A Retrospective on AvosLocker
https://www.zscaler.com/blogs/security-research/retrospective-avoslocker
Magikarp: is a cryptographic command-line utility designed for secure file operations using Elliptic Curve Cryptography (ECC)
https://github.com/FuzzySecurity/Magikarp
Simple presentation of Early Bird APC Injection technique
https://github.com/Faran-17/EarlyBird-APC-Injection
CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking
Lateral Movement: Abuse the Power of DCOM Excel Application
https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922
LDAPMon: is a POC telemetry collector for the Microsoft-Windows-LDAP-Client ETW Provider
https://github.com/jsecurity101/LDAPMon
ADCSsync: This is a tool I whipped up together quickly to DCSync utilizing ESC1
https://github.com/JPG0mez/ADCSync
Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747
OffensiveLua: is a collection of offensive security scripts written in Lua with FFI. The scripts run with LuaJIT (v2.0.5) on Microsoft Windows to perform common tasks
• Run an EXE
• Bypass UAC
• File, Networking or Registry
• Common Tasks (e.g. bind a shell)
Lua is a lesser used but very useful choice for post-exploitation scripting language. It's flexible, lightweight, easy to embed, runs interpreted or as bytecode from memory and allows for JIT to interact with the host OS libraries.
https://github.com/hackerhouse-opensource/OffensiveLua
unwyze - a Wyze Cam v3 RCE Exploit
https://github.com/blasty/unwyze
GhostTask: PoC to demonstrate creating scheduled tasks via direct registry manipulation
https://github.com/netero1010/GhostTask
Introducing CS2BR pt. III – Knees deep in Binary
https://blog.nviso.eu/2023/10/26/introducing-cs2br-pt-iii-knees-deep-in-binary
EvtPsst: This is a tool that allows you to tamper with the eventlog process without an OpenProcess Call to the EventLog process itself
https://github.com/nothingspecialforu/EvtPsst
TokenStealer: A simple tool for stealing and playing with Windows tokens
https://github.com/decoder-it/TokenStealer
Citrix Memory Leak Exploit: Leak session tokens from vulnerable Citrix ADC instances affected by CVE-2023-4966
https://github.com/Chocapikk/CVE-2023-4966
LDAP authentication in Active Directory environments
https://offsec.almond.consulting/ldap-authentication-in-active-directory-environments
TrampHooker: A mechanism that trampoline hooks functions in x86/x64 systems
https://github.com/splexas/TrampHooker
Netsupport Intrusion Results in Domain Compromise
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise
Exploring Antivirus and EDR evasion techniques step-by-step. Part 1
https://infosecwriteups.com/exploring-antivirus-and-edr-evasion-techniques-step-by-step-part-1-6459563b12ea
Uncovering Adversarial LDAP Tradecraft
https://www.binarydefense.com/resources/blog/uncovering-adversarial-ldap-tradecraft
NinjaInjector: Classic Process Injection with Memory Evasion Techniques implemantation
https://github.com/S12cybersecurity/NinjaInjector
java_gate: Java JNI HellsGate/HalosGate/TartarusGate/RecycledGate/SSN Syscall/Many Shellcode Loaders
https://github.com/4ra1n/java-gate
XnlReveal: A Chrome browser extension to show alerts for relfected query params, show hidden elements and enable disabled elements
https://github.com/xnl-h4ck3r/XnlReveal
RealBlindingEDR: Utilize arbitrary address read/write implementation with signed driver: completely blind or kill or permanently turn off AV/EDR
https://github.com/myzxcg/RealBlindingEDR
Turning a boring file move into a privilege escalation on Mac
https://pwn.win/2023/10/28/file-move-privesc-mac
bugbounty-gpt: A helpful gpt-based triage tool for BugCrowd bugbounty programs
https://github.com/openai/bugbounty-gpt
AMSI-Reaper: is a tool developed in both PowerShell and C# (.NET Framework v4.0) designed to bypass the Anti-Malware Scan Interface (AMSI) in Windows
https://github.com/h0ru/AMSI-Reaper
dnsresolver: a very fast dns resolver
https://github.com/ethicalhackingplayground/dnsresolver
Zero-Import-Malware: Small project looking into how we can build malware with zero-imports by dynamically resolving windows APIs using GetProcAddress and GetModuleHandle windows APIs
https://github.com/trevorsaudi/Zero-Import-Malware
PoC:
https://github.com/N1k0la-T/CVE-2023-36745
