Rules to Hack By:-
Offensivecon 2022 keynote
https://www.slideshare.net/MarkDowd13/rules-to-hack-by-offensivecon-2022-keynote-251318003

Qakbot injects itself into the middle of your conversations
https://news.sophos.com/en-us/2022/03/10/qakbot-injects-itself-into-the-middle-of-your-conversations

Mac OS Red Teaming:
Bypass TCC with old apps
https://wojciechregula.blog/post/macos-red-teaming-bypass-tcc-with-old-apps
Exploiting a use-after-free in Windows Common Logging File System (CLFS)
https://blog.exodusintel.com/2022/03/10/exploiting-a-use-after-free-in-windows-common-logging-file-system-clfs

What's up with in-the-wild exploits? Plus, what we're doing about it
https://security.googleblog.com/2022/03/whats-up-with-in-wild-exploits-plus.html

Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587
https://github.com/antx-code/CVE-2021-35587
PoC CVE-2021-30955 iOS 15.1 kernel Exp
https://github.com/tihmstar/desc_race-fun_public
PoC CVE-2022-24122 Linux Kernel
https://github.com/meowmeowxw/CVE-2022-24122

Explore multiple decompilers and compare their output with minimal effort
Upload binary, get decompilation
https://github.com/mborgerson/mdec

Java WebShell automated kill-free generation
https://github.com/Tas9er/ByPassBehinder4J

Bindings for Microsoft WinDBG TTD
https://github.com/commial/ttd-bindings

How a macOS bug could have allowed for a serious phishing attack against users
https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users

2022 Global Mobile Threat Report
https://www.zimperium.com/global-mobile-threat-report
What Wicked Webs We Un-weave
https://www.prevailion.com/what-wicked-webs-we-unweave
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en

CVE-2022-22616: Simple way to bypass GateKeeper, hidden for years
https://jhftss.github.io/CVE-2022-22616-Gatekeeper-Bypass

General Application Store with support for root apps and more
https://github.com/YTVanced/VancedStore

Tools for taking automated screenshots of websites
https://github.com/simonw/shot-scraper
Fast and reliable python script that makes active and/or passive scan
https://github.com/v4d1/Dome
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did
https://github.com/Group3r/Group3r/actions

Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
https://research.nccgroup.com/2022/03/15/technical-advisory-apple-macos-xar-arbitrary-file-write-cve-2022-22582

CVE-2022-22947 spring cloud gateway
https://github.com/Wrin9/CVE-2022-22947
PoC CVE-2022-24112 Apache APISIX RCE
https://github.com/M4xSec/Apache-APISIX-CVE-2022-24112

Windows Exploitation Resources
https://github.com/FULLSHADE/WindowsExploitationResources
Windows Exploitation
https://web.archive.org/web/20200510110201/https://fullpwnops.com/windows-exploitation-pathway.html

New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems
https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware
Exposing initial access broker with ties to Conti
https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti
Cyclops Blink Sets Sights on Asus Routers
https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--

Microsoft creates tool to scan MikroTik routers for TrickBot infections
https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure

Jamf Threat Labs identifies Safari vulnerability allowing for Gatekeeper bypass CVE-2022-22616
https://www.jamf.com/blog/jamf-threat-labs-safari-vuln-gatekeeper-bypass

Abusing Azure Hybrid Workers for Privilege Escalation – Part 1
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-for-privilege-escalation
Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks
https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks

A tool for building remote access trojan
https://github.com/AdolfMacro/eyeRat
Dangerously fast dns/network/port scanner, all-in-one
https://github.com/Esc4iCEscEsc/skanuvaty
pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port
https://github.com/mytechnotalent/traffic-generator

WAMpage - A WebOS root LPE exploit chain CVE-2022-23731
https://github.com/DavidBuchanan314/WAMpage
Exploit for CVE-2022-27226 iRZ Mobile Routers RCE
https://github.com/SakuraSamuraii/ez-iRZ
PoC for CVE-2022-22600
https://github.com/acheong08/MSF-screenrecord-on-MacOS