An In-depth Analysis of Duplicated Linux Kernel Bug Reports
https://gangw.cs.illinois.edu/ndss22-linux.pdf

A Practical Guide to Attacking JWT JSON Web Tokens
https://redhuntlabs.com/wp-content/uploads/2022/02/A-Practical-Guide-to-Attacking-JWT-JSON-Web-Tokens.pdf

Fuzz Rust code with LibAFL
https://github.com/AFLplusplus/cargo-libafl

Samsung Exploit and firmware decryption
https://github.com/synacktiv/samsung-q60t-exploit

Cross-site information leak - Leaking cross-origin redirect destination URI due to CORS (iOS)
https://bugs.chromium.org/p/chromium/issues/detail?id=1230444
The AMD Branch (Mis)predictor: Just Set it and Forget it!
https://grsecurity.net/amd_branch_mispredictor_just_set_it_and_forget_it

Relaying Kerberos over DNS using krbrelayx and mitm6
https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6

Dridex bots deliver Entropy ransomware in recent attacks
https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks
Malware Civil War – Malicious npm Packages Targeting Malware Authors
https://jfrog.com/blog/malware-civil-war-malicious-npm-packages-targeting-malware-authors/

Exploit Development: ASLR - Coming To A KUSER_SHARED_DATA Structure Near You!
https://connormcgarr.github.io/kuser-shared-data-changes-win-11
Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce
Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions
https://www.zerodayinitiative.com/blog/2022/2/22/clang-checkers-and-codeql-queries-for-detecting-untrusted-pointer-derefs-and-tainted-loop-conditions

Mitigating kernel risks on 32-bit ARM
https://security.googleblog.com/2022/02/mitigating-kernel-risks-on-32-bit-arm.html
Stealing a few more GitHub Actions secrets
https://blog.teddykatz.com/2022/02/23/ghosts-of-branches-past.html

Maat a cross-architecture, multi-purpose, and user-friendly symbolic execution framework. It provides common symbolic execution capabilities such as dynamic symbolic execution (DSE), taint analysis, binary instrumentation, environment simulation, and constraint solving
https://blog.trailofbits.com/2022/02/23/maat-symbolic-execution-made-easy
Source Code
https://github.com/trailofbits/maat

SQL Injection to RCE
https://pentestmag.com/sql-injection-to-rce
Remote Code Execution in pfSense <= 2.5.2
https://www.shielder.it/advisories/pfsense-remote-command-execution

PoC CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
https://github.com/p0dalirius/CVE-2022-21907-http.sys
Local privilege escalation based on Sunflower RCE without specifying ports
https://github.com/Ryze-T/CNVD-2022-10270-LPE

Security vulnerability database inclusive of CVEs and GitHub
https://github.com/github/advisory-database
A stealth AirTag clone that bypasses all of Apple's tracking protection features
https://github.com/positive-security/find-you

Running Cobalt Strike BOFs from Python
https://www.naksyn.com/injection/2022/02/16/running-cobalt-strike-bofs-from-python.html

Burp Suite Pro
version: 2022.2

Burp Bounty Data

Exploit Pack Professional 15.07

POC for CVE-2022-24124
https://github.com/ColdFusionX/CVE-2022-24124
CVE-2022-24086 RCE
https://github.com/shakeman8/CVE-2022-24086-RCE
PoC for CVE-2022-21971 "Windows Runtime Remote Code Execution Vulnerability"
https://github.com/0vercl0k/CVE-2022-21971
PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability"
https://github.com/0vercl0k/CVE-2022-21974

clash_for_windows_pkg RCE
https://github.com/Fndroid/clash_for_windows_pkg/issues/2710