CVE-2023-34362:
MOVEIt Transfer RCE
Part1: https://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure
Part 2: https://blog.assetnote.io/2023/06/13/moveit-transfer-part-two

Pentration Testing, Beginners To Expert!
https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

Writing Windows Kernel Drivers for Advanced Persistence
Part 1: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
Part 2: https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-2

Qbot: A Deep Dive into the Banking Trojan
https://farghlymal.github.io/Qbot-in-Detailed-Analysis/

Linux kernel LPE practice with an NPD vulnerability
https://github.com/TurtleARM/CVE-2023-3338

The art of fuzzing: Windows Binaries

https://bushido-sec.com/index.php/2023/06/25/the-art-of-fuzzing-windows-binaries/

CVE-2023-32031 : MS Exchange PowerShell backend - Remote Code Execution
https://littlepwner.github.io/posts/cve-2023-32031-ms-exchange-powershell-backend-rce/
https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend

LDAP Queries for Offensive and Defensive Operations
https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations

Cerez - A simple LD_PRELOAD rootkit
Features
✔ Hidden in the process list
✔ Hidden in the file system
✔ Unreadable
✔ Undeleteable
✔ Unwriteable
❌ Hidden in the network list (WIP)

https://github.com/StayBeautiful-collab/cerez

RMM – ScreenConnect: Client-Side Evidence
https://dfirtnt.wordpress.com/2023/07/14/rmm-screenconnect-client-side-evidence/

Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
https://www.rapid7.com/blog/post/2023/07/18/etr-critical-zero-day-vulnerability-in-citrix-netscaler-adc-and-netscaler-gateway/

zer0ptsCTF 2023 - Reverse Engineering Writeups

https://fazect.github.io/zer0ptsctf2023-rev/

amateursCTF 2023 - Reverse Engineering Writeups

https://fazect.github.io/amateursctf2023-rev/

Escalating Privileges via Third-Party Windows Installers
https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers

https://github.com/mandiant/msi-search

GIUDA - Ask a TGS on behalf of another user without password
https://github.com/foxlox/GIUDA

KRBUACBypass

By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we can easily bypass UAC and gain SYSTEM privileges.

Research:
https://www.tiraniddo.dev/2022/03/bypassing-uac-in-most-complex-way.html

Source:
https://github.com/wh0amitz/KRBUACBypass

It's a tool to interact with remote hosts using the Windows Search Protocol and coerce authentication. The target host will connect over SMB to the listener host using the machine account.

https://github.com/slemire/WSPCoerce

Proof of Concept for CVE-2023-38646

This vulnerability has been declared as critical, because it allows an unauthenticated attacker to execute arbitrary commands with the same privileges as the Metabase server. This vulnerability means the Metabase server can become a potential entry point for malicious attacks, which could compromise the integrity of the whole system it operates on.

https://github.com/Zenmovie/CVE-2023-38646

100 Methods for Container Attacks(RTC0010)
https://redteamrecipe.com/100-Method-For-Container-Attacks/

TBBRAT - this is power full BotNet

https://github.com/StayBeautiful-collab/TBBRAT

Diving into Windows Remote Access Service for Pre-Auth Bugs

https://i.blackhat.com/BH-US-23/Presentations/US-23-YukiChen-Diving-into-Windows-Remote-Access.pdf