Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
https://github.com/wh0amitz/SharpADWS
https://github.com/wh0amitz/SharpADWS
GitHub
GitHub - wh0amitz/SharpADWS: Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services…
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS). - wh0amitz/SharpADWS
🔥2
This Proof-Of-Concept demonstrates the exploitation of CVE-2023-22098 against VirtualBox 7.0.10 r158379
https://github.com/google/security-research/tree/master/pocs/oracle/virtualbox/cve-2023-22098
https://github.com/google/security-research/tree/master/pocs/oracle/virtualbox/cve-2023-22098
GitHub
security-research/pocs/oracle/virtualbox/cve-2023-22098 at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
🔥2
Pivoting from Microsoft Cloud to On-Premise Machines
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/
White Knight Labs
Pivoting from Microsoft Cloud to On-Premise Machines | White Knight Labs
This article will demonstrate one situation discovered during a recent cloud penetration test that allowed us to pivot from a Microsoft cloud
🔥2
GitHub - xhzeem/toxicache: Go scanner to find web cache poisoning vulnerabilities in a list of URLs
https://github.com/xhzeem/toxicache
https://github.com/xhzeem/toxicache
GitHub
GitHub - xhzeem/toxicache: Go scanner to find web cache poisoning vulnerabilities in a list of URLs
Go scanner to find web cache poisoning vulnerabilities in a list of URLs - xhzeem/toxicache
🔥3👍1
Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment
https://rootkits.xyz/blog/2017/06/kernel-setting-up/
https://rootkits.xyz/blog/2017/06/kernel-setting-up/
rootkit
Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment - rootkit
Intro Recently, I had the pleasure to attend the training on Windows Kernel Exploitation at nullcon by the HackSysTeam. The training was well executed, and I got the intro into the world of kernel. But, as you know, nobody could teach you internals about…
🔥4
Kali Linux 2024.1 Release (Micro Mirror) | Kali Linux Blog
https://www.kali.org/blog/kali-linux-2024-1-release
https://www.kali.org/blog/kali-linux-2024-1-release
Kali Linux
Kali Linux 2024.1 Release (Micro Mirror)
Hello 2024! Today we are unveiling Kali Linux 2024.1. As this is our the first release of the year, it does include new visual elements! Along with this we also have some exciting new mirrors to talk about, and of course some package changes - both new tools…
🔥2❤1
Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386)
https://github.com/vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC
https://github.com/vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC
GitHub
GitHub - vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC: Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386)
Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386) - vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC
🔥3
Nice blog about #Recon Automation using tools like #Subfinder, #Chaos, #Nuclei, #Httpx, Notify, and Anew to find bugs and vulnerabilities.
https://dhiyaneshgeek.github.io/bug/bounty/2020/02/06/recon-with-me/
https://dhiyaneshgeek.github.io/bug/bounty/2020/02/06/recon-with-me/
Geek Freak
Recon with Me !!!
Security Through Intelligent Automation
👍2
Static Analysis Automation for Hunting Vulnerable Kernel Drivers
https://speakerdeck.com/takahiro_haruyama/static-analysis-automation-for-hunting-vulnerable-kernel-drivers
https://speakerdeck.com/takahiro_haruyama/static-analysis-automation-for-hunting-vulnerable-kernel-drivers
Speaker Deck
Static Analysis Automation for Hunting Vulnerable Kernel Drivers
https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
https://github.com/TakahiroHaruyama/VDR
Microsoft Windows allows lo…
https://github.com/TakahiroHaruyama/VDR
Microsoft Windows allows lo…
Code injection on Android without ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
erfur's bits and pieces
Code injection on Android without ptrace
🔥3
APKDeepLens - tool to scan Android applications for security vulnerabilities
https://github.com/d78ui98/APKDeepLens
https://github.com/d78ui98/APKDeepLens
GitHub
GitHub - d78ui98/APKDeepLens: Android security insights in full spectrum.
Android security insights in full spectrum. Contribute to d78ui98/APKDeepLens development by creating an account on GitHub.
👍2
Source Code Disclosure in IIS 10.0! Almost.
There is a method to reveal the source code of some .NET apps. Here's how it works.
https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/
There is a method to reveal the source code of some .NET apps. Here's how it works.
https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/
PT SWARM
Source Code Disclosure in ASP.NET apps
Earn $10,000 on bugbounty with this little trick!
🔥2
FuncAddressPro
A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
https://github.com/WKL-Sec/FuncAddressPro
A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
https://github.com/WKL-Sec/FuncAddressPro
GitHub
GitHub - WKL-Sec/FuncAddressPro: A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative…
A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress. - WKL-Sec/FuncAddressPro
🔥1
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762
https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762
www.assetnote.io
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited…
🔥5