GAI_for_pentest.pdf
821.3 KB
#Offensive_security
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
ChatGPT-4o Guardrail Jailbreak:
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
0din.ai
ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
0DIN researchers have uncovered an encoding technique that allows ChatGPT-4o and other popular AI models to bypass safety mechanisms and generate exploit code.
Analysis of CVE-2024-26926
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
GitHub
LinuxKernel-nday/CVE-2024-26926/CVE_2024_26926_Analysis.pdf at main Β· MaherAzzouzi/LinuxKernel-nday
Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.
β€3
Frida Script Runner - Versatile web-based tool designed for Android and iOS penetration testing purposes
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
π₯3
Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
GitHub
GitHub - z3n70/Frida-Script-Runner: Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile securityβ¦
Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security, and dynamic analysis, featuring AI-assisted Frida script generation. - z3n70/Frida-Script-Runner
π3
Python implementation of GhostPack's Seatbelt situational awareness tool
https://github.com/0xthirteen/Carseat
https://github.com/0xthirteen/Carseat
GitHub
GitHub - 0xthirteen/Carseat: Python implementation of GhostPack's Seatbelt situational awareness tool
Python implementation of GhostPack's Seatbelt situational awareness tool - 0xthirteen/Carseat
π₯3π€¨2
#Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575)
The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.
Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4
Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.
Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4
Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
watchTowr Labs
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
Itβs been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central managementβ¦
π₯5π€2π€¨2π1
GPUAF - Two ways of Rooting All Qualcomm based Android phones
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
π4
CVE-2024-48990: Linux LPE via needrestart
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
π₯5π€¨2β‘1π1π1
Diving into ADB protocol internals
Part 1
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12
Part 2
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-22
Part 1
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12
Part 2
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-22
Synacktiv
Diving into ADB protocol internals (2/2)
π3
Hunting for blind XSS vulnerabilities: A complete guide
https://www.intigriti.com/researchers/blog/hacking-tools/hunting-for-blind-cross-site-scripting-xss-vulnerabilities-a-complete-guide
https://www.intigriti.com/researchers/blog/hacking-tools/hunting-for-blind-cross-site-scripting-xss-vulnerabilities-a-complete-guide
Intigriti
Hunting for blind XSS vulnerabilities: A complete guide
Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there's another variant of this vulnerability typ...
Boost Flipper Zero with FEBERIS: 3-in-1 SubGhz, NRF24, and WiFi board
https://www.mobile-hacker.com/2025/01/09/boost-your-flipper-zero-with-feberis-3-in-1-subghz-nrf24-and-wifi-board/
https://www.mobile-hacker.com/2025/01/09/boost-your-flipper-zero-with-feberis-3-in-1-subghz-nrf24-and-wifi-board/
Mobile Hacker
Boost Your Flipper Zero with FEBERIS: 3-in-1 SubGhz, NRF24, and WiFi board
I am excited to introduce you to FEBERIS, an expansion 3-in-1 development board for the Flipper Zero. This custom board utilizes external Wi-Fi, NRF24, and CC1101 modules, enhancing the capabilities of your Flipper Zero device.
How We Cracked a 512-Bit #DKIM Key for Less Than $8 in the Cloud
https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
#Ivanti Connect Secure IFT TLS Stack Overflow pre-auth #RCE (CVE-2025-0282)
https://github.com/watchtowrlabs/CVE-2025-0282
https://github.com/sfewer-r7/CVE-2025-0282
https://github.com/watchtowrlabs/CVE-2025-0282
https://github.com/sfewer-r7/CVE-2025-0282
GitHub
GitHub - watchtowrlabs/CVE-2025-0282: Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)
Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282) - watchtowrlabs/CVE-2025-0282
π2π₯1
CVE-2024-43468: #ConfigMgr/SCCM 2403 Unauth SQLi to #RCE
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
GitHub
GitHub - synacktiv/CVE-2024-43468
Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.
π2β€1