Container Breakouts: Escape Techniques in Cloud Environments
https://unit42.paloaltonetworks.com/container-escape-techniques
PoC for CVE-2023-20872 VMware Escape
https://github.com/ze0r/vmware-escape-CVE-2023-20872-poc
How to Bypass Golang SSL Verification
https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification
Mass Exploit - CVE-2024-29824 - Ivanti EPM - Remote Code Execution (RCE)
https://github.com/codeb0ss/CVE-2024-29824-PoC
Kernel exploit for Xbox SystemOS using CVE-2024-30088
https://github.com/exploits-forsale/collateral-damage
Reverse shell listener and payload generator designed to work on most Linux targets
https://github.com/tantosec/oneshell
IHxExec: Process injection alternative
https://github.com/CICADA8-Research/IHxExec
Universal Code Execution by Chaining Messages in Browser Extensions
https://spaceraccoon.dev/universal-code-execution-browser-extensions
VMware vCenter - CVE-2024-37081 Proof of Concept
https://github.com/Mr-r00t11/CVE-2024-37081
PoC for CVE-2024-4885 Progress WhatsUp Gold GetFileWithoutZip Unauthenticated RCE
https://github.com/sinsinology/CVE-2024-4885
PoC for Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009)
https://github.com/sinsinology/CVE-2024-5009
HEVD Exploit (Windows 10 22H2): BufferOverflowNonPagedPoolNx - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion
https://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2
Windows Rootkits (and Bootkits) Guide v2
https://artemonsecurity.blogspot.com/2024/07/windows-rootkits-and-bootkits-guide-v2.html
Using AI to hunt for XSS
deadoverflow/using-ai-to-hunt-for-xss-e04ba8d32ba8" rel="nofollow">https://medium.com/@deadoverflow/using-ai-to-hunt-for-xss-e04ba8d32ba8
EDRPrison: leverages a legitimate WFP callout driver, WinDivert, to effectively silence EDR systems
https://github.com/senzee1984/EDRPrison
Shellcode-Loader: This PowerShell script demonstrates advanced techniques including shellcode injection, dynamic function invocation, and PowerShell script obfuscation
https://github.com/EvilBytecode/Shellcode-Loader
Uncover Bluetooth Vulnerabilities with BlueToolkit
https://www.mobile-hacker.com/2024/07/02/uncover-bluetooth-vulnerabilities-with-bluetoolkit
Windows Installer, exploiting Common Actions
https://blog.doyensec.com/2024/07/18/custom-actions.html
Red Team C2 Framework, using No X Loader technology
https://github.com/HackerCalico/Magic_C2
How to Analyze Malicious MSI Installer Files
https://intezer.com/blog/incident-response/how-to-analyze-malicious-msi-installer-files
PwnedBoot: This is a proof-of-concept payload that can replace mcupdate_<platform>.dll, which will get loaded by the Windows bootloader (winload.efi) even when Secure Boot is enabled
https://github.com/SamuelTulach/PwnedBoot
Remotely Enumerate sessions using undocumented Windows Station APIs
https://github.com/0xv1n/RemoteSessionEnum
DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Pentesting Active Directory - Complete Guide | Part 6
https://hacklido.com/blog/867-pentesting-active-directory-complete-guide-part-6
Loading ShellCode without executable permission
https://github.com/HackerCalico/No_X_Memory_ShellCode_Loader
PoC for:
CVE-2024-38094
CVE-2024-38024
CVE-2024-38023
MS-SharePoint-July-Patch-RCE-PoC
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
Slides and demo videos of my talk "10 Years of Windows Privilege Escalations with Potatoes" at Troopers 24
https://github.com/decoder-it/Troopers24
Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server
https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
https://blog.doyensec.com/2024/07/02/cspt2csrf.html
Race Conditions Found in Open-source IAM Solution Keycloak
https://www.cyberark.com/resources/threat-research-blog/you-cant-always-win-racing-the-keycloak
DojoLoader: Generic PE loader for fast prototyping evasion techniques
https://github.com/naksyn/DojoLoader
Building Casper's Shadow
https://nao-sec.org/2024/06/building-caspers-shadow
