CVE-2022-22947 Spring Cloud Gateway RCE Exploit
1. https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947
2. https://github.com/Axx8/CVE-2022-22947_Rce_Exp
1. https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947
2. https://github.com/Axx8/CVE-2022-22947_Rce_Exp
CVE-2022-25090 PrintixService
https://github.com/ComparedArray/printix-CVE-2022-25090
CVE-2022-25064 TP-LINK TL-WR840N RCE via the function oal_wan6_setIpAddr
https://github.com/Mr-xn/CVE-2022-25064
https://github.com/ComparedArray/printix-CVE-2022-25090
CVE-2022-25064 TP-LINK TL-WR840N RCE via the function oal_wan6_setIpAddr
https://github.com/Mr-xn/CVE-2022-25064
UAC Bypass
tested works well on Windows 11
https://github.com/aaaddress1/PR0CESS/tree/main/UACBypassJF_RpcALPC
tested works well on Windows 11
https://github.com/aaaddress1/PR0CESS/tree/main/UACBypassJF_RpcALPC
Re-casting EDR functions
https://github.com/RedTeamOperations/Journey-to-McAfee/tree/main/EDR-Recasting
https://github.com/RedTeamOperations/Journey-to-McAfee/tree/main/EDR-Recasting
Conti Locker source code
https://github.com/Cracked5pider/conti_locker
Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group
https://github.com/TheParmak/conti-leaks-englished
https://github.com/Cracked5pider/conti_locker
Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group
https://github.com/TheParmak/conti-leaks-englished
Website Shell BackDoors (collection of internet)
https://github.com/1337r0j4n/web-shells
List of Bluetooth BR/EDR/LE security resources
https://github.com/engn33r/awesome-bluetooth-security
https://github.com/1337r0j4n/web-shells
List of Bluetooth BR/EDR/LE security resources
https://github.com/engn33r/awesome-bluetooth-security
Manipulating user passwords without mimikatz
https://www.trustedsec.com/blog/manipulating-user-passwords-without-mimikatz
Kubernetes and HostPath, a Love-Hate Relationship
https://blog.quarkslab.com/kubernetes-and-hostpath-a-love-hate-relationship.html
https://www.trustedsec.com/blog/manipulating-user-passwords-without-mimikatz
Kubernetes and HostPath, a Love-Hate Relationship
https://blog.quarkslab.com/kubernetes-and-hostpath-a-love-hate-relationship.html
CISA adds another 95 flaws to its known exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks
https://blog.f-secure.com/attack-landscape-update-h1-2021
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks
https://blog.f-secure.com/attack-landscape-update-h1-2021
Forwarded from LAPSUS$
SAMSUNG LEAK IS HERE!
Now leaking confidential Samsung source code! Our leak from breach includes:
DEVICES/HARDWARE
-Source code for every Trusted Applet (TA) installed on all samsung device's TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris etc) THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
-Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we're talking individual RX/TX bitstreams here)
-Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
-Various other data, confidential source code from Qualcomm.
ONLINE SERVICES
-Samsung activation servers source code (for first-time setup)
-SAMSUNG ACCOUNTS FULL SOURCE CODE! Including Authentication, Identity, API, Services, and many more that wouldn't fit here!
-Various other data.
As always, enjoy! ;)
REPEATEDLY ASKING US ANOTHER NVIDIA WILL RESULT IN A BAN. GIVE US TIME
Now leaking confidential Samsung source code! Our leak from breach includes:
DEVICES/HARDWARE
-Source code for every Trusted Applet (TA) installed on all samsung device's TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris etc) THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
-Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we're talking individual RX/TX bitstreams here)
-Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
-Various other data, confidential source code from Qualcomm.
ONLINE SERVICES
-Samsung activation servers source code (for first-time setup)
-SAMSUNG ACCOUNTS FULL SOURCE CODE! Including Authentication, Identity, API, Services, and many more that wouldn't fit here!
-Various other data.
As always, enjoy! ;)
REPEATEDLY ASKING US ANOTHER NVIDIA WILL RESULT IN A BAN. GIVE US TIME
Quickly discover exposed hosts on the internet using multiple search engine
https://github.com/projectdiscovery/uncover
https://github.com/projectdiscovery/uncover
Pandora is an simple undetectable open-source virus composed of agents, servers and masters
https://github.com/thisisnzed/Pandora
https://github.com/thisisnzed/Pandora
Exploit CVE-2022-25636 Linux kernel net/netfilter/nf_dup_netdev.c
https://github.com/Bonfee/CVE-2022-25636
CVE-2022-0847 Linux Kernel overwriting data in arbitrary read-only files
https://github.com/bbaranoff/CVE-2022-0847
https://github.com/Bonfee/CVE-2022-25636
CVE-2022-0847 Linux Kernel overwriting data in arbitrary read-only files
https://github.com/bbaranoff/CVE-2022-0847
Cobalt Strike Licensed Key
https://github.com/trewisscotch/Cobalt-Strike-Licensed-Key
https://github.com/trewisscotch/Cobalt-Strike-Licensed-Key
CVE-2022-22005 Microsoft Sharepoint RCE
https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE
https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE
Test whether a container environment is vulnerable to container escapes via CVE-2022-0492
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups
Prophet Spider Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell
https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups
Prophet Spider Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell
https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile
Zen and the Art of SMM Bug Hunting | Finding, Mitigating and Detecting UEFI Vulnerabilities
https://www.sentinelone.com/labs/zen-and-the-art-of-smm-bug-hunting-finding-mitigating-and-detecting-uefi-vulnerabilities
https://www.sentinelone.com/labs/zen-and-the-art-of-smm-bug-hunting-finding-mitigating-and-detecting-uefi-vulnerabilities
Cloud Bucket Leak Detection Tools
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools
steal victim images exact location device info and much more
https://github.com/swagkarna/Nivistealer
https://github.com/swagkarna/Nivistealer
A toolkit that brings together penetration testing tools such as wireless tools, web tools, password cracking tools, etc
https://github.com/MyMeepSQL/OmegaDSToolkit
https://github.com/MyMeepSQL/OmegaDSToolkit
Rufus is a Dos tool written in Python3
https://github.com/billythegoat356/Rufus
Vulture is a tool written in Python3 allowing you to gain access
to all the files of the victim's computer without any permissions
https://github.com/billythegoat356/Vulture
https://github.com/billythegoat356/Rufus
Vulture is a tool written in Python3 allowing you to gain access
to all the files of the victim's computer without any permissions
https://github.com/billythegoat356/Vulture