CoffLoader
Introduction
Portable Executable (PE)
Store data in a PE
Reference to functions and variables during execution
Object files
Overview
Coff Loader
BOF or COFF ?
BOF advantages
BOF disadvantage
Hands on : COFF Loader
Blueprint
COFF specification
COFF Header
Sections Header
Navigate into sections
Relocations Table
Absolute and Relative address
Symbol Table
Symbol Table String
Conclusion
Write sections in memory
Perform relocations
Special symbol
Standard symbol relocation
Put things altogether
Run the code
Upgrade
Compatibility with CobaltStrike BOF
CobaltStrike BOF specificities
Add support for beacon internal functions
Format parameters for CobalStrike BOF
Dynamic .got and .bss
Conclusion
Ressources
External contribution
EvilentCoerce
A PoC tool that triggers the ElfrOpenBELW procedure in the MS-EVEN RPC interface (used for Windows Event Log service), causing the target machine to connect to an attacker-controlled SMB share. If antivirus software (e.g., Defender) is present, it may scan the file and unintentionally leak NetNTLMv2 credentials, which can be relayed via ntlmrelayx.
Blog
A PoC tool that triggers the ElfrOpenBELW procedure in the MS-EVEN RPC interface (used for Windows Event Log service), causing the target machine to connect to an attacker-controlled SMB share. If antivirus software (e.g., Defender) is present, it may scan the file and unintentionally leak NetNTLMv2 credentials, which can be relayed via ntlmrelayx.
Blog
Digital Forensic StartMe page
- getting started guides
- VM/distros
- decoding tools
- mobile forensics
- network analysis
- metadata tools
- SANS posters/cheatsheets
#dfir
- getting started guides
- VM/distros
- decoding tools
- mobile forensics
- network analysis
- metadata tools
- SANS posters/cheatsheets
#dfir
Awesome Security Operation Center Analyst
- Books
- Malware Analysis
- Practice Labs
- Phishing Analysis
- Tools for Investigation
- Network Log Sources
and more.
Contributor
#cybersecurity
- Books
- Malware Analysis
- Practice Labs
- Phishing Analysis
- Tools for Investigation
- Network Log Sources
and more.
Contributor
#cybersecurity
ThinkPHP 漏洞扫描工具
Tp2 RCE
Tp3 Log RCE
Tp5 数据库信息泄露
Tp5 文件包含
Tp5 PHPSESSID 文件包含 RCE
Tp5 sql注入
Tp CVE-2018-20062
Tp CVE-2019-9082
Tp CVE-2022-25481
Tp6 Lang 文件包含 RCE
#github #exploit
Tp2 RCE
Tp3 Log RCE
Tp5 数据库信息泄露
Tp5 文件包含
Tp5 PHPSESSID 文件包含 RCE
Tp5 sql注入
Tp CVE-2018-20062
Tp CVE-2019-9082
Tp CVE-2022-25481
Tp6 Lang 文件包含 RCE
#github #exploit
GitHub
GitHub - enh123/ThinkPHPKiller: ThinkPHP 漏洞扫描工具
ThinkPHP 漏洞扫描工具. Contribute to enh123/ThinkPHPKiller development by creating an account on GitHub.
BLINDER: A self-hosted, Blind XSS detection and management tool that delivers real-time notifications via Telegram bot.
GitHub
GitHub - AamerShah/blinder: Blind XSS - detection and management tool in php
Blind XSS - detection and management tool in php. Contribute to AamerShah/blinder development by creating an account on GitHub.
