hacker_trick | Неотсортированное

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Подписаться на канал

Hacker tricks

Using Backup Utilities for Data Exfiltration
https://www.huntress.com/blog/using-backup-utilities-for-data-exfiltration

Читать полностью…

Hacker tricks

Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty”
https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty

Читать полностью…

Hacker tricks

Official writeups for Cyber Apocalypse CTF 2024: Hacker Royale
https://github.com/hackthebox/cyber-apocalypse-2024

Читать полностью…

Hacker tricks

COM objects 101
https://30t4.me/posts/COM-Objects-101

Читать полностью…

Hacker tricks

LNK Hijacking & RTLO for spoofing
aleksandar.gojovic/lnk-hijacking-rtlo-for-spoofing-d9872a193c94" rel="nofollow">https://medium.com/@aleksandar.gojovic/lnk-hijacking-rtlo-for-spoofing-d9872a193c94

Читать полностью…

Hacker tricks

What a Cluster: Local Volumes Vulnerability in Kubernetes
https://www.akamai.com/blog/security-research/2024/mar/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges

Читать полностью…

Hacker tricks

HuffLoader: Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Ldr
https://github.com/0xHossam/HuffLoader

Читать полностью…

Hacker tricks

Attacking Android
https://blog.devsecopsguides.com/attacking-android

Читать полностью…

Hacker tricks

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance
https://github.com/subat0mik/Misconfiguration-Manager

Читать полностью…

Hacker tricks

Behind the Code: Assessing Public Compile-Time Obfuscators for Enhanced OPSEC
https://trustedsec.com/blog/behind-the-code-assessing-public-compile-time-obfuscators-for-enhanced-opsec

Читать полностью…

Hacker tricks

Unknown Nim Loader using PSBypassCLM
https://medium.com/walmartglobaltech/unknown-nim-loader-using-psbypassclm-cafdf0e0f5cd

Читать полностью…

Hacker tricks

CVE-2024-1403 Progress OpenEdge Authentication Bypass
https://github.com/horizon3ai/CVE-2024-1403

Читать полностью…

Hacker tricks

MacOs Malware Dev
https://0xf00sec.github.io/2024/03/09/MacOs-X
OSX-Injection:
https://github.com/0xf00sec/OSX-Injection

Читать полностью…

Hacker tricks

IndicatorOfCanary: is a collection of PoCs from research on identifying canaries in various file formats
https://github.com/HackingLZ/IndicatorOfCanary

Читать полностью…

Hacker tricks

UAC-0050, Cracking The DaVinci Code
https://blog.bushidotoken.net/2024/03/tracking-adversaries-uac-0050-cracking.html

Читать полностью…

Hacker tricks

Wishing: Webhook Phishing in Teams
https://www.blackhillsinfosec.com/wishing-webhook-phishing-in-teams

Читать полностью…

Hacker tricks

A kernel exploit for Pixel7/8 Pro with Android 14
https://github.com/0x36/Pixel_GPU_Exploit

Читать полностью…

Hacker tricks

BlueSpy: is a PoC to record and replay audio from a bluetooth device without the legitimate user's awareness
https://github.com/TarlogicSecurity/BlueSpy

Читать полностью…

Hacker tricks

Exfiltrating Sensitive Information via Reflected XSS Bypassing Cloudflare
mayankchoubey507/exfiltrating-sensitive-information-via-reflected-xss-bypassing-cloudfare-d82d9ccc24d6" rel="nofollow">https://medium.com/@mayankchoubey507/exfiltrating-sensitive-information-via-reflected-xss-bypassing-cloudfare-d82d9ccc24d6

Читать полностью…

Hacker tricks

Open redirect to XSS and Account takeover (ATO)
them7x/open-redirect-to-xss-and-account-takeover-ato-7ccd3a41d2a0" rel="nofollow">https://medium.com/@them7x/open-redirect-to-xss-and-account-takeover-ato-7ccd3a41d2a0
0 Click Account Takeover Via reset password weird behavior
0xSnowmn/0-click-account-takeover-via-reset-password-weird-behavior-026846e5f850" rel="nofollow">https://medium.com/@0xSnowmn/0-click-account-takeover-via-reset-password-weird-behavior-026846e5f850

Читать полностью…

Hacker tricks

CVE-2024-21762 Fortinet FortiOS out-of-bounds write
https://github.com/h4x0r-dz/CVE-2024-21762
CVE-2024-25153 Fortra FileCatalyst RCE
https://github.com/nettitude/CVE-2024-25153
bruteforcing your way through Jenkins CVE-2024-23897
https://www.errno.fr/bruteforcing_CVE-2024-23897
CVE-2024-20696 - Windows Libarchive RCE
https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce

Читать полностью…

Hacker tricks

CVE-2024-21378 RCE in Microsoft Outlook 
https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378

Читать полностью…

Hacker tricks

HTB: Appsanity
https://0xdf.gitlab.io/2024/03/09/htb-appsanity

Читать полностью…

Hacker tricks

WinSOS: This technique utilizes executables within the WinSxS folder, commonly trusted by Windows, to exploit the classic DLL Search Order Hijacking method
https://github.com/thiagopeixoto/winsos-poc

Читать полностью…

Hacker tricks

ReflectiveLoading And InflativeLoading
https://winslow1984.com/books/malware/page/reflectiveloading-and-inflativeloading

Читать полностью…

Hacker tricks

First in-the-wild 0-day of 2023 🔥 CVE-2023-21674 is a vulnerability in Windows Advanced Local Procedure Call (ALPC) that could lead to a browser sandbox escape and allow attackers to gain SYSTEM privileges
https://github.com/hd3s5aa/CVE-2023-21674

Читать полностью…

Hacker tricks

EquationToolsGUI: scan and verify MS17-010, MS09-050, MS08-067 vulnerabilities
https://github.com/abc123info/EquationToolsGUI

Читать полностью…

Hacker tricks

pgAdmin (<=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE)
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce

Читать полностью…

Hacker tricks

ByassX: The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously
https://github.com/vulnableone/BypassX

Читать полностью…

Hacker tricks

Data Exfiltration: Increasing Number of Tools Leveraged by Ransomware Attackers
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-data-exfiltration

Читать полностью…
Подписаться на канал