Tool to automatically exploit AD privilege escalation paths shown by BloodHound
https://github.com/CravateRouge/autobloody
https://github.com/CravateRouge/autobloody
GitHub
GitHub - CravateRouge/autobloody: Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound
Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound - CravateRouge/autobloody
Default Credentials Cheat Sheet
https://github.com/ihebski/DefaultCreds-cheat-sheet
https://github.com/ihebski/DefaultCreds-cheat-sheet
GitHub
GitHub - ihebski/DefaultCreds-cheat-sheet: One place for all the default credentials to assist the Blue/Red teamers identifying…
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️ - ihebski/DefaultCreds-cheat-sheet
Root shell exploit for several Xiaomi routers:
4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...
https://github.com/acecilia/OpenWRTInvasion
4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...
https://github.com/acecilia/OpenWRTInvasion
GitHub
GitHub - acecilia/OpenWRTInvasion: Root shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4, 4C, 3Gv2, 4Q, miWifi…
Root shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4, 4C, 3Gv2, 4Q, miWifi 3C... - acecilia/OpenWRTInvasion
vMass Bot
vMass Bot automates the exploitation of remote hosts by trying to find environment files (.env) in target hosts and extract tools and info insde, then the bot detects the target host CMS and tries to auto exploit and upload shell payload using the vMass vulnerability set ( 108 exploits in the current version 1.2)
https://github.com/c99tn/vMass
vMass Bot automates the exploitation of remote hosts by trying to find environment files (.env) in target hosts and extract tools and info insde, then the bot detects the target host CMS and tries to auto exploit and upload shell payload using the vMass vulnerability set ( 108 exploits in the current version 1.2)
https://github.com/c99tn/vMass
GitHub
GitHub - aziz0x48/vMass: vMass Bot Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
vMass Bot :hook: Vulnerability Scanner & Auto Exploiter Tool Written in Perl. - aziz0x48/vMass
CVE-2022-36804:
A critical vulnerability in Atlassian Bitbucket Server/Data Center
https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE
A critical vulnerability in Atlassian Bitbucket Server/Data Center
https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE
How Malicious Actors Abuse Native Linux Tools in Attacks
https://www.trendmicro.com/en_us/research/22/i/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html
https://www.trendmicro.com/en_us/research/22/i/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html
Trend Micro
How Malicious Actors Abuse Native Linux Tools in Their Attacks
Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on…
Joern - Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs
https://github.com/joernio/joern
https://github.com/joernio/joern
GitHub
GitHub - joernio/joern: Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property…
Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc - joernio/joern
CVE-2022-37706:
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
GitHub
GitHub - MaherAzzouzi/CVE-2022-37706-LPE-exploit: A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu…
A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04) - MaherAzzouzi/CVE-2022-37706-LPE-exploit
👍1
Analyzing Golang Executables
https://www.pnfsoftware.com/blog/analyzing-golang-executables
https://www.pnfsoftware.com/blog/analyzing-golang-executables
CVE-2022-37706-LPE-exploit-main.zip
484.2 KB
CVE-2022-37706:
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
CrackMapExec - A swiss army knife for pentesting networks
https://github.com/Porchetta-Industries/CrackMapExec
https://github.com/Porchetta-Industries/CrackMapExec
GitHub
GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
A swiss army knife for pentesting networks. Contribute to byt3bl33d3r/CrackMapExec development by creating an account on GitHub.
Static analysis tool based on clang, which detects source-to-binary information leaks in C/C++ projects
https://github.com/ergrelet/cpplumber
https://github.com/ergrelet/cpplumber
GitHub
GitHub - ergrelet/cpplumber: Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++…
Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects - ergrelet/cpplumber
JuicyPotato
https://github.com/antonioCoco/JuicyPotatoNG
research: https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/
https://github.com/antonioCoco/JuicyPotatoNG
research: https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/
GitHub
GitHub - antonioCoco/JuicyPotatoNG: Another Windows Local Privilege Escalation from Service Account to System
Another Windows Local Privilege Escalation from Service Account to System - GitHub - antonioCoco/JuicyPotatoNG: Another Windows Local Privilege Escalation from Service Account to System
Sacrificing Suspended Processes
https://www.optiv.com/insights/source-zero/blog/sacrificing-suspended-processes
payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods:
https://github.com/optiv/Freeze
https://www.optiv.com/insights/source-zero/blog/sacrificing-suspended-processes
payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods:
https://github.com/optiv/Freeze
Optiv
Sacrificing Suspended Processes
EDR hooking has become a major part of an adversary’s ability to successfully compromise an endpoint system. Hooking is a technique that alters the behavior of an application, allowing EDR tools to monitor the execution flow that occurs in a process, gather…
How To Attack Admin Panels Successfully
https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
Medium
How To Attack Admin Panels Successfully
Attacking Web Apps Admin Panels The Right Way
👍1🔥1