Understanding DNS Tunneling Traffic in the Wild
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader
Kernel_VADInjector: Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
https://github.com/exotikcheat/Kernel_VADInjector
Zenbleed-Chrome-PoC: This repository contains a proof-of-concept for exploiting Zenbleed from Chrome using a V8 vulnerability which enbles arbitrary code execution in the renderer process
https://github.com/y11en/Zenbleed-Chrome-PoC
Jomungand: Shellcode Loader with memory evasion
https://github.com/RtlDallas/Jomungand
NovaLdr: is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities
https://github.com/BlackSnufkin/NovaLdr
Proxy-DLL-Loads: A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls
https://github.com/kleiton0x00/Proxy-DLL-Loads
Snapshot fuzzing direct composition with WTF
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf
The single-packet attack: making remote race-conditions 'local'
https://portswigger.net/research/the-single-packet-attack-making-remote-race-conditions-local
POC for a DLL spoofer to determine DLL Hijacking
https://github.com/MitchHS/DLL-Spoofer
ServiceNow: Widget Simple List Misconfiguration Scanner
https://github.com/bsysop/servicenow
Request Encoding to Bypass Web Application Firewalls
https://soroush.me/downloadable/request-encoding-to-bypass-web-application-firewalls.pdf
macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques
https://www.sentinelone.com/blog/macos-malware-2023-a-deep-dive-into-emerging-trends-and-evolving-techniques
Blocking Dedicated Attacking Hosts Is Not Enough: In-Depth Analysis of a Worldwide Linux XorDDoS Campaign
https://unit42.paloaltonetworks.com/new-linux-xorddos-trojan-campaign-delivers-malware
The Registry Hives you may be MSIX-ING: Registry Redirection with MS MSIX
https://www.zerofox.com/blog/the-registry-hives-you-may-be-msix-ing-registry-redirection-with-ms-msix
PoC exploit for CVE-2023-41993 vulnerability in Safari 17, iOS 16.7
https://github.com/po6ix/POC-for-CVE-2023-41993
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
https://embee-research.ghost.io/ghidra-entropy-analysis-locating-decryption-functions
Empowering Cybersecurity with Active Directory PowerShell Commands
https://infosecwriteups.com/empowering-cybersecurity-with-active-directory-powershell-commands-d61e881933e1
VMware Aria Operations for Logs CVE-2023-34051
https://github.com/horizon3ai/CVE-2023-34051
AndKittyInjector: Inject a shared library into a process using ptrace
https://github.com/MJx0/AndKittyInjector
FalconHound: is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool
https://github.com/FalconForceTeam/FalconHound
A Modern Approach to Adaptive Threat Hunting Methodologies
https://www.sentinelone.com/blog/a-modern-approach-to-adaptive-threat-hunting-methodologies
CVE-2023-26369: Adobe Acrobat PDF Reader RCE when processing TTF fonts
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html
InjectHook: A lightweight C++ library designed for function interception within injected DLLs, providing a streamlined approach to modifying application behavior at runtime. Ideal for educational purposes, debugging, and dynamic software analysis
https://github.com/bgarciaoliveira/InjectHook
Shellcode_Hastur: Shellcode Reductio Entropy Tools
https://github.com/Haunted-Banshee/Shellcode-Hastur
Cisco IOS XE CVE-2023-20198 & 0Day Implant Scanner
https://github.com/ZephrFish/Cisco-IOS-XE-Scanner
CVE-2023-38545 SOCKS5 heap buffer overflow
https://github.com/d0rb/CVE-2023-38545
Uncovering SSRF via XSS in PDF Generators
https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/mobilepresent
A hack in hand is worth two in the bush
https://securelist.com/a-hack-in-hand-is-worth-two-in-the-bush
Hacking ServiceNow Instances While Unauthenticated
https://www.enumerated.ie/servicenow-data-exposure
curlshell: reverse shell using curl
https://github.com/irsl/curlshell
fumo_loader: All in one kernel-based DLL injector
https://github.com/dumbasPL/fumo_loader
TBBRAT: This is power full BotNet
Remote Administrator Tool
https://github.com/TeamBlackBerry/TBBRAT