CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
https://github.com/Chocapikk/CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
https://github.com/Chocapikk/CVE-2023-29357
GitHub
GitHub - Chocapikk/CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability - Chocapikk/CVE-2023-29357
A Deep Dive into Brute Ratel C4 payloads – Part 2
https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads-part-2/
https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads-part-2/
👍1
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
graftcp can redirect the TCP connection made by the given program [application, script, shell, etc.] to SOCKS5 or HTTP proxy.
https://github.com/hmgle/graftcp
#tools
graftcp can redirect the TCP connection made by the given program [application, script, shell, etc.] to SOCKS5 or HTTP proxy.
https://github.com/hmgle/graftcp
#tools
GitHub
GitHub - hmgle/graftcp: A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy. - hmgle/graftcp
❤2
CVE-2023-29360
#Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver
https://github.com/Nero22k/cve-2023-29360
#Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver
https://github.com/Nero22k/cve-2023-29360
GitHub
GitHub - Nero22k/cve-2023-29360: Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver
Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver - Nero22k/cve-2023-29360
Nightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent
https://github.com/1N73LL1G3NC3x/Nightmangle
https://github.com/1N73LL1G3NC3x/Nightmangle
GitHub
GitHub - 1N73LL1G3NC3x/Nightmangle
Contribute to 1N73LL1G3NC3x/Nightmangle development by creating an account on GitHub.
🔥2
Coerced Potato New tool for local privilege escalation on a Windows machine, from a service account to NT SYSTEM. Should work on any recent versions of Windows.
https://github.com/hackvens/CoercedPotato
Research:
https://blog.hackvens.fr/articles/CoercedPotato.html
https://github.com/hackvens/CoercedPotato
Research:
https://blog.hackvens.fr/articles/CoercedPotato.html
GitHub
GitHub - hackvens/CoercedPotato
Contribute to hackvens/CoercedPotato development by creating an account on GitHub.
👎1
A repository of telemetry domains and URLs used by mobile location tracking and analytics libraries.
https://github.com/craiu/mobiletrackers
https://github.com/craiu/mobiletrackers
GitHub
GitHub - craiu/mobiletrackers: A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted…
A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries. - craiu/mobiletrackers
Attacking the Android kernel using the Qualcomm TrustZone
https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone
https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone
Tamir Zahavi-Brunner’s Blog
Attacking the Android kernel using the Qualcomm TrustZone
In this post I describe a somewhat unique Android kernel exploit, which utilizes the TrustZone in order to compromise the kernel.
Advanced Frida Usage Part 1 – iOS Encryption Libraries
https://8ksec.io/advanced-frida-usage-part-1-ios-encryption-libraries-8ksec-blogs/
https://8ksec.io/advanced-frida-usage-part-1-ios-encryption-libraries-8ksec-blogs/
LocalPotato HTTP edition
https://decoder.cloud/2023/11/03/localpotato-http-edition/
https://github.com/decoder-it/LocalPotato
https://decoder.cloud/2023/11/03/localpotato-http-edition/
https://github.com/decoder-it/LocalPotato
Decoder's Blog
LocalPotato HTTP edition
Microsoft addressed our LocalPotato vulnerability in the SMB scenario with CVE-2023-21746 during the January 2023 Patch Tuesday. However, the HTTP scenario remains unpatched, as per Microsoft’…
Abusing microsoft access “LINKED TABLE” feature to perform NTLM forced authentication attacks
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
Check Point Research
Abusing Microsoft Access "Linked Table" Feature to Perform NTLM Forced Authentication Attacks - Check Point Research
What is NTLM? What common attacks exist against it? NTLM is an extremely deprecated authentication protocol introduced by Microsoft in 1993. It is a challenge-response protocol: the server keeps a secret called an “NTLM hash” derived from the user’s password…
CVE-2023-36745: Microsoft Exchange Server RCE
https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/
PoC: https://github.com/N1k0la-T/CVE-2023-36745
https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/
PoC: https://github.com/N1k0la-T/CVE-2023-36745
Daily CyberSecurity
Microsoft Exchange Server RCE (CVE-2023-36745) Flaw Gets PoC Exploit
Proof-of-concept (PoC) exploit code has been published for a Microsoft Exchange Server vulnerability tracked as CVE-2023-36745
Beginners Guide to Building a Hardware Hacking Lab
https://voidstarsec.com/hw-hacking-lab/vss-lab-guide
https://voidstarsec.com/hw-hacking-lab/vss-lab-guide
VoidStar Security Wiki
VSS Hardware Hacking Wiki and Blog Entries
🔥3
Secret Handshake A Mutual TLS Based C2 Communication Channel - John Conwell | CypherCon 6.0
https://www.youtube.com/watch?v=AOWFM-JhW3g&list=PLUC_sTnMl8NxZqs4b2Rt8VygLaquV5vY_
https://www.youtube.com/watch?v=AOWFM-JhW3g&list=PLUC_sTnMl8NxZqs4b2Rt8VygLaquV5vY_
YouTube
Secret Handshake A Mutual TLS Based C2 Communication Channel - John Conwell | CypherCon 6.0
(S6:E57) Secret Handshake A Mutual TLS Based C2 Communication Channel - John Conwell - CypherCon 6.0 - Wisconsin
Secret Handshake A Mutual TLS Based C2 Communication Channel
One of the goals of malware command & control (C2) communication is to blend into…
Secret Handshake A Mutual TLS Based C2 Communication Channel
One of the goals of malware command & control (C2) communication is to blend into…
Obfuscating native code for fun: Part 1 - Introduction
https://blog.es3n1n.eu/posts/obfuscator-pt-1/
https://github.com/es3n1n/obfuscator
https://blog.es3n1n.eu/posts/obfuscator-pt-1/
https://github.com/es3n1n/obfuscator
blog.es3n1n.eu
Obfuscating native code for fun: Part 1 - Introduction
In this series of posts, I will try to cover all the common knowledge you would need to create your PE bin2bin obfuscator. This year I saw a rise of interest in the topics of software obfuscation and deobfuscation, yet I didn’t see any new open-source projects…
Ghidra Basics - Identifying, Decoding and Fixing Encrypted Strings
https://embee-research.ghost.io/ghidra-basics-identifying-and-decoding-encrypted-strings/
https://embee-research.ghost.io/ghidra-basics-identifying-and-decoding-encrypted-strings/
Embee Research
How To Use Ghidra For Malware Analysis - Identifying, Decoding and Fixing Encrypted Strings
Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.
Bypassing UAC via COM component IARPUninstallStringLauncher
https://3gstudent.github.io/通过COM组件IARPUninstallStringLauncher绕过UAC
https://3gstudent.github.io/通过COM组件IARPUninstallStringLauncher绕过UAC
3gstudent-Blog
通过COM组件IARPUninstallStringLauncher绕过UAC
0x00 前言