hacker_trick | Неотсортированное

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Подписаться на канал

Hacker tricks

Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323

Читать полностью…

Hacker tricks

DPRK-Research: Tools to analyze malware from APT groups associated with DPRK
https://github.com/errbody/DPRK-Research

Читать полностью…

Hacker tricks

Bypassing Windows Defender
https://0xstarlight.github.io/posts/Bypassing-Windows-Defender

Читать полностью…

Hacker tricks

Abusing url handling in iTerm2 and Hyper for code execution
https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators

Читать полностью…

Hacker tricks

JS-Tap Mark II: Now with C2 Shenanigans
https://trustedsec.com/blog/js-tap-mark-ii-now-with-c2-shenanigans

Читать полностью…

Hacker tricks

Bypass authentication GitHub Enterprise Server CVE-2024-4985
https://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server

Читать полностью…

Hacker tricks

Microsoft Entra Connect: Connect Sync vs Cloud Sync
https://tierzerosecurity.co.nz/2024/05/21/ms-entra-connect-sync-mothods.html

Читать полностью…

Hacker tricks

CVE-2024-4367 arbitrary js execution in pdf js
https://github.com/s4vvysec/CVE-2024-4367-POC

Читать полностью…

Hacker tricks

ADFSDump-PS: PowerShell Implementation of ADFSDump to assist with GoldenSAML
https://github.com/ZephrFish/ADFSDump-PS

Читать полностью…

Hacker tricks

Analyzing JavaScript Files To Find Bugs
https://rajput623929.medium.com/analyzing-javascript-files-to-find-bugs-2b7d67a52c4e

Читать полностью…

Hacker tricks

IP-Hunter:
Hunt for C2 servers and phishing web sites using VirusTotal API , you can modify code to kill the malicious process
https://github.com/SaadAhla/IP-Hunter

Читать полностью…

Hacker tricks

PoC for CVE-2024-32002 Git submodules RCE
https://github.com/safebuffer/CVE-2024-32002

Читать полностью…

Hacker tricks

Understanding Malware Patching: Resources
https://medium.com/phrozen/understanding-malware-patching-resources-81650bb6190d

Читать полностью…

Hacker tricks

Freeway: WiFi Penetration Testing & Auditing Tool
https://github.com/FLOCK4H/Freeway

Читать полностью…

Hacker tricks

Muraider - Automating the detection & Exploitation of CVE-2024-32640 \ SQLi in Mura/Masa CMS
https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS
PoC for LPE bug in xbox gaming service
https://github.com/Wh04m1001/GamingServiceEoP5
PoC for CVE-2024-29895 Cacti RCE
https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC
PoC for CVE-2024-27130 QNAP RCE 
https://github.com/watchtowrlabs/CVE-2024-27130
Apache-OFBiz-Directory-Traversal-exploit
https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit

Читать полностью…

Hacker tricks

CVE-2024-21683 RCE in Confluence Data Center and Server
https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server

Читать полностью…

Hacker tricks

no-defender: A slightly more fun way to disable windows defender. (through the WSC api)
https://github.com/es3n1n/no-defender

Читать полностью…

Hacker tricks

Mystique Self-Injection: represents an advancement over the Mockingjay Self-Injection method by eliminating the dependency on a trusted DLL with RWX sections
https://github.com/thiagopeixoto/mystique-self-injection

Читать полностью…

Hacker tricks

Authentication Bypass due to Sensitive Data Exposure in Local Storage
kritikasingh06/authentication-bypass-due-to-sensitive-data-exposure-in-local-storage-8a706c798800" rel="nofollow">https://medium.com/@kritikasingh06/authentication-bypass-due-to-sensitive-data-exposure-in-local-storage-8a706c798800

Читать полностью…

Hacker tricks

TrollUAC: UAC bypass for x64
https://github.com/cybersectroll/TrollUAC

Читать полностью…

Hacker tricks

How I Hacked NASA LDAP Server
maxcyber882/how-i-hacked-nasa-ldap-server-b7cbb8cd0eee" rel="nofollow">https://medium.com/@maxcyber882/how-i-hacked-nasa-ldap-server-b7cbb8cd0eee

Читать полностью…

Hacker tricks

awrbacs: AWACS for RBAC. Tool for auditing CRUD permissions in Kubernetes' RBAC.
https://github.com/lobuhi/awrbacs

Читать полностью…

Hacker tricks

CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive

Читать полностью…

Hacker tricks

CVE-2024-22120 Time Based SQL Injection
in Zabbix Server Audit Log --> RCE
https://github.com/W01fh4cker/CVE-2024-22120-RCE

Читать полностью…

Hacker tricks

JNDI Injection — The Complete Story
https://infosecwriteups.com/jndi-injection-the-complete-story-4c5bfbb3f6e1

Читать полностью…

Hacker tricks

Everything and anything related to password spraying
https://github.com/puzzlepeaches/awesome-password-spraying

Читать полностью…

Hacker tricks

Chrome bug chain on Viz & v8 (May 2024)
https://zerodayengineering.com/insights/chrome-viz-v8-wasm

Читать полностью…

Hacker tricks

HermitPurple is part of an extensive toolkit aimed at enhancing digital investigative capabilities within the Maltego framework
https://github.com/CyberSecurityUP/HermitPurple-Maltegoce

Читать полностью…

Hacker tricks

Payload Trends in Malicious OneNote Samples
https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples

Читать полностью…

Hacker tricks

This project can bypass most of the AC except for some perverts that enable VT to monitor page tables
https://github.com/3499409631/ReadPhysicalMemory-Without-API

Читать полностью…
Подписаться на канал