hacker_trick | Неотсортированное

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Подписаться на канал

Hacker tricks

BlackHat ASIA 2024 Slides
https://github.com/onhexgroup/Conferences/tree/main/BlackHat%20ASIA%202024-Slides

Читать полностью…

Hacker tricks

Backdooring Dotnet Applications
https://starkeblog.com/backdooring/dotnet/2024/04/19/backdooring-dotnet-applications

Читать полностью…

Hacker tricks

PoC for CVE-2024-20356:
A Command Injection vulnerability in Cisco's CIMC
https://github.com/nettitude/CVE-2024-20356

Читать полностью…

Hacker tricks

MagicDot: A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
https://github.com/SafeBreach-Labs/MagicDot

Читать полностью…

Hacker tricks

CelestialSpark: A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust
https://github.com/Karkas66/CelestialSpark

Читать полностью…

Hacker tricks

Fake Dialog Boxes to Make Malware More Convincing
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-dialog-boxes-to-make-malware-more-convincing

Читать полностью…

Hacker tricks

CVE-2024-20697: Windows Libarchive RCE Vulnerability
https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability

Читать полностью…

Hacker tricks

The Windows Registry Adventure
1: Introduction and research results
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
2: A brief history of the feature
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html

Читать полностью…

Hacker tricks

CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster
https://rhinosecuritylabs.com/research/cve-2024-2448-kemp-loadmaster

Читать полностью…

Hacker tricks

IronSharpPack: is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then reflective load the C# project
https://github.com/BC-SECURITY/IronSharpPack

Читать полностью…

Hacker tricks

CVE-2024-21338: Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled
https://github.com/hakaioffsec/CVE-2024-21338

Читать полностью…

Hacker tricks

Using the LockBit builder to generate targeted ransomware
https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware

Читать полностью…

Hacker tricks

How I got JS Execution (DOM XSS) Via CSTI
amrkadry7/how-i-got-js-execution-dom-xss-via-csti-58a4171c2963" rel="nofollow">https://medium.com/@amrkadry7/how-i-got-js-execution-dom-xss-via-csti-58a4171c2963

Читать полностью…

Hacker tricks

Horus: is an all-in-one encompassing tool for investigations assistance, from API leveraging to compiling data too
https://github.com/6abd/horus

Читать полностью…

Hacker tricks

Branch History Injection
https://www.vusec.net/projects/bhi-spectre-bhb

Читать полностью…

Hacker tricks

New Backdoor, MadMxShell
https://www.zscaler.com/blogs/security-research/malvertising-campaign-targeting-it-teams-madmxshell
Analysis of Pupy RAT Used in Attacks Against Linux Systems
https://asec.ahnlab.com/en/64258

Читать полностью…

Hacker tricks

etw hook (syscall/infinity hook) compatible with the latest Windows version of PG
https://github.com/Oxygen1a1/etw_hook_latest

Читать полностью…

Hacker tricks

KExecDD:
Admin to Kernel code execution using the KSecDD driver
https://github.com/floesen/KExecDD

Читать полностью…

Hacker tricks

PasteBomb C2-less RAT: is a simple, yet powerful, remote administration Trojan (RAT) that allows you to execute terminal commands, send (D)DoS attacks, download files, and open messages in your victim's browser
https://github.com/marco-liberale/PasteBomb

Читать полностью…

Hacker tricks

pyMetaTwin: Copy metadata and digital signatures information from one Windows executable to another using Wine on a non-Windows platform
https://github.com/Cerbersec/pyMetaTwin

Читать полностью…

Hacker tricks

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers

Читать полностью…

Hacker tricks

Chaining N-days to Compromise All:
Part 4 — VMware Workstation Information leakage
https://blog.theori.io/chaining-n-days-to-compromise-all-part-4-vmware-workstation-information-leakage-44476b05d410

Читать полностью…

Hacker tricks

I Found An IDOR Flaw where users' attached pictures and documents were leaked
Ajakcybersecurity/i-found-an-idor-flaw-where-users-attached-pictures-and-documents-were-leaked-961d564ce72f" rel="nofollow">https://medium.com/@Ajakcybersecurity/i-found-an-idor-flaw-where-users-attached-pictures-and-documents-were-leaked-961d564ce72f

Читать полностью…

Hacker tricks

LetMeowIn: LSASS dumper using C++ and MASM x64
https://github.com/Meowmycks/LetMeowIn

Читать полностью…

Hacker tricks

HTB CTF: Cracking Passwords with Hashcat
https://infosecwriteups.com/htb-ctf-cracking-passwords-with-hashcat-6a932514e5c8

Читать полностью…

Hacker tricks

DceRPC-OS-Info: Golang implements obtaining Windows remote host information through dcerpc and ntlmssp
https://github.com/W01fh4cker/DceRPC-OS-Info

Читать полностью…

Hacker tricks

Story of a strange IDOR without ID
https://m7arm4n.medium.com/story-of-a-strange-idor-without-id-6735fd3dcd27

Читать полностью…

Hacker tricks

Unauthorized Admin Account Access via Google Authentication
https://nullr3x.medium.com/unauthorized-admin-account-access-via-google-authentication-a38d42577ac9

Читать полностью…

Hacker tricks

Understanding ETW Patching
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b

Читать полностью…

Hacker tricks

Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
https://unit42.paloaltonetworks.com/cve-2024-3400

Читать полностью…
Подписаться на канал