Cobalt Strike 3.14 finally delivered some of the process injection flexibility I’ve long wanted to see in the product. In this post, I’d like to write about my thoughts on process injection, and sh…

This script is intended to automate your reconnaissance process in an organized fashion - nahamsec/lazyrecon

In this excerpt of a Trend Micro Vulnerability Research Service report, Saran Neti and Sivathmican Sivakumaran of the Trend Micro Research Team detail a recent buffer overflow vulnerability in the Squid web proxy. A remote, unauthenticated attacker could…

ATT&CK Sub-Techniques Preview

Reversing Cisco IOS Raw Binary Firmware Images with Ghidra - 01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md

Hello Everyone — Long time no see!

Ethan Robish // WebSockets Overview WebSockets is a technology to allow browsers and servers to establish a single TCP connection and then asynchronously communicate in either direction. This is great […]

Extract (links/possible endpoints) from responses & filter them via decoding/sorting - arbazkiraak/LinksDumper

I’ve been doing some crazy experiments on running an EXE as a DLL. Here are some parts of my research. Case #1 Let’s take a simple example like a MessageBox. [crayon-6005ebcab5257530159844/] After …

A cheatsheet with commands that can be used to perform kerberos attacks - kerberos_attacks_cheatsheet.md

Posted by Ian Beer, Project Zero Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report se...

COM hijacking presents a unique way to load your rogue DLL into another process. In a post-PowerShell world with increasing optics into in-memory tactics, COM hijacking may provide an alternative t…

Open Source C++ Crypter. AES-256 Bit Encryption, Virtual Machine Detection and Almost FUD - Include-sys/hCrypt

Security teams can now generate macros in Atomic Red Team to test their ability to observe and detect emerging initial access techniques.

Executive Summary In May 2019, Microsoft released an out-of-band patch update for remote code execution vulnerability CVE-2019-0708, which is also known

Docker image for building ghidra RE framework from source - dukebarman/ghidra-builder

Posted by Ian Beer, Project Zero In the earlier posts we examined how the attackers gained unsandboxed code execution as root on iPhone...

Security Advisories. Contribute to jamesbercegay/advisories development by creating an account on GitHub.

Capture handshakes of nearby WiFi networks automatically - staz0t/hashcatch