hacker_trick | Неотсортированное

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Подписаться на канал

Hacker tricks

Autonomous Hacking of PHP Web Applications at the Bytecode Level
https://finixbit.github.io/posts/autonomous-Hacking-of-PHP-Web-Applications-at-the-Bytecode-Level

Читать полностью…

Hacker tricks

IT threat evolution Q3 2023
https://securelist.com/it-threat-evolution-q3-2023

Читать полностью…

Hacker tricks

How GitLab's Red Team automates C2 testing
https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
https://posts.specterops.io/mythic-v3-2-highlights-interactive-tasking-push-c2-and-dynamic-file-browser-7035065e2b3d

Читать полностью…

Hacker tricks

Windows Internals / Debugging / Performance Learning Resources
https://github.com/pmatula/Windows-Internals-Debugging-Performance-Learning-Resources

Читать полностью…

Hacker tricks

Click-Once + App-Domain Injection
https://github.com/weaselsec/Click-Once-App-Domain-Injection

Читать полностью…

Hacker tricks

Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]
https://github.com/francozappa/bluffs

Читать полностью…

Hacker tricks

Creating an OPSEC safe loader for Red Team Operations
https://labs.nettitude.com/blog/creating-an-opsec-safe-loader-for-red-team-operations
Tartarus-TpAllocInject: This is a simple loader that uses indirect syscalls via the Tartarus' Gate method.
This loader executes shellcode with an known WINAPI CreateThreadPoolWait but I have changed things a little bit and instead, I call the underlying Tp* APIs from Ntdll.dll
https://github.com/nettitude/Tartarus-TpAllocInject

Читать полностью…

Hacker tricks

Home Grown Red Team: Hosting Encrypted Stager Shellcode
https://assume-breach.medium.com/home-grown-red-team-hosting-encrypted-stager-shellcode-1dc5e06eaeb3
StageFright: is a staged payload framework that allows the user to run customized staged payloads over various protocols
https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/StageFright

Читать полностью…

Hacker tricks

Frida-Labs: The repo contains a series of challenges for learning Frida for Android Exploitation
https://github.com/DERE-ad2001/Frida-Labs

Читать полностью…

Hacker tricks

Highlighting case using Burp Suite Bambda
https://gist.github.com/irsdl/d9078390cb844d538f75a2fe4831cadf

Читать полностью…

Hacker tricks

TrueSightKiller: is a CPP AV/EDR Killer
This driver can be used in Windows 23H2 with HVCI enabled, loldrivers blocklist, or WDAC enabled
https://github.com/MaorSabag/TrueSightKiller

Читать полностью…

Hacker tricks

SharpRODC: To audit the security of read-only domain controllers
https://github.com/wh0amitz/SharpRODC

Читать полностью…

Hacker tricks

Browsers' cache smuggling
https://blog.whiteflag.io/blog/browser-cache-smuggling

Читать полностью…

Hacker tricks

Default Credentials, P1 with $$$$ Reward in a Bug Bounty Program
https://infosecwriteups.com/default-credentials-p1-with-reward-in-a-bug-bounty-program-1aad9c008619

Читать полностью…

Hacker tricks

InfoSec Black Friday Deals:
Friday Hack Fest 2023 Edition
https://github.com/0x90n/InfoSec-Black-Friday

Читать полностью…

Hacker tricks

CTFCON2023-POC: This report documents a local elevation of privilege vulnerability in Active Directory Certificate Services (AD CS)
https://github.com/wh0amitz/CTFCON2023-POC

Читать полностью…

Hacker tricks

GhostDriver: is a Rust-built AV killer tool using BYOVD
https://github.com/BlackSnufkin/GhostDriver

Читать полностью…

Hacker tricks

Evading Detection With Nmap Part 2
https://infosecwriteups.com/evading-detection-with-nmap-part-2-7b4861f1377a

Читать полностью…

Hacker tricks

ServiceMove: is a POC code for an interesting lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution
https://github.com/netero1010/ServiceMove-BOF

Читать полностью…

Hacker tricks

A simple dll injector for Windows based on WINAPI's LoadLibrary function. Ring3 Injector project
https://github.com/ReFo0/injector

Читать полностью…

Hacker tricks

Building Advanced Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
https://embee-research.ghost.io/building-advanced-censys-queries-utilising-regex-bianlian

Читать полностью…

Hacker tricks

Behind the Scenes: The Daily Grind of Threat Hunter
https://kostas-ts.medium.com/behind-the-scenes-the-daily-grind-of-threat-hunter-8051de276597

Читать полностью…

Hacker tricks

Amnesiac: is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
https://github.com/Leo4j/Amnesiac

Читать полностью…

Hacker tricks

Abusing .NET Core CLR Diagnostic Features (+CVE-2023-33127)
https://bohops.com/2023/11/27/abusing-net-core-clr-diagnostic-features-cve-2023-33127

Читать полностью…

Hacker tricks

Custom GetProcAddress and GetModuleHandle parsing forwarded export
https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3

Читать полностью…

Hacker tricks

EvilSlackbot: A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces
https://github.com/Drew-Sec/EvilSlackbot

Читать полностью…

Hacker tricks

Powershell tools used for Red Team / Pentesting
https://github.com/gustanini/PowershellTools

Читать полностью…

Hacker tricks

Enumerating Logged-On Users on Remote Systems via RemoteRegistry / Winreg Named Pipe
https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1

Читать полностью…

Hacker tricks

Mass Hunting XSS vulnerabilities
https://infosecwriteups.com/mass-hunting-xss-vulnerabilities-5b53363dd3db

Читать полностью…

Hacker tricks

PenTesting Report Generation and Collaboration Engine
https://github.com/factionsecurity/faction

Читать полностью…
Подписаться на канал