Dridex bots deliver Entropy ransomware in recent attacks
https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks
Malware Civil War – Malicious npm Packages Targeting Malware Authors
https://jfrog.com/blog/malware-civil-war-malicious-npm-packages-targeting-malware-authors/

Exploit Development: ASLR - Coming To A KUSER_SHARED_DATA Structure Near You!
https://connormcgarr.github.io/kuser-shared-data-changes-win-11
Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce
Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions
https://www.zerodayinitiative.com/blog/2022/2/22/clang-checkers-and-codeql-queries-for-detecting-untrusted-pointer-derefs-and-tainted-loop-conditions

Mitigating kernel risks on 32-bit ARM
https://security.googleblog.com/2022/02/mitigating-kernel-risks-on-32-bit-arm.html
Stealing a few more GitHub Actions secrets
https://blog.teddykatz.com/2022/02/23/ghosts-of-branches-past.html

Maat a cross-architecture, multi-purpose, and user-friendly symbolic execution framework. It provides common symbolic execution capabilities such as dynamic symbolic execution (DSE), taint analysis, binary instrumentation, environment simulation, and constraint solving
https://blog.trailofbits.com/2022/02/23/maat-symbolic-execution-made-easy
Source Code
https://github.com/trailofbits/maat

SQL Injection to RCE
https://pentestmag.com/sql-injection-to-rce
Remote Code Execution in pfSense <= 2.5.2
https://www.shielder.it/advisories/pfsense-remote-command-execution

PoC CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
https://github.com/p0dalirius/CVE-2022-21907-http.sys
Local privilege escalation based on Sunflower RCE without specifying ports
https://github.com/Ryze-T/CNVD-2022-10270-LPE

Security vulnerability database inclusive of CVEs and GitHub
https://github.com/github/advisory-database
A stealth AirTag clone that bypasses all of Apple's tracking protection features
https://github.com/positive-security/find-you

Running Cobalt Strike BOFs from Python
https://www.naksyn.com/injection/2022/02/16/running-cobalt-strike-bofs-from-python.html

Burp Suite Pro
version: 2022.2

Burp Bounty Data

Exploit Pack Professional 15.07

POC for CVE-2022-24124
https://github.com/ColdFusionX/CVE-2022-24124
CVE-2022-24086 RCE
https://github.com/shakeman8/CVE-2022-24086-RCE
PoC for CVE-2022-21971 "Windows Runtime Remote Code Execution Vulnerability"
https://github.com/0vercl0k/CVE-2022-21971
PoC for CVE-2022-21974 "Roaming Security Rights Management Services Remote Code Execution Vulnerability"
https://github.com/0vercl0k/CVE-2022-21974

clash_for_windows_pkg RCE
https://github.com/Fndroid/clash_for_windows_pkg/issues/2710

.NET, PE, & Raw Shellcode Packer/Loader Written in Nim
https://github.com/icyguider/Nimcrypt2
Cheat Sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell
https://github.com/drak3hft7/Cheat-Sheet---Active-Directory

All writeups about bug bounty list
https://github.com/hackforsecurity/BugBountyTool
Simwigo is a cross-platform tool, to simplify the deployment of a web service
https://github.com/8iche/simwigo

Convert shellcode into different formats!
https://github.com/ad-995/bluffy
A simple script just made for self use for bypassing 403
https://github.com/iamj0ker/bypass-403

Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing
https://github.com/cyprosecurity/API-SecurityEmpire

Circumventing Deep Packet Inspection with Socat and rot13
https://gist.github.com/gmurdocca/88857b58dc4668d88b0d0fae6ebf8b64