Loading unsigned Windows drivers without reboot
https://v1k1ngfr.github.io/loading-windows-unsigned-driver
https://v1k1ngfr.github.io/loading-windows-unsigned-driver
vegvisir
Loading unsigned Windows drivers without reboot
Loading unsigned Windows drivers without reboot. Dive into gdrv-loader source code.
👍2
Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
https://github.com/machine1337/pycrypt
https://github.com/machine1337/pycrypt
GitHub
GitHub - root4031/pycrypt: Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products - root4031/pycrypt
❤1🥰1
BlackHat Europe 2022:
Shoggoth - Asmjit Based Polymorphic Shellcode Encryptor
https://github.com/frkngksl/Shoggoth
Shoggoth - Asmjit Based Polymorphic Shellcode Encryptor
https://github.com/frkngksl/Shoggoth
GitHub
GitHub - frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor
Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.
StealthHook - A method for hooking a function without modifying memory protection
https://www.x86matthew.com/view_post?id=stealth_hook
https://www.x86matthew.com/view_post?id=stealth_hook
Frida script to bypass common methods of sslpining Android
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
Gist
Frida script to bypass common methods of sslpining Android
Frida script to bypass common methods of sslpining Android - mixunpin.js
❤1
Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs.
https://github.com/deepinstinct/Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs.
https://github.com/deepinstinct/Dirty-Vanity
GitHub
GitHub - deepinstinct/Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www…
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...
Routing_security.pdf
3.3 MB
"Routing Security: BGP Incidents, Mitigation Techniques and Policy Actions", 2022.
Folina, Shadow Credentials, and WSUS exploitation
https://0xdf.gitlab.io/2022/12/10/htb-outdated.html
https://0xdf.gitlab.io/2022/12/10/htb-outdated.html
0xdf hacks stuff
HTB: Outdated
Outdated has three steps that are all really interesting. First, I’ll exploit Folina by sending a link to an email address collected via recon over SMB. Then I’ll exploit shadow credentials to move laterally to the next user. Finally, I’ll exploit the Windows…
Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods
https://github.com/p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods
https://github.com/p0dalirius/Coercer
GitHub
GitHub - p0dalirius/Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through…
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. - p0dalirius/Coercer
OWASP Secure Code Review Guide
https://github.com/OWASP/www-project-code-review-guide
https://github.com/OWASP/www-project-code-review-guide
GitHub
GitHub - OWASP/www-project-code-review-guide: OWASP Code Review Guide Web Repository
OWASP Code Review Guide Web Repository. Contribute to OWASP/www-project-code-review-guide development by creating an account on GitHub.
A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Juniper Networks
A Custom Python Backdoor for VMWare ESXi Servers
Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
https://opensourcesecurityindex.io
https://opensourcesecurityindex.io
opensourcesecurityindex.io
Open Source Security Index
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK
https://github.com/ax/apk.sh
https://github.com/ax/apk.sh
GitHub
GitHub - ax/apk.sh: Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding…
Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK. - ax/apk.sh
BEE·bot - OSINT automation for hackers.
https://github.com/blacklanternsecurity/bbot
https://github.com/blacklanternsecurity/bbot
GitHub
GitHub - blacklanternsecurity/bbot: The recursive internet scanner for hackers. 🧡
The recursive internet scanner for hackers. 🧡. Contribute to blacklanternsecurity/bbot development by creating an account on GitHub.
👍1
Incident Response Methodologies 2022
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
GitHub
GitHub - certsocietegenerale/IRM: Incident Response Methodologies 2022
Incident Response Methodologies 2022. Contribute to certsocietegenerale/IRM development by creating an account on GitHub.
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
Exodus Intelligence
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…
XLLing in Excel - Evolution of malicious XLLs
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
Cisco Talos Blog
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
CVE and PoC SearchBot - 0.5.0
@pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
Added
▪️ New sources of information about CVE vendor/products: nvd.nist.gov and cve.org;
▪️ Feedback answer option.
Changed
▪️ App's architecture;
▪️ APIv2 from nvd.nist.gov is now used;
▪️ Changed message-broker software;
▪️ Default level now is set to ALL;
▪️ PoC search based on CVE description and vendor/product;
▪️ The manual query PoCs now uses the logical AND.
Fixed
▪️ Vendor/products duplication issue;
▪️ Settings menu errors;
▪️ Number of minor bugs.
@pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
Added
▪️ New sources of information about CVE vendor/products: nvd.nist.gov and cve.org;
▪️ Feedback answer option.
Changed
▪️ App's architecture;
▪️ APIv2 from nvd.nist.gov is now used;
▪️ Changed message-broker software;
▪️ Default level now is set to ALL;
▪️ PoC search based on CVE description and vendor/product;
▪️ The manual query PoCs now uses the logical AND.
Fixed
▪️ Vendor/products duplication issue;
▪️ Settings menu errors;
▪️ Number of minor bugs.
🔥3