Overview

A Pwn2Own 2024 SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE - bjrjk/CVE-2024-29943

Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability remotely - scs-labrat/android_autorooter

Leak of any user's NetNTLM hash. Fixed in KB5040434 - MzHmO/LeakedWallpaper

Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856) - securelayer7/CVE-2024-38856_Scanner

TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service.

A command and control framework written in rust. Contribute to Teach2Breach/Tempest development by creating an account on GitHub.

Contribute to Gl3bGl4z/All_NTLM_leak development by creating an account on GitHub.

Conference presentation slides. Contribute to onhexgroup/Conferences development by creating an account on GitHub.

SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement. - synacktiv/SCCMSecrets

Using CSS and social engineering to identify juicy targets when performing watering hole attacks

Looking into the abuse of ITarian RMM and introducing Dolphin Loader

The following is a writeup for some Android specific chromium behaviors.

A resource containing all the tools each ransomware gangs uses - BushidoUK/Ransomware-Tool-Matrix

Note: I am not responsible for any bad act. This is written by Chirag Artani to demonstrate the vulnerability. - Sachinart/CVE-2024-38063-poc