REcollapse - tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
https://github.com/0xacb/recollapse

A Python rewriting of PowerSploit's PowerView
https://github.com/the-useless-one/pywerview

APT Groups and Operations
https://docs.google.com/spreadsheets/u/0/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/htmlview#

"Defending against automatization using NGINX", 2022.

Nginx Bad Bot and User-Agent Blocker, Spam Referrer Blocker, Anti DDOS, Bad IP Blocker, Wordpress Theme Detector Blocker:
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
#book #nginx

JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses
https://github.com/sinfulz/JustEvadeBro

Linux Password Mining
https://medium.com/@tinopreter/linux-password-mining-58e341635f1c

JavaScript Engine Exploitation Primitives
https://www.madstacks.dev/posts/V8-Exploitation-Series-Part-6/#writing-an-exploit
V8 Exploitation Series:
https://www.madstacks.dev/categories/v8-series

#Threat_Research
1. Android SharkBot Droppers on Google Play
https://www.bitdefender.com/blog/labs/android-sharkbot-droppers-on-google-play-underlines-platforms-security-needs
2. Cryptonite Ransomware
https://www.fortinet.com/blog/threat-research/Ransomware-Roundup-Cryptonite-Ransomware

Exploiting an N-day #vBulletin PHP Object Injection Vulnerability

https://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection

Cobalt Strike Community Kit - central repository of extensions written by the user community to extend the capabilities of Cobalt Strike
https://github.com/Cobalt-Strike/community_kit

A Azure Exploitation Toolkit for Red Team & Pentesters
https://github.com/SikretaLabs/BlueMap

Empire - PowerShell/Python 3.x post-exploitation/adversary emulation framework
https://github.com/BC-SECURITY/Empire

EvilnoVNC is a Ready to go Phishing Platform.
https://github.com/JoelGMSec/EvilnoVNC

Vulnerabilities in BMC Firmware Affect OT/IoT Device Security
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1

CVE and PoC SearchBot

@pocfather_bot

Bot helps to keep up to date with new CVEs and search new POC's

Updated 0.3.5 - 2022-11-22

Added
▪️ More flexibility in operating mode:
- ▪️ User can now combine up to 4 operating modes: CVE/Keywords, CVE/Level, PoCs/Keywords, PoCs/Vendor or Products.
- ▪️ Default operating mode is CVE/Level.
- ▪️ Corresponding options can be set in main menu by choosing operating mode.
▪️ Can now set exclusion words for CVE|PoC search.
▪️ By tapping "Delete all CVE" button user is now asked to confirm his intentions.

Changed
▪️ Help information.
▪️ Adjusting user's search request. If user's search request is not matching CVE template then "CVE description" search mode with corresponding PoCs will be initialized. If any PoCs are found user will receive an archive file. In case archive size exceeds 50 Mb it will be spilt into parts.
▪️ Data base structure.
▪️ If user doesn't have any CVE/Keywords/Products he will not get "Show all" suggestion.

Fixed
▪️ Error message will not be shown when user starts bot for the first time.

subzuf is a subdomain brute-force fuzzer coupled with an immensly simple but effective DNS reponse-guided algorithm.
https://github.com/elceef/subzuf

Guide to Reversing and Exploiting iOS binaries

Part 1 - How to Reverse Engineer and Patch an iOS Application for Beginners
https://www.inversecos.com/2022/06/how-to-reverse-engineer-and-patch-ios.html
Part 2 - ARM64 ROP Chains
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html
Part 3 - Heap Overflows on iOS ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html

Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer