hacker_trick | Неотсортированное

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Подписаться на канал

Hacker tricks

Immoral Fiber: This repository contains two new offensive techniques using Windows Fibers
PoisonFiber (The first remote enumeration & Fiber injection capability POC tool)
PhantomThread (An evolved callstack-masking implementation)
https://github.com/JanielDary/ImmoralFiber

Читать полностью…

Hacker tricks

CVE-2024-24787-PoC On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive
https://github.com/LOURC0D3/CVE-2024-24787-PoC

Читать полностью…

Hacker tricks

Go Binary Analysis with gftrace
https://0xdf.gitlab.io/2024/05/07/gftrace

Читать полностью…

Hacker tricks

DV_NEW: This is the combination of multiple evasion techniques. It is using direct syscalls to bypass user-mode EDR hooking and also to avoid static detection of syscalls instruction in stub I am using egg hunt technique
https://github.com/Offensive-Panda/DV_NEW

Читать полностью…

Hacker tricks

1,000,000 requests 2FA bypass
https://imwaiting18.medium.com/i-sent-1-000-000-requests-to-a-server-dcb6b41d5d7f

Читать полностью…

Hacker tricks

Inject DLLs into the Windows Explorer using icons
https://github.com/0xda568/IconJector

Читать полностью…

Hacker tricks

Custom Beacon Artifacts
https://rastamouse.me/custom-beacon-artifacts

Читать полностью…

Hacker tricks

JTAG Hacking with a Raspberry Pi
https://voidstarsec.com/blog/jtag-pifex

Читать полностью…

Hacker tricks

Devfile file write vulnerability in GitLab
https://gitlab-com.gitlab.io/gl-security/security-tech-notes/security-research-tech-notes/devfile

Читать полностью…

Hacker tricks

Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes
https://dirkjanm.io/lateral-movement-and-hash-dumping-with-temporary-access-passes-microsoft-entra

Читать полностью…

Hacker tricks

Process_Ghosting: is a technique in which a process is created from a delete pending file. This means the created process is not backed by a file. This is an evasion technique
https://github.com/BlackHat-Ashura/Process_Ghosting

Читать полностью…

Hacker tricks

Burpscript adds dynamic scripting abilities to Burp Suite, allowing you to write scripts in Python or Javascript to manipulate HTTP requests and responses
https://github.com/ivision-research/burpscript

Читать полностью…

Hacker tricks

Microsoft Graph API post-exploitation toolkit
https://github.com/mlcsec/SharpGraphView

Читать полностью…

Hacker tricks

Okta Verify and Okta FastPass Abuse Tool
https://github.com/CCob/okta-terrify

Читать полностью…

Hacker tricks

Microsoft Warbird and PMP
https://security-explorations.com/microsoft-warbird-pmp.html

Читать полностью…

Hacker tricks

Crawl4AI: is a powerful, free web crawling service designed to extract useful information from web pages and make it accessible for large language models (LLMs) and AI applications
https://github.com/unclecode/crawl4ai

Читать полностью…

Hacker tricks

Offensive IoT for Red Team Implants - Part 1
https://www.blackhillsinfosec.com/offensive-iot-for-red-team-implants-part-1

Читать полностью…

Hacker tricks

Custom Shellcode Creation in x64
https://s4dbrd.com/shellcode-creation-in-x64

Читать полностью…

Hacker tricks

Windows Memory Forensics
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump

Читать полностью…

Hacker tricks

RunasPy: is an utility to run specific processes with different permissions than the user's current logon provides using explicit credentials
https://github.com/rkbennett/RunAsPy

Читать полностью…

Hacker tricks

PoC for Exploiting CVE-2024-31848/49/50/51 - File Path Traversal. A prototype PoC for the automation of vulnerability analysis on targets running CData applications on an embedded Jetty server
https://github.com/Stuub/CVE-2024-31848-PoC

Читать полностью…

Hacker tricks

TrollDump: Dump lsass using taskmgr
https://github.com/cybersectroll/TrollDump

Читать полностью…

Hacker tricks

When "Phish-Proof" Gets Hooked
https://www.persistent-security.net/post/when-phish-proof-gets-hooked

Читать полностью…

Hacker tricks

TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak
https://www.leviathansecurity.com/blog/tunnelvision

Читать полностью…

Hacker tricks

LLM Pentest: Leveraging Agent Integration For RCE
https://www.blazeinfosec.com/post/llm-pentest-agent-hacking

Читать полностью…

Hacker tricks

ShellServe: Multi-client network fileserver with integrated shell functionality, crafted in C using system calls for efficient and direct file and command processing
https://github.com/7etsuo/ShellServe

Читать полностью…

Hacker tricks

A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine
https://github.com/synacktiv/Invoke-RunAsWithCert

Читать полностью…

Hacker tricks

DnsClientX: DnsClient for .NET and PowerShell
https://github.com/EvotecIT/DnsClientX

Читать полностью…

Hacker tricks

Get root via TTY / TIOCSTI stuffing
https://github.com/hackerschoice/ttyinject

Читать полностью…

Hacker tricks

epeius: Deploy Trojan using a Serverless approach
https://github.com/ca110us/epeius

Читать полностью…
Подписаться на канал