A Azure Exploitation Toolkit for Red Team & Pentesters
https://github.com/SikretaLabs/BlueMap
https://github.com/SikretaLabs/BlueMap
GitHub
GitHub - SikretaLabs/BlueMap: A Azure Exploitation Toolkit for Red Team & Pentesters
A Azure Exploitation Toolkit for Red Team & Pentesters - SikretaLabs/BlueMap
Empire - PowerShell/Python 3.x post-exploitation/adversary emulation framework
https://github.com/BC-SECURITY/Empire
https://github.com/BC-SECURITY/Empire
GitHub
GitHub - BC-SECURITY/Empire: Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and…
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. - BC-SECURITY/Empire
Vulnerabilities in BMC Firmware Affect OT/IoT Device Security
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1
Nozominetworks
Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1
Nozomi Networks Security Researchers disclose 13 vulnerabilities affecting Baseboard Management Controllers (BMCs), which may allow an attacker to achieve RCE.
CVE and PoC SearchBot
@pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
Updated 0.3.5 - 2022-11-22
Added
▪️ More flexibility in operating mode:
- ▪️ User can now combine up to 4 operating modes: CVE/Keywords, CVE/Level, PoCs/Keywords, PoCs/Vendor or Products.
- ▪️ Default operating mode is CVE/Level.
- ▪️ Corresponding options can be set in main menu by choosing operating mode.
▪️ Can now set exclusion words for CVE|PoC search.
▪️ By tapping "Delete all CVE" button user is now asked to confirm his intentions.
Changed
▪️ Help information.
▪️ Adjusting user's search request. If user's search request is not matching CVE template then "CVE description" search mode with corresponding PoCs will be initialized. If any PoCs are found user will receive an archive file. In case archive size exceeds 50 Mb it will be spilt into parts.
▪️ Data base structure.
▪️ If user doesn't have any CVE/Keywords/Products he will not get "Show all" suggestion.
Fixed
▪️ Error message will not be shown when user starts bot for the first time.
@pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
Updated 0.3.5 - 2022-11-22
Added
▪️ More flexibility in operating mode:
- ▪️ User can now combine up to 4 operating modes: CVE/Keywords, CVE/Level, PoCs/Keywords, PoCs/Vendor or Products.
- ▪️ Default operating mode is CVE/Level.
- ▪️ Corresponding options can be set in main menu by choosing operating mode.
▪️ Can now set exclusion words for CVE|PoC search.
▪️ By tapping "Delete all CVE" button user is now asked to confirm his intentions.
Changed
▪️ Help information.
▪️ Adjusting user's search request. If user's search request is not matching CVE template then "CVE description" search mode with corresponding PoCs will be initialized. If any PoCs are found user will receive an archive file. In case archive size exceeds 50 Mb it will be spilt into parts.
▪️ Data base structure.
▪️ If user doesn't have any CVE/Keywords/Products he will not get "Show all" suggestion.
Fixed
▪️ Error message will not be shown when user starts bot for the first time.
👍2
subzuf is a subdomain brute-force fuzzer coupled with an immensly simple but effective DNS reponse-guided algorithm.
https://github.com/elceef/subzuf
https://github.com/elceef/subzuf
GitHub
GitHub - elceef/subzuf: a smart DNS response-guided subdomain fuzzer
a smart DNS response-guided subdomain fuzzer. Contribute to elceef/subzuf development by creating an account on GitHub.
Guide to Reversing and Exploiting iOS binaries
Part 1 - How to Reverse Engineer and Patch an iOS Application for Beginners
https://www.inversecos.com/2022/06/how-to-reverse-engineer-and-patch-ios.html
Part 2 - ARM64 ROP Chains
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html
Part 3 - Heap Overflows on iOS ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
Part 1 - How to Reverse Engineer and Patch an iOS Application for Beginners
https://www.inversecos.com/2022/06/how-to-reverse-engineer-and-patch-ios.html
Part 2 - ARM64 ROP Chains
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html
Part 3 - Heap Overflows on iOS ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
Inversecos
How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
👍1
Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
GitHub
GitHub - p0dalirius/Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through…
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. - p0dalirius/Coercer
CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
vlc_vnc_int_overflow.pdf
94.6 KB
"VLC: Integer overflow in vnc module <= 3.0.18 (CVE-2022-41325): Security advisory".
shells.zip
7.7 MB
Shells is a script for generating common reverse shells fast and easy.
Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
https://itm4n.github.io/debugging-protected-processes
Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
itm4n’s blog
Debugging Protected Processes
Whenever I need to debug a protected process, I usually disable the protection in the Kernel so that I can attach a User-mode debugger. This has always served me well until it sort of backfired.
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
https://github.com/kubeshark/kubeshark
GitHub
GitHub - kubeshark/kubeshark: AI-ready API traffic analyzer for Kubernetes, providing deep packet inspection with complete API…
AI-ready API traffic analyzer for Kubernetes, providing deep packet inspection with complete API and Kubernetes contexts, retaining cluster-wide L4 traffic (PCAP), and using minimal production comp...
Loading unsigned Windows drivers without reboot
https://v1k1ngfr.github.io/loading-windows-unsigned-driver
https://v1k1ngfr.github.io/loading-windows-unsigned-driver
vegvisir
Loading unsigned Windows drivers without reboot
Loading unsigned Windows drivers without reboot. Dive into gdrv-loader source code.
👍2
Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
https://github.com/machine1337/pycrypt
https://github.com/machine1337/pycrypt
GitHub
GitHub - root4031/pycrypt: Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products - root4031/pycrypt
❤1🥰1
BlackHat Europe 2022:
Shoggoth - Asmjit Based Polymorphic Shellcode Encryptor
https://github.com/frkngksl/Shoggoth
Shoggoth - Asmjit Based Polymorphic Shellcode Encryptor
https://github.com/frkngksl/Shoggoth
GitHub
GitHub - frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor
Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.
StealthHook - A method for hooking a function without modifying memory protection
https://www.x86matthew.com/view_post?id=stealth_hook
https://www.x86matthew.com/view_post?id=stealth_hook