SSH Made Easy
New Tools:
dnsx, naabu, nuclei, PoshC2, proxify, email2phonenumber
https://www.kali.org/blog/kali-linux-2022-1-release/

Big Bad Wolf Remote Control V9.5
with pony source code
https://github.com/0xCuSO4/DHLYK

Domain penetration one-stop
https://github.com/0range-x/Domain-penetration_one-stop/blob/master/Domain-penetration_one-stop.md

Windows Remote Administration Tool that uses Discord as C2
https://github.com/3ct0s/disctopia-c2

Process Overwriting is a PE injection technique, closely related to Process Hollowing and Module Overloading
https://github.com/hasherezade/process_overwriting

Object Overloading
https://blog.xpnsec.com/object-overloading
Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities
https://www.zerodayinitiative.com/blog/2022/2/14/static-taint-analysis-using-binary-ninja-a-case-study-of-mysql-cluster-vulnerabilities

NFT Lure Used to Distribute BitRAT
https://www.fortinet.com/blog/threat-research/nft-lure-used-to-distribute-bitrat

Allcome clipbanker is a newcomer in underground forums
https://www.gdatasoftware.com/blog/2022/02/37239-allcome-clipbanker-is-a-newcomer-in-malware-underground-forums

CVE-2021-44521 – Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution

Analysis of Microsoft CVE-2022-21907
https://www.fortinet.com/blog/threat-research/analysis-of-microsoft-cve-2022-21907
CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel
https://blog.immunityinc.com/p/a-remote-stack-overflow-in-the-linux-kernel

One Byte to ROP // Deep Dive Edition
https://hackmd.io/@pepsipu/ry-SK44pt
A primer on DCSync attack and detection
https://www.alteredsecurity.com/post/a-primer-on-dcsync-attack-and-detection

ice phishing on the blockchain
https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain
Evasive Trickbot Attacks Customers of 60 High-Profile Companies
https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies