UAC bypass for x64 Windows 7 - 11
https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC
#git #pentest #redteam
@HackingBra
https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC
#git #pentest #redteam
@HackingBra
GitHub
GitHub - hackerhouse-opensource/iscsicpl_bypassUAC: UAC bypass for x64 Windows 7 - 11
UAC bypass for x64 Windows 7 - 11. Contribute to hackerhouse-opensource/iscsicpl_bypassUAC development by creating an account on GitHub.
This PoC copy user specified dll to
@HackingBra
https://github.com/Wh04m1001/IDiagnosticProfileUAC
C:\Windows\System32\wow64log.dll and trigger MicrosoftEdgeUpdate service by creating instance of Microsoft Edge Update Legacy On Demand COM object (A6B716CB-028B-404D-B72C-50E153DD68DA) which run in SYSTEM context and will load wow64log.dll@HackingBra
https://github.com/Wh04m1001/IDiagnosticProfileUAC
[ GOAD ]
pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
@HackingBra
pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
@HackingBra
GitHub
GitHub - Orange-Cyberdefense/GOAD: game of active directory
game of active directory. Contribute to Orange-Cyberdefense/GOAD development by creating an account on GitHub.
ADFSRelay
This repository includes two utilities NTLMParse and #ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message.
Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service.
This utility can be leveraged to perform NTLM relaying attacks targeting ADFS. We have also released a blog post discussing ADFS relaying attacks in more detail [1].
https://github.com/praetorian-inc/ADFSRelay
Relaying to #ADFS Attacks
https://www.praetorian.com/blog/relaying-to-adfs-attacks
@HackingBra
This repository includes two utilities NTLMParse and #ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message.
Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service.
This utility can be leveraged to perform NTLM relaying attacks targeting ADFS. We have also released a blog post discussing ADFS relaying attacks in more detail [1].
https://github.com/praetorian-inc/ADFSRelay
Relaying to #ADFS Attacks
https://www.praetorian.com/blog/relaying-to-adfs-attacks
@HackingBra
CVE-2022-29582, an io_uring vulnerability
A detailed and well-written article by Awarau and David Bouman about exploiting a slab use-after-free vulnerability in the io_uring subsystem.
The exploit leverages a cross-cache attack and msg_msg spraying to overwrite a tls_context object and execute a ROP chain to gain root.
A detailed and well-written article by Awarau and David Bouman about exploiting a slab use-after-free vulnerability in the io_uring subsystem.
The exploit leverages a cross-cache attack and msg_msg spraying to overwrite a tls_context object and execute a ROP chain to gain root.
Computer security and related topics
CVE-2022-29582
This post covers an interesting vulnerability we (Jayden and David) found in the io_uring subsystem of the Linux kernel.
Ferramenta para realizar diversos ataques WIFI: https://github.com/0x90/wifi-arsenal
Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2)
https://github.com/deepzec/Bad-Pdf
https://github.com/deepzec/Bad-Pdf
RAT multiplataforma baseado em Telegram que se comunica via Telegram para contornar restrições de rede.
https://github.com/machine1337/TelegramRAT
https://github.com/machine1337/TelegramRAT
#exploit
#CVE-2023-34039:
VMWare Aria Operations for Networks Static SSH key RCE
https://github.com/sinsinology/CVE-2023-34039
#CVE-2023-34039:
VMWare Aria Operations for Networks Static SSH key RCE
https://github.com/sinsinology/CVE-2023-34039
#exploit
#CVE-2023-34039:
Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks
https://github.com/Cyb3rEnthusiast/CVE-2023-34039
#CVE-2023-34039:
Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks
https://github.com/Cyb3rEnthusiast/CVE-2023-34039
An all-in-one hacking tool written in Python to remotely exploit Android devices using #ADB (Android Debug Bridge) and #Metasploit-Framework.
https://github.com/AzeemIdrisi/PhoneSploit-Pro
https://github.com/AzeemIdrisi/PhoneSploit-Pro
GitHub
GitHub - AzeemIdrisi/PhoneSploit-Pro: An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework…
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session. - AzeemIdrisi/PhoneSploit-Pro