Pentester

Source Code Disclosure in IIS 10.0! Almost.

There is a method to reveal the source code of some .NET apps. Here's how it works.

https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/

PT SWARM

Source Code Disclosure in ASP.NET apps

Earn $10,000 on bugbounty with this little trick!

🔥2

1.06K views12:45

Pentester

Experimental Windows x64 Kernel Rootkit.

https://github.com/eversinc33/Banshee

GitHub

GitHub - eversinc33/Banshee: Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.

Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features. - eversinc33/Banshee

👍1🔥1

940 views04:07

Pentester

FuncAddressPro
A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
https://github.com/WKL-Sec/FuncAddressPro

GitHub

GitHub - WKL-Sec/FuncAddressPro: A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative…

A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress. - WKL-Sec/FuncAddressPro

🔥1

1.01K views04:10

Pentester

WORKSHOP ⧸⧸ Reversing with Ghidra

https://www.youtube.com/watch?v=CO70I0813Gk

YouTube

WORKSHOP ⧸⧸ Reversing with Ghidra ⧸⧸ Jeremy Blackthorne

Jeremy Blackthorne goes over the major features of Ghidra in his highly interactive 2 hour workshop Reversing with Ghidra.

👍1

1.02K views20:09

Pentester

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762

www.assetnote.io

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited…

🔥5

1.01K views17:59

Pentester

Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG

https://connormcgarr.github.io/hvci/

Connor McGarr’s Blog

Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG

Dealing with Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and Kernel Control Flow Guard (kCFG).

🔥4

1.01K views05:23

Pentester

Java deserialization tricks

https://www.synacktiv.com/publications/java-deserialization-tricks

Synacktiv

Java deserialization tricks

🔥2👍1

995 views03:55

Pentester

Grok open release
https://github.com/xai-org/grok-1

GitHub

GitHub - xai-org/grok-1: Grok open release

Grok open release. Contribute to xai-org/grok-1 development by creating an account on GitHub.

🔥4

999 views04:11

Pentester

UAC Bypass
https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e

Medium

UAC Bypass by Mocking Trusted Directories

Hello Everyone,

🔥3🤣1

877 views14:49

Pentester

Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation. (CVE-2023-36424)

https://github.com/Nassim-Asrir/CVE-2023-36424

GitHub

GitHub - zerozenxlabs/CVE-2023-36424: Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation

Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation - zerozenxlabs/CVE-2023-36424

🔥2

888 views16:17

Pentester

VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) source code + video walkthrough

https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html

A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit it off-loading the reverse-engineered toolgate protocol implementation to a Python module, while keeping low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which is missed a lot in non-trivial exploit development.
ⓒ Alisa Shevchenko

🔥2

926 views06:09

Pentester

Attacking AWS
https://rezaduty-1685945445294.hashnode.dev/attacking-aws

🔥4👎2

1.01K views06:11

Pentester

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/

Sekoia.io Blog

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit

Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.

🔥2

891 views04:03

Pentester

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
https://github.com/notselwyn/cve-2024-1086

GitHub

GitHub - Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most…

🔥3💩1

1.14K views04:04

Pentester

A Practical Tutorial on PCIe for Total Beginners on Windows
https://ctf.re/windows/kernel/pcie/tutorial/2023/02/14/pcie-part-1/

PCIe Part 2 - All About Memory: MMIO, DMA, TLPs, and more!
https://ctf.re/kernel/pcie/tutorial/dma/mmio/tlp/2024/03/26/pcie-part-2/

Reversing Engineering for the Soul

A Practical Tutorial on PCIe for Total Beginners on Windows (Part 1)

Delving into the internals of PCIe by exploring practical examples and exercises

🔥3

913 views04:04

Pentester