NASim.pdf
1.7 MB
"Autonomous Penetration Testing using Reinforcement Learning"
Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
👍2
x64 binary obfuscator that is able to obfuscate various different PE files including:
.exe
.dll
.sys
https://github.com/weak1337/Alcatraz
.exe
.dll
.sys
https://github.com/weak1337/Alcatraz
GitHub
GitHub - weak1337/Alcatraz: x64 binary obfuscator
x64 binary obfuscator. Contribute to weak1337/Alcatraz development by creating an account on GitHub.
The OWASSRF + TabShell exploit chain
https://blog.viettelcybersecurity.com/tabshell-owassrf
https://blog.viettelcybersecurity.com/tabshell-owassrf
OPWNAI: CYBERCRIMINALS STARTING TO USE CHATGPT
https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/
https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/
Check Point Research
OPWNAI : Cybercriminals Starting to Use ChatGPT - Check Point Research
Introduction At the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses. However, ChatGPT has also added some spice to the modern cyber…
👍1
Security Audit of Git:
CVE-2022-23521:
Truncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes
CVE-2022-41903:
Out of Bounds Memory Write in Log Formatting
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif
CVE-2022-23521:
Truncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes
CVE-2022-41903:
Out of Bounds Memory Write in Log Formatting
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif
X41 D-Sec - Penetration Tests and Source Code Audits
X41 Audited Git
X41 releases the audit report of Git
Way Into Creating a Polymorphic Malware using ChatGPT
https://www.cyberark.com/resources/threat-research-blog/chatting-our-way-into-creating-a-polymorphic-malware
https://www.cyberark.com/resources/threat-research-blog/chatting-our-way-into-creating-a-polymorphic-malware
Cyberark
Chatting Our Way Into Creating a Polymorphic Malware
Abstract ChatGPT took the world by storm being released less than two months ago, it has become prominent and is used everywhere, for a wide variety of tasks – from automation tasks to the...
👍1🥰1
A script to automate privilege escalation with CVE-2023-22809 vulnerability
https://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc
https://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc
GitHub
GitHub - n3m1sys/CVE-2023-22809-sudoedit-privesc: A script to automate privilege escalation with CVE-2023-22809 vulnerability
A script to automate privilege escalation with CVE-2023-22809 vulnerability - n3m1sys/CVE-2023-22809-sudoedit-privesc
qscan - Quick Network Scanner
https://github.com/0xor0ne/qscan
+ its companion command line tool qsc:
https://github.com/0xor0ne/qscan/tree/main/qsc
https://github.com/0xor0ne/qscan
+ its companion command line tool qsc:
https://github.com/0xor0ne/qscan/tree/main/qsc
GitHub
GitHub - 0xor0ne/qscan: Quick network scanner library. https://crates.io/crates/qscan
Quick network scanner library. https://crates.io/crates/qscan - 0xor0ne/qscan
LinWinPwn - Active Directory Vulnerability Scanner.
Scan with the help of impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump, and more.
#AD #scan #windows
https://github.com/lefayjey/linWinPwn
Scan with the help of impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump, and more.
#AD #scan #windows
https://github.com/lefayjey/linWinPwn
GitHub
GitHub - lefayjey/linWinPwn: linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools - lefayjey/linWinPwn
exploit.sh
1.1 KB
Script for automation of exploitation CVE-2023-22809 vulnerability to gain a root shell.
The script checks if the current user has access to run the sudoedit or sudo -e command for some file with root privileges. If it does it opens the sudoers file for the attacker to introduce the privilege escalation policy for the current user and get a root shell.
The script checks if the current user has access to run the sudoedit or sudo -e command for some file with root privileges. If it does it opens the sudoers file for the attacker to introduce the privilege escalation policy for the current user and get a root shell.
Linux Kernel Defence Map (v.5.13)
shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms, and defence technologies
https://github.com/a13xp0p0v/linux-kernel-defence-map
shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms, and defence technologies
https://github.com/a13xp0p0v/linux-kernel-defence-map
GitHub
GitHub - a13xp0p0v/linux-kernel-defence-map: Linux Kernel Defence Map shows the relationships between vulnerability classes, exploitation…
Linux Kernel Defence Map shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms, and defence technologies - a13xp0p0v/linux-kernel-defence-map
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions
https://github.com/machine1337/gmailc2
https://github.com/machine1337/gmailc2
GitHub
GitHub - root4031/gmailc2: A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and…
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions - root4031/gmailc2
A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls
https://github.com/OmriBaso/RToolZ
https://github.com/OmriBaso/RToolZ
GitHub
GitHub - OmriBaso/RToolZ: A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls. - OmriBaso/RToolZ
Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit
https://github.com/hacksysteam/CVE-2023-21608
https://github.com/hacksysteam/CVE-2023-21608
GitHub
GitHub - hacksysteam/CVE-2023-21608: Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit
Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit - hacksysteam/CVE-2023-21608
👍3
This map lists the essential techniques to bypass anti-virus and EDR
https://github.com/CMEPW/BypassAV
https://github.com/CMEPW/BypassAV
GitHub
GitHub - matro7sh/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR
This map lists the essential techniques to bypass anti-virus and EDR - matro7sh/BypassAV
❤4👍1
Network_Pentesting_Mindmap.pdf
11.7 MB
#Infographics
"Network Nightmare" Mindmap, 2023.
// It is a mindmap for conducting network attacks. It will be useful to pentesters/red team operators
"Network Nightmare" Mindmap, 2023.
// It is a mindmap for conducting network attacks. It will be useful to pentesters/red team operators
👍2
#Fuzzing
1. Firefly - smart black-box fuzzer for WebApp testing
https://blog.yeswehack.com/yeswerhackers/firefly-smart-black-box-fuzzer-web-applications
2. WEB API fuzzing
https://github.com/vulntinker/FUA
1. Firefly - smart black-box fuzzer for WebApp testing
https://blog.yeswehack.com/yeswerhackers/firefly-smart-black-box-fuzzer-web-applications
2. WEB API fuzzing
https://github.com/vulntinker/FUA
YesWeHack
YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends
Explore bug bounty insights on the YesWeHack Blog. Stay updated with vulnerability disclosure trends, hacker stories, and tips to excel in bug bounty programs.