Rufus is a Dos tool written in Python3
https://github.com/billythegoat356/Rufus
Vulture is a tool written in Python3 allowing you to gain access
to all the files of the victim's computer without any permissions
https://github.com/billythegoat356/Vulture
https://github.com/billythegoat356/Rufus
Vulture is a tool written in Python3 allowing you to gain access
to all the files of the victim's computer without any permissions
https://github.com/billythegoat356/Vulture
Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities
Put an io_uring on it: Exploiting the Linux Kernel
https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
Reversing embedded device bootloader (U-Boot) - p.1
https://www.shielder.it/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities
Put an io_uring on it: Exploiting the Linux Kernel
https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
Reversing embedded device bootloader (U-Boot) - p.1
https://www.shielder.it/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Russian government sites hacked in supply chain attack, This comes after the Russian government shared a list of more than 17,000 IP
https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack
https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack
Cybersecurity researchers at Proofpoint say they detected a 500% jump in attempted mobile malware attacks during the first few months of 2022, with significant peaks at the beginning and end of February
https://www.proofpoint.com/us/blog/email-and-cloud-threats/mobile-malware-surging-europe-look-biggest-threats
https://www.proofpoint.com/us/blog/email-and-cloud-threats/mobile-malware-surging-europe-look-biggest-threats
Detect Mapping detection to MITRE ATT&CK
https://blog.nviso.eu/2022/03/09/dettct-mapping-detection-to-mitre-attck
https://blog.nviso.eu/2022/03/09/dettct-mapping-detection-to-mitre-attck
Tools for gathering information and actions forensic
https://github.com/danieldurnea/FBI-tools
https://github.com/danieldurnea/FBI-tools
Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316
https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316
Securing Developer Tools: Package Managers
https://blog.sonarsource.com/securing-developer-tools-package-managers
Escalating from Logic App Contributor to Root Owner in Azure
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-logic-app-contributor-escalation-to-root-owner
https://blog.sonarsource.com/securing-developer-tools-package-managers
Escalating from Logic App Contributor to Root Owner in Azure
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-logic-app-contributor-escalation-to-root-owner
offensivecon2022mdowdfinal2-220309231522.pdf
3.7 MB
Rules to Hack By:-
Offensivecon 2022 keynote
https://www.slideshare.net/MarkDowd13/rules-to-hack-by-offensivecon-2022-keynote-251318003
Offensivecon 2022 keynote
https://www.slideshare.net/MarkDowd13/rules-to-hack-by-offensivecon-2022-keynote-251318003
Qakbot injects itself into the middle of your conversations
https://news.sophos.com/en-us/2022/03/10/qakbot-injects-itself-into-the-middle-of-your-conversations
https://news.sophos.com/en-us/2022/03/10/qakbot-injects-itself-into-the-middle-of-your-conversations
Mac OS Red Teaming:
Bypass TCC with old apps
https://wojciechregula.blog/post/macos-red-teaming-bypass-tcc-with-old-apps
Exploiting a use-after-free in Windows Common Logging File System (CLFS)
https://blog.exodusintel.com/2022/03/10/exploiting-a-use-after-free-in-windows-common-logging-file-system-clfs
Bypass TCC with old apps
https://wojciechregula.blog/post/macos-red-teaming-bypass-tcc-with-old-apps
Exploiting a use-after-free in Windows Common Logging File System (CLFS)
https://blog.exodusintel.com/2022/03/10/exploiting-a-use-after-free-in-windows-common-logging-file-system-clfs
What's up with in-the-wild exploits? Plus, what we're doing about it
https://security.googleblog.com/2022/03/whats-up-with-in-wild-exploits-plus.html
https://security.googleblog.com/2022/03/whats-up-with-in-wild-exploits-plus.html
Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587
https://github.com/antx-code/CVE-2021-35587
PoC CVE-2021-30955 iOS 15.1 kernel Exp
https://github.com/tihmstar/desc_race-fun_public
PoC CVE-2022-24122 Linux Kernel
https://github.com/meowmeowxw/CVE-2022-24122
https://github.com/antx-code/CVE-2021-35587
PoC CVE-2021-30955 iOS 15.1 kernel Exp
https://github.com/tihmstar/desc_race-fun_public
PoC CVE-2022-24122 Linux Kernel
https://github.com/meowmeowxw/CVE-2022-24122
Explore multiple decompilers and compare their output with minimal effort
Upload binary, get decompilation
https://github.com/mborgerson/mdec
Upload binary, get decompilation
https://github.com/mborgerson/mdec
Java WebShell automated kill-free generation
https://github.com/Tas9er/ByPassBehinder4J
https://github.com/Tas9er/ByPassBehinder4J
How a macOS bug could have allowed for a serious phishing attack against users
https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users
https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users
2022 Global Mobile Threat Report
https://www.zimperium.com/global-mobile-threat-report
What Wicked Webs We Un-weave
https://www.prevailion.com/what-wicked-webs-we-unweave
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en
https://www.zimperium.com/global-mobile-threat-report
What Wicked Webs We Un-weave
https://www.prevailion.com/what-wicked-webs-we-unweave
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en
CVE-2022-22616: Simple way to bypass GateKeeper, hidden for years
https://jhftss.github.io/CVE-2022-22616-Gatekeeper-Bypass
https://jhftss.github.io/CVE-2022-22616-Gatekeeper-Bypass
General Application Store with support for root apps and more
https://github.com/YTVanced/VancedStore
https://github.com/YTVanced/VancedStore
Tools for taking automated screenshots of websites
https://github.com/simonw/shot-scraper
Fast and reliable python script that makes active and/or passive scan
https://github.com/v4d1/Dome
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did
https://github.com/Group3r/Group3r/actions
https://github.com/simonw/shot-scraper
Fast and reliable python script that makes active and/or passive scan
https://github.com/v4d1/Dome
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did
https://github.com/Group3r/Group3r/actions