OSINT Tube
#python tool to automate the collection of YouTube channel info by ID: date of registration, number of views/subscribers/videos, earnings and other details. Use in combination with XARGS and other Python tools for YouTube #osint #socmint
#python tool to automate the collection of YouTube channel info by ID: date of registration, number of views/subscribers/videos, earnings and other details. Use in combination with XARGS and other Python tools for YouTube #osint #socmint
❤1
Python OSINT Notebook
- Core Tools & Libraries
- Installation & Configuration
- Using OSINT Tools via CLI
- Python Scripting with OSINT Libraries
- Combining Tools in a Script
- OSINT Data Integration
#osint #python
- Core Tools & Libraries
- Installation & Configuration
- Using OSINT Tools via CLI
- Python Scripting with OSINT Libraries
- Combining Tools in a Script
- OSINT Data Integration
#osint #python
❤2
CrushFTP Authentication Bypass - CVE-2025-2825 #CrushFTP #AuthenticationBypass #VulnerabilityResearch #CVE2025-2825 #NucleiTemplate https://projectdiscovery.io/blog/crushftp-authentication-bypass
ProjectDiscovery
CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog
Update (April 21, 2025):
The CVE originally referenced in this blog post CVE-2025-2825 has been rejected by NIST. The vulnerability is now officially tracked as CVE-2025-31161. All technical details and the impact discussed in this post remain accurate and…
The CVE originally referenced in this blog post CVE-2025-2825 has been rejected by NIST. The vulnerability is now officially tracked as CVE-2025-31161. All technical details and the impact discussed in this post remain accurate and…
🔥1
peeko: peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser. #peeko #XSSC2 #internalnetworkexploration #browserbased #GitHub
GitHub
GitHub - b3rito/peeko: peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser.
peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser. - b3rito/peeko
❤1
TROX Stealer: A deep dive into a new Malware as a Service (MaaS) attack campaign #TROXStealer #MalwareAsAService #UrgencyBasedAttacks #HackersAdvantage #DeepDiveAnalysis
sublime.security
TROX Stealer: A deep dive into a new Malware as a Service (MaaS) attack campaign · Blog · Sublime Security
Deep dive analysis of TROX Stealer, an urgency-based MaaS offering
ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it
🚀 Just dropped v0.5 of my Chrome App-Bound Encryption Decryption tool! Full user-mode (no admin), all path-validation bypasses, full cookie extraction (JSON 🍪) and stealth DLL injection. Chrome’s ABE is officially broken, works on Chrome, Edge & Brave.
👍1
↳Web Application Penetration Testing - Mapping The Web Application And Increasing The Attack Surface
• Crawling
• Mapping Application Using Robots.txt
• Discovering Hidden Contents
• Directory Brute Forcing - FFUF
• Identify application entry points
• Identify Client And Server Technology
• Identify Server Technology Using Banner Grabbing (telnet)
• Identify Server Technology Using httprecon
• Google dorks Introduction
• Fingerprinting Web Server
• Use Nmap For Fingerprinting Web Server
• Review Webs Servers Metafiles For Information Leakage
• Enumerate Applications On Web Server
• Map Execution Path Through Application
• Fingerprint Web Application Frameworks
#InfoSec #CyberSecurity #Hacking #Course #bugbounty
• Crawling
• Mapping Application Using Robots.txt
• Discovering Hidden Contents
• Directory Brute Forcing - FFUF
• Identify application entry points
• Identify Client And Server Technology
• Identify Server Technology Using Banner Grabbing (telnet)
• Identify Server Technology Using httprecon
• Google dorks Introduction
• Fingerprinting Web Server
• Use Nmap For Fingerprinting Web Server
• Review Webs Servers Metafiles For Information Leakage
• Enumerate Applications On Web Server
• Map Execution Path Through Application
• Fingerprint Web Application Frameworks
#InfoSec #CyberSecurity #Hacking #Course #bugbounty
SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778)
XML External Entity (XXE) injections, which occur when an attacker is able to successfully interfere with an application's parsing of XML input.
This, in turn, could permit attackers to inject unsafe XML entities into the web application, allowing them to carry out a Server-Side Request Forgery (SSRF) attack and in worst cases, remote code execution.
Blog
Query:
XML External Entity (XXE) injections, which occur when an attacker is able to successfully interfere with an application's parsing of XML input.
This, in turn, could permit attackers to inject unsafe XML entities into the web application, allowing them to carry out a Server-Side Request Forgery (SSRF) attack and in worst cases, remote code execution.
Blog
Query:
FOFA: icon_hash="1540720428"
Shodan: title:"SysAis"
Shodan: http.html:"SysAis"
ZoomEye: app:"SysAid On-Prem Software"