hacker_trick | Неотсортированное

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Подписаться на канал

Hacker tricks

Android Banking Trojan Chameleon is Back in Action
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action

Читать полностью…

Hacker tricks

npm search RCE? - Escape Sequence Injection
https://blog.solidsnail.com/posts/npm-esc-seq

Читать полностью…

Hacker tricks

Useful tools for searching for WebCams, Information Channels and public access Wifi for the collection of information useful for analysis activities
https://github.com/CScorza/OSINTSurveillance

Читать полностью…

Hacker tricks

Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook:
Part 1    ○●    Part 2

Читать полностью…

Hacker tricks

AtlasLdr: Reflective x64 loader implemented using dynamic indirect syscalls
https://github.com/Krypteria/AtlasLdr

Читать полностью…

Hacker tricks

whats-spoofing: Whatsapp Exploit to spoofing impersonate of reply message
https://github.com/lichti/whats-spoofing

Читать полностью…

Hacker tricks

SingleDose: Generate Shellcode Loaders & Injects
https://github.com/Wra7h/SingleDose
Chimera: Automated DLL Sideloading Tool With EDR Evasion Capabilities
https://github.com/georgesotiriadis/Chimera
Slip: is a CLI tool to create malicious archive files containing path traversal payloads. It supports zip, tar, 7z, jar, war, apk and ipa archives
https://github.com/0xless/slip
Anti Virus Evading Payloads
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads

Читать полностью…

Hacker tricks

OilRig’s persistent attacks using cloud service-powered downloaders
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains
https://unit42.paloaltonetworks.com/detecting-malicious-stockpiled-domains
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793
https://www.fortinet.com/blog/threat-research/teamcity-intrusion-saga-apt29-suspected-exploiting-cve-2023-42793

Читать полностью…

Hacker tricks

Kerberos OPSEC: Offense & Detection Strategies for Red and Blue Team - Part 1 : Kerberoasting
https://www.intrinsec.com/kerberos_opsec_part_1_kerberoasting

Читать полностью…

Hacker tricks

PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record
https://github.com/knight0x07/DarkGate-Install-Script-via-DNS-TXT-Record

Читать полностью…

Hacker tricks

MilkBox: PoC of dumping EFI runtime drivers
https://github.com/0x00Alchemist/MilkBox

Читать полностью…

Hacker tricks

Atlassian Companion RCE Vulnerability Proof of Concept (CVE-2023-22524)
https://github.com/ron-imperva/CVE-2023-22524

Читать полностью…

Hacker tricks

Adcshunter: Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective
https://github.com/danti1988/adcshunter

Читать полностью…

Hacker tricks

Unravelling the Web: AI’s Tangled Web of Prompt Injection Woes
https://labs.nettitude.com/blog/artificial-intelligence/unravelling-the-web-ais-tangled-web-of-prompt-injection-woes

Читать полностью…

Hacker tricks

Spamming Microsoft 365 Like It’s 1995
https://www.blackhillsinfosec.com/spamming-microsoft-365-like-its-1995

Читать полностью…

Hacker tricks

Introducing YARA-Forge
https://cyb3rops.medium.com/introducing-yara-forge-a77cbb77dcab

Читать полностью…

Hacker tricks

What Are Server-Side Request Forgeries And How To Exploit Them
https://blog.novasec.io/what-are-server-side-request-forgeries-ssrf-and-how-to-exploit-them

Читать полностью…

Hacker tricks

bbs: is a router for SOCKS and HTTP proxies
https://github.com/synacktiv/bbs

Читать полностью…

Hacker tricks

NotEnough: This tool calculates tricky canonical huffman histogram for CVE-2023-4863
https://github.com/caoweiquan322/NotEnough

Читать полностью…

Hacker tricks

Some tips to earn your first bounty to find XSS,Blind-XSS,SQLI,SSRF,LFI,LOG4J using some handy automation tools
Alra3ees/some-tips-to-earn-your-first-bounty-find-xss-blind-xss-sqli-ssrf-lfi-log4j-using-some-handy-tools-2ae31afeae1a" rel="nofollow">https://medium.com/@Alra3ees/some-tips-to-earn-your-first-bounty-find-xss-blind-xss-sqli-ssrf-lfi-log4j-using-some-handy-tools-2ae31afeae1a

Читать полностью…

Hacker tricks

A simple PoC of injection shellcode into a remote process and get the output using namepipe
https://github.com/MaorSabag/interactive-execute-shellcode

Читать полностью…

Hacker tricks

Winton: Yet another C2 framework written in Golang
https://github.com/gatariee/Winton
AutoRecon: is a multi-threaded network reconnaissance tool which performs automated enumeration of services
https://github.com/Tib3rius/AutoRecon
DataBouncing: is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation
https://github.com/Unit-259/DataBouncing
LocklessBof: enumerate open file handles and facilitate the fileless download of locked files
https://github.com/antroguy/LocklessBof

Читать полностью…

Hacker tricks

Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity

Читать полностью…

Hacker tricks

SMTP Smuggling - Spoofing E-Mails Worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide

Читать полностью…

Hacker tricks

PEAs: Process Enumeration alternatives that avoid the use of CreateToolhelp32Snapshot, Process32First, Process32Next WinAPIs to enumerate running processes on windows
https://github.com/Bl4ckM1rror/PEAs

Читать полностью…

Hacker tricks

Observed Exploitation Attempts of Struts 2 S2-066 Vulnerability (CVE-2023-50164)
https://www.akamai.com/blog/security-research/apache-struts-cve-exploitation-attempts

Читать полностью…

Hacker tricks

SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
https://gist.github.com/testanull/dac6029d306147e6cc8dce9424d09868

Читать полностью…

Hacker tricks

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
https://securelist.com/unveiling-nkabuse

Читать полностью…

Hacker tricks

Dashboard for Nuclei Results ProjectDiscovery Cloud Platform Integration
https://blog.projectdiscovery.io/dashboard-for-nuclei-results-projectdiscovery-cloud-platform-integration

Читать полностью…

Hacker tricks

Abusing Liftoff assembly and efficiently escaping from sbx
https://retr0.zip/blog/abusing-Liftoff-assembly-and-efficiently-escaping-from-sbx.html

Читать полностью…
Подписаться на канал