WinRAR SFX archives can run PowerShell without being detected
https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/
https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/
❤3
Potato privilege escalation in Windows Server 2012 - 2022, Windows 8 - 11
https://github.com/BeichenDream/GodPotato
https://github.com/BeichenDream/GodPotato
GitHub
GitHub - BeichenDream/GodPotato
Contribute to BeichenDream/GodPotato development by creating an account on GitHub.
❤1👍1
XSS automation tool helps hackers identify and exploit cross-site scripting vulnerabilities in web apps. Tests for reflected/persistent XSS
https://github.com/EmperialX/XSS-Automation-Tool
https://github.com/EmperialX/XSS-Automation-Tool
GitHub
GitHub - EmperialX/XSS-Automation-Tool: "XSS automation tool helps hackers identify and exploit cross-site scripting vulnerabilities…
"XSS automation tool helps hackers identify and exploit cross-site scripting vulnerabilities in web apps. Tests for reflected and persistent XSS. Customize request headers, cookies, proxie...
🔥4
DJI Mavic 3 Drone Research Part 1: Firmware Analysis
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-1-firmware-analysis/
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-1-firmware-analysis/
Nozominetworks
DJI Mavic 3 Drone Research Part 1: Firmware Analysis
Nozomi Networks Labs recently conducted firmware analysis on a DJI Mavic 3 Series drone. Learn more about their findings.
❤2
OWASP Web Application Pentesting Checklist
https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist
https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist
GitHub
GitHub - Hari-prasaanth/Web-App-Pentest-Checklist: A OWASP Based Checklist With 500+ Test Cases
A OWASP Based Checklist With 500+ Test Cases. Contribute to Hari-prasaanth/Web-App-Pentest-Checklist development by creating an account on GitHub.
👍1
burpgpt - Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type
https://github.com/aress31/burpgpt
https://github.com/aress31/burpgpt
GitHub
GitHub - aress31/burpgpt: A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering…
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any ty...
decentralising the Ai Industry, just some language model api's...
https://github.com/xtekky/gpt4free
https://github.com/xtekky/gpt4free
GitHub
GitHub - xtekky/gpt4free: The official gpt4free repository | various collection of powerful language models | opus 4.6 gpt 5.3…
The official gpt4free repository | various collection of powerful language models | opus 4.6 gpt 5.3 kimi 2.5 deepseek v3.2 gemini 3 - xtekky/gpt4free
From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
Akamai
From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API | Akamai
Akamai researchers explore a new critical vulnerability in Windows that could lead to a bypass of CVE-2023-23397’s mitigation.
Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
👍1
ApkHack-BackDoor - shell script that simplifies the process of adding a backdoor to any Android APK file
https://github.com/BitWalls-ops/ApkHack-BackDoor
https://github.com/BitWalls-ops/ApkHack-BackDoor
👌2
Apache-Dubbo-CVE-2023-23638-exp-main (1).zip
9 KB
Apache Dubbo CVE-2023-23638 exploit
Writing a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryption
https://medium.com/@youcef.s.kelouaz/writing-a-sliver-c2-powershell-stager-with-shellcode-compression-and-aes-encryption-9725c0201ea8
https://medium.com/@youcef.s.kelouaz/writing-a-sliver-c2-powershell-stager-with-shellcode-compression-and-aes-encryption-9725c0201ea8
Medium
Writing a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryption
Edit :
PEASS-ng - Privilege Escalation Awesome Scripts Suite
https://github.com/carlospolop/PEASS-ng
https://github.com/carlospolop/PEASS-ng
GitHub
GitHub - peass-ng/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors) - peass-ng/PEASS-ng
👍1
CVE-2023-26818 - Bypass TCC with Telegram in macOS
https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/
https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/
Dan Revah’s Blog
CVE-2023-26818 - Bypassing TCC with Telegram in macOS
Preface
❤2
Exploiting Windows’ vulnerabilities with Hyper-V: A Hacker’s swiss army knife
https://reversing.info/posts/hyperdeceit/
https://github.com/Xyrem/HyperDeceit
https://reversing.info/posts/hyperdeceit/
https://github.com/Xyrem/HyperDeceit
Xyrem Engineering
Exploiting Windows' vulnerabilities with Hyper-V: A Hacker's swiss army knife
In this blog, we explore how to leverage the implementation of the Hyper-V virtualization technology to exploit and attack Windows systems and learn what measures should be taken to mitigate this vulnerability. Join us as we explore the world of Windows hacking…