hacker_trick | Неотсортированное

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Подписаться на канал

Hacker tricks

macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques
https://www.sentinelone.com/blog/macos-malware-2023-a-deep-dive-into-emerging-trends-and-evolving-techniques
Blocking Dedicated Attacking Hosts Is Not Enough: In-Depth Analysis of a Worldwide Linux XorDDoS Campaign
https://unit42.paloaltonetworks.com/new-linux-xorddos-trojan-campaign-delivers-malware

Читать полностью…

Hacker tricks

The Registry Hives you may be MSIX-ING: Registry Redirection with MS MSIX
https://www.zerofox.com/blog/the-registry-hives-you-may-be-msix-ing-registry-redirection-with-ms-msix

Читать полностью…

Hacker tricks

PoC exploit for CVE-2023-41993 vulnerability in Safari 17, iOS 16.7
https://github.com/po6ix/POC-for-CVE-2023-41993

Читать полностью…

Hacker tricks

Free 100+ Hacking / Infosec pdfs
https://drive.google.com/drive/mobile/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU

Читать полностью…

Hacker tricks

Disclosing the BLOODALCHEMY backdoor
BLOODALCHEMY: is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.
https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor

Читать полностью…

Hacker tricks

Hunting for Hidden Treasures: Unveiling the 403 Bypass Bug Bounty Adventure
https://infosecwriteups.com/hunting-for-hidden-treasures-unveiling-the-403-bypass-bug-bounty-adventure-c6d17a0282ac
Scanning for SMB Vulnerabilities with enum4linux
https://infosecwriteups.com/scanning-for-smb-vulnerabilities-with-enum4linux-896f76d0c078

Читать полностью…

Hacker tricks

Zero Effort Private Key Compromise: Abusing SSH-Agent For Lateral Movement
https://grahamhelton.com/blog/ssh_agent

Читать полностью…

Hacker tricks

Clean - Active Directory Hacking - Full Guide
https://afrohack.pro/index.php?threads/active-directory-hacking-full-guide.81

Читать полностью…

Hacker tricks

CrackMaster: x86/x64 Ring 0/-2 System Freezer/Debugger
https://github.com/behnamshamshirsaz/CrackMaster
Stompy: Timestomp Tool to flatten MAC times with a specific timestamp
https://github.com/ZephrFish/Stompy
maliciousCodeMatchingMFA: A small executable to trick a user to authenticate using code matching MFA
https://github.com/scriptchildie/maliciousCodeMatchingMFA
DocPlz: Documents Exfiltration project for fun and educational purposes
https://github.com/TheD1rkMtr/DocPlz

Читать полностью…

Hacker tricks

Windows MSKSSRV LPE exploit for CVE-2023-36802
https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802
Metabase Rce Tools CVE-2023-38646
https://github.com/Boogipop/MetabaseRceTools
PoC of CVE-2023-4911 "Looney Tunables"
1. https://github.com/leesh3288/CVE-2023-4911
2. https://github.com/RickdeJager/CVE-2023-4911
1. CVE-2023-22515: Confluence Broken Access Control Exploit
https://github.com/Chocapikk/CVE-2023-22515
2. Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
https://github.com/ErikWynter/CVE-2023-22515-Scan
CVE-2023-36723 This is PoC for arbitrary directory creation bug in Container Manager service
https://github.com/Wh04m1001/CVE-2023-36723
PoC for CVE-2023-42820 JumpServer Password Reset Vulnerability
https://github.com/C1ph3rX13/CVE-2023-42820
Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
https://github.com/bcdannyboy/CVE-2023-44487
CVE-2023-44487 for DoS exploit HTTP/2 Rapid Reset
https://github.com/imabee101/CVE-2023-44487

Читать полностью…

Hacker tricks

A hack in hand is worth two in the bush
https://securelist.com/a-hack-in-hand-is-worth-two-in-the-bush

Читать полностью…

Hacker tricks

Hacking ServiceNow Instances While Unauthenticated
https://www.enumerated.ie/servicenow-data-exposure

Читать полностью…

Hacker tricks

curlshell: reverse shell using curl
https://github.com/irsl/curlshell
fumo_loader: All in one kernel-based DLL injector
https://github.com/dumbasPL/fumo_loader
TBBRAT: This is power full BotNet
Remote Administrator Tool
https://github.com/TeamBlackBerry/TBBRAT

Читать полностью…

Hacker tricks

Offensive Security Notes (OSCP, OSWE, OSED)
OSCP Notes Active Directory 1
:
https://drive.google.com/file/d/14jirVKvHwaFT9789nbQoLHNsmHRGysmH/view
OSCP Notes:
https://drive.google.com/file/d/1eYUaeaTiNB59urSp6z0Tf1VnXZ_ifwku/view
OSWE Notes:
https://drive.google.com/file/d/1KIc_qsRvlWbaUY04ug9_4zEXySx53yGv/view
OSED Notes:
https://drive.google.com/file/d/1_mPHr3b3oUhzdwcsC62J4vlX72QZYzzh/view

Читать полностью…

Hacker tricks

Xortigate_CVE-2023-27997: Exploit FortiGate
https://github.com/lexfo/xortigate-cve-2023-27997
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
OktaPostExToolkit: An Okta Agent tool which emulates an AD Agent, allows interception of authentication requests, and adding a skeleton key
https://github.com/xpn/OktaPostExToolkit

Читать полностью…

Hacker tricks

Microsoft Defender for Endpoint Internals 0x05 — Telemetry for sensitive actions
https://medium.com/falconforce/microsoft-defender-for-endpoint-internals-0x05-telemetry-for-sensitive-actions-1b90439f5c25

Читать полностью…

Hacker tricks

“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16

Читать полностью…

Hacker tricks

EvilSln: A New Exploitation Technique for Visual Studio Projects
https://github.com/cjm00n/EvilSln
ObfuscateThis: Templated Obfuscation example in C++ for protecting/hiding values in memory
https://github.com/AlSch092/ObfuscateThis
Hadoken: A versatile Active Directory pentesting tool engineered to identify vulnerabilities and streamline security assessments
https://github.com/Edd13Mora/Hadoken

Читать полностью…

Hacker tricks

This workshop has been presented at the Defcon31 event:
Part 0 - Presentation
Part 1 - SimpleLoader
Part 2 - DLL Injection
Part 3 - Covering your tracks
https://github.com/OtterHacker/Conferences/tree/main/Defcon31

Читать полностью…
Подписаться на канал