Suborner: The Invisible Account Forger
A simple program to create a Windows account you will only know about :)
https://github.com/r4wd3r/Suborner
A simple program to create a Windows account you will only know about :)
https://github.com/r4wd3r/Suborner
GitHub
GitHub - r4wd3r/Suborner
Contribute to r4wd3r/Suborner development by creating an account on GitHub.
🔥2👍1
CVE-2022-34715:
Microsoft Windows NFS v4 RCE
https://www.zerodayinitiative.com/blog/2022/8/31/cve-2022-34715-more-microsoft-windows-nfs-v4-remote-code-execution
Microsoft Windows NFS v4 RCE
https://www.zerodayinitiative.com/blog/2022/8/31/cve-2022-34715-more-microsoft-windows-nfs-v4-remote-code-execution
Zero Day Initiative
Zero Day Initiative — CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quintin Crist and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Windows operating system…
1. Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key
https://github.com/hackerhouse-opensource/MsSettingsDelegateExecute
2. UAC bypass for x64 Windows 7-11
https://github.com/zha0gongz1/iscsicpl_bypassUAC
https://github.com/hackerhouse-opensource/MsSettingsDelegateExecute
2. UAC bypass for x64 Windows 7-11
https://github.com/zha0gongz1/iscsicpl_bypassUAC
GitHub
GitHub - hackerhouse-opensource/MsSettingsDelegateExecute: Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry…
Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key. - hackerhouse-opensource/MsSettingsDelegateExecute
👍5
r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
https://github.com/bytecode77/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
https://github.com/bytecode77/r77-rootkit
GitHub
GitHub - bytecode77/r77-rootkit: Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections…
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc. - bytecode77/r77-rootkit
👍1
#Malware
1. Spymax Android RAT
https://insinuator.net/2022/09/spymax-the-android-rat-and-it-works-like-that
2. Play Ransomware
https://www.trendmicro.com/en_us/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html
3. Analyzing Obfuscated VBS with CyberChef
https://isc.sans.edu/diary/29028
1. Spymax Android RAT
https://insinuator.net/2022/09/spymax-the-android-rat-and-it-works-like-that
2. Play Ransomware
https://www.trendmicro.com/en_us/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html
3. Analyzing Obfuscated VBS with CyberChef
https://isc.sans.edu/diary/29028
Tool to automatically exploit AD privilege escalation paths shown by BloodHound
https://github.com/CravateRouge/autobloody
https://github.com/CravateRouge/autobloody
GitHub
GitHub - CravateRouge/autobloody: Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound
Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound - CravateRouge/autobloody
Default Credentials Cheat Sheet
https://github.com/ihebski/DefaultCreds-cheat-sheet
https://github.com/ihebski/DefaultCreds-cheat-sheet
GitHub
GitHub - ihebski/DefaultCreds-cheat-sheet: One place for all the default credentials to assist the Blue/Red teamers identifying…
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️ - ihebski/DefaultCreds-cheat-sheet
Root shell exploit for several Xiaomi routers:
4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...
https://github.com/acecilia/OpenWRTInvasion
4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...
https://github.com/acecilia/OpenWRTInvasion
GitHub
GitHub - acecilia/OpenWRTInvasion: Root shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4, 4C, 3Gv2, 4Q, miWifi…
Root shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4, 4C, 3Gv2, 4Q, miWifi 3C... - acecilia/OpenWRTInvasion
vMass Bot
vMass Bot automates the exploitation of remote hosts by trying to find environment files (.env) in target hosts and extract tools and info insde, then the bot detects the target host CMS and tries to auto exploit and upload shell payload using the vMass vulnerability set ( 108 exploits in the current version 1.2)
https://github.com/c99tn/vMass
vMass Bot automates the exploitation of remote hosts by trying to find environment files (.env) in target hosts and extract tools and info insde, then the bot detects the target host CMS and tries to auto exploit and upload shell payload using the vMass vulnerability set ( 108 exploits in the current version 1.2)
https://github.com/c99tn/vMass
GitHub
GitHub - aziz0x48/vMass: vMass Bot Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
vMass Bot :hook: Vulnerability Scanner & Auto Exploiter Tool Written in Perl. - aziz0x48/vMass
CVE-2022-36804:
A critical vulnerability in Atlassian Bitbucket Server/Data Center
https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE
A critical vulnerability in Atlassian Bitbucket Server/Data Center
https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE
How Malicious Actors Abuse Native Linux Tools in Attacks
https://www.trendmicro.com/en_us/research/22/i/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html
https://www.trendmicro.com/en_us/research/22/i/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html
Trend Micro
How Malicious Actors Abuse Native Linux Tools in Their Attacks
Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on…
Joern - Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs
https://github.com/joernio/joern
https://github.com/joernio/joern
GitHub
GitHub - joernio/joern: Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property…
Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc - joernio/joern
CVE-2022-37706:
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
GitHub
GitHub - MaherAzzouzi/CVE-2022-37706-LPE-exploit: A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu…
A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04) - MaherAzzouzi/CVE-2022-37706-LPE-exploit
👍1
Analyzing Golang Executables
https://www.pnfsoftware.com/blog/analyzing-golang-executables
https://www.pnfsoftware.com/blog/analyzing-golang-executables
CVE-2022-37706-LPE-exploit-main.zip
484.2 KB
CVE-2022-37706:
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
CrackMapExec - A swiss army knife for pentesting networks
https://github.com/Porchetta-Industries/CrackMapExec
https://github.com/Porchetta-Industries/CrackMapExec
GitHub
GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
A swiss army knife for pentesting networks. Contribute to byt3bl33d3r/CrackMapExec development by creating an account on GitHub.