For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon
https://github.com/lutfumertceylan/top25-parameter
https://github.com/lutfumertceylan/top25-parameter
PoC for KeePass CVE-2022-0725
https://github.com/ByteHackr/keepass_poc
PoC CVE-2021-30955
Mac OS Kernel race condition
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
Exploiting CVE-2021-26708 (Linux kernel) with sshd
https://hardenedvault.net/2022/03/01/poc-cve-2021-26708.html
https://github.com/ByteHackr/keepass_poc
PoC CVE-2021-30955
Mac OS Kernel race condition
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
Exploiting CVE-2021-26708 (Linux kernel) with sshd
https://hardenedvault.net/2022/03/01/poc-cve-2021-26708.html
Beacon Object Files
https://github.com/BOFs/BOFs
Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc
https://github.com/wumb0/rust_bof
https://github.com/BOFs/BOFs
Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc
https://github.com/wumb0/rust_bof
All in one complete hacking toolkit for termux, kali and any other linux distro
https://github.com/Cvar1984/MR.X-0day
https://github.com/Cvar1984/MR.X-0day
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
CVE-2022-22947 Spring Cloud Gateway RCE Exploit
1. https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947
2. https://github.com/Axx8/CVE-2022-22947_Rce_Exp
1. https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947
2. https://github.com/Axx8/CVE-2022-22947_Rce_Exp
CVE-2022-25090 PrintixService
https://github.com/ComparedArray/printix-CVE-2022-25090
CVE-2022-25064 TP-LINK TL-WR840N RCE via the function oal_wan6_setIpAddr
https://github.com/Mr-xn/CVE-2022-25064
https://github.com/ComparedArray/printix-CVE-2022-25090
CVE-2022-25064 TP-LINK TL-WR840N RCE via the function oal_wan6_setIpAddr
https://github.com/Mr-xn/CVE-2022-25064
UAC Bypass
tested works well on Windows 11
https://github.com/aaaddress1/PR0CESS/tree/main/UACBypassJF_RpcALPC
tested works well on Windows 11
https://github.com/aaaddress1/PR0CESS/tree/main/UACBypassJF_RpcALPC
Re-casting EDR functions
https://github.com/RedTeamOperations/Journey-to-McAfee/tree/main/EDR-Recasting
https://github.com/RedTeamOperations/Journey-to-McAfee/tree/main/EDR-Recasting
Conti Locker source code
https://github.com/Cracked5pider/conti_locker
Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group
https://github.com/TheParmak/conti-leaks-englished
https://github.com/Cracked5pider/conti_locker
Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group
https://github.com/TheParmak/conti-leaks-englished
Website Shell BackDoors (collection of internet)
https://github.com/1337r0j4n/web-shells
List of Bluetooth BR/EDR/LE security resources
https://github.com/engn33r/awesome-bluetooth-security
https://github.com/1337r0j4n/web-shells
List of Bluetooth BR/EDR/LE security resources
https://github.com/engn33r/awesome-bluetooth-security
Manipulating user passwords without mimikatz
https://www.trustedsec.com/blog/manipulating-user-passwords-without-mimikatz
Kubernetes and HostPath, a Love-Hate Relationship
https://blog.quarkslab.com/kubernetes-and-hostpath-a-love-hate-relationship.html
https://www.trustedsec.com/blog/manipulating-user-passwords-without-mimikatz
Kubernetes and HostPath, a Love-Hate Relationship
https://blog.quarkslab.com/kubernetes-and-hostpath-a-love-hate-relationship.html
CISA adds another 95 flaws to its known exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks
https://blog.f-secure.com/attack-landscape-update-h1-2021
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks
https://blog.f-secure.com/attack-landscape-update-h1-2021
Forwarded from LAPSUS$
SAMSUNG LEAK IS HERE!
Now leaking confidential Samsung source code! Our leak from breach includes:
DEVICES/HARDWARE
-Source code for every Trusted Applet (TA) installed on all samsung device's TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris etc) THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
-Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we're talking individual RX/TX bitstreams here)
-Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
-Various other data, confidential source code from Qualcomm.
ONLINE SERVICES
-Samsung activation servers source code (for first-time setup)
-SAMSUNG ACCOUNTS FULL SOURCE CODE! Including Authentication, Identity, API, Services, and many more that wouldn't fit here!
-Various other data.
As always, enjoy! ;)
REPEATEDLY ASKING US ANOTHER NVIDIA WILL RESULT IN A BAN. GIVE US TIME
Now leaking confidential Samsung source code! Our leak from breach includes:
DEVICES/HARDWARE
-Source code for every Trusted Applet (TA) installed on all samsung device's TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris etc) THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
-Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we're talking individual RX/TX bitstreams here)
-Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
-Various other data, confidential source code from Qualcomm.
ONLINE SERVICES
-Samsung activation servers source code (for first-time setup)
-SAMSUNG ACCOUNTS FULL SOURCE CODE! Including Authentication, Identity, API, Services, and many more that wouldn't fit here!
-Various other data.
As always, enjoy! ;)
REPEATEDLY ASKING US ANOTHER NVIDIA WILL RESULT IN A BAN. GIVE US TIME
Quickly discover exposed hosts on the internet using multiple search engine
https://github.com/projectdiscovery/uncover
https://github.com/projectdiscovery/uncover
Pandora is an simple undetectable open-source virus composed of agents, servers and masters
https://github.com/thisisnzed/Pandora
https://github.com/thisisnzed/Pandora
Exploit CVE-2022-25636 Linux kernel net/netfilter/nf_dup_netdev.c
https://github.com/Bonfee/CVE-2022-25636
CVE-2022-0847 Linux Kernel overwriting data in arbitrary read-only files
https://github.com/bbaranoff/CVE-2022-0847
https://github.com/Bonfee/CVE-2022-25636
CVE-2022-0847 Linux Kernel overwriting data in arbitrary read-only files
https://github.com/bbaranoff/CVE-2022-0847