Configurable backdoor to bypass antivirus
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads
GitHub
GitHub - RoseSecurity/Anti-Virus-Evading-Payloads: During the exploitation phase of a pen test or ethical hacking engagement, you…
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Here is a simple way to evade anti-virus ...
👍1
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
https://medium.com/@as3ng/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
https://medium.com/@as3ng/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
Medium
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
Mobile applications has become a trend these days since there are a rapid growing companies and startups which already taken their steps…
Forwarded from Intercepter-NG
🔥Intercepter-NG v1.2 for Windows🔥
Youtube
* SSL MiTM rewritten (SNI support)Download here
* SSL Strip updated
* X-Scan updated
+ Forced capturing on PPP interfaces
************
+ Captive Portal test template
- eXtreme mode, iOS killer
- Heartbleed exploit
- DHCP\RAW Mode
* WayBack Mode (restores hidden modes)
* OUI db updated
* Fixes, improvements, optimizations
************
Youtube
************🔥1
How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
https://docs.microsoft.com/en-GB/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
https://docs.microsoft.com/en-GB/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
Docs
Detect, enable, and disable SMBv1, SMBv2, and SMBv3 in Windows
See various ways to detect, enable, and disable the Server Message Block (SMB) protocol (SMBv1, SMBv2, and SMBv3) in Windows client and server environments.
Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty...
https://github.com/hktalent/scan4all
https://github.com/hktalent/scan4all
GitHub
GitHub - GhostTroops/scan4all: Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints;…
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)... - ...
How the "initial access brokers" scene works and its role in recent ransomware attacks.
#ransomware
https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf
#ransomware
https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf
👍1
A Hidden and Undetectable Remote Access Tool written in C++ and Server in Python3
https://github.com/anonlo99/Windows-Backdoor
https://github.com/anonlo99/Windows-Backdoor
GitHub
GitHub - ryanwe1ss/Remote-Access-Tool: A Hidden and Undetectable Remote Access Tool written in C++ and Server in Python3.
A Hidden and Undetectable Remote Access Tool written in C++ and Server in Python3. - ryanwe1ss/Remote-Access-Tool
MITRE ATT&CK Matrix for Kubernetes
Tactics & Techniques
Part 1: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-1
Part 2: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-2
Part 3: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-3
Tactics & Techniques
Part 1: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-1
Part 2: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-2
Part 3: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-3
Elastic Security detection content for Endpoint
https://github.com/elastic/protections-artifacts
https://github.com/elastic/protections-artifacts
GitHub
GitHub - elastic/protections-artifacts: Elastic Security detection content for Endpoint
Elastic Security detection content for Endpoint. Contribute to elastic/protections-artifacts development by creating an account on GitHub.
NETGEAR R6700v3: 1day Analysis (CVE-2021-34982) Buffer Overflow RCE Vulnerability
https://blog.viettelcybersecurity.com/netgear-r6700v3-1day-analysis-cve-2021-34982-buffer-overflow-rce-vulnerabiliy-2
https://blog.viettelcybersecurity.com/netgear-r6700v3-1day-analysis-cve-2021-34982-buffer-overflow-rce-vulnerabiliy-2
A static code analysis for WordPress (and PHP)
https://github.com/webarx-security/wpbullet
https://github.com/webarx-security/wpbullet
GitHub
GitHub - webarx-security/wpbullet: A static code analysis for WordPress (and PHP)
A static code analysis for WordPress (and PHP). Contribute to webarx-security/wpbullet development by creating an account on GitHub.
Fuzzable - Framework for Automating Fuzzable Target Discovery with Static Analysis
https://github.com/ex0dus-0x/fuzzable
https://github.com/ex0dus-0x/fuzzable
GitHub
GitHub - ex0dus-0x/fuzzable: Framework for Automating Fuzzable Target Discovery with Static Analysis.
Framework for Automating Fuzzable Target Discovery with Static Analysis. - ex0dus-0x/fuzzable
🔥2
Backdooring Office Structures
Part 1 - The Oldschool
https://mgeeky.tech/backdooring-office-structures-part-1-oldschool
Part 2 - Payload Crumbs In Custom Parts
https://mgeeky.tech/payload-crumbs-in-custom-parts
Part 1 - The Oldschool
https://mgeeky.tech/backdooring-office-structures-part-1-oldschool
Part 2 - Payload Crumbs In Custom Parts
https://mgeeky.tech/payload-crumbs-in-custom-parts
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
https://wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities
https://wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities
wiz.io
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors | Wiz Blog
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.
This is a pre-authenticated #RCE exploit for VMware vRealize Operations Manager (vROPS) that impacts versions <= 8.6.3.19682901.
https://github.com/sourceincite/DashOverride
https://github.com/sourceincite/DashOverride
GitHub
GitHub - sourceincite/DashOverride: This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager
This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager - sourceincite/DashOverride
CVE-2022-37393:
Privilege escalation in Zimbra Collaboration Suite
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
Privilege escalation in Zimbra Collaboration Suite
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
AttackerKB
CVE-2022-37393 | AttackerKB
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zms…