QRucible: Python utility that generates "imageless" QR codes in various formats
https://github.com/Flangvik/QRucible
Mobile OAuth Attacks
iOS URL Scheme Hijacking Revamped
https://evanconnelly.github.io/post/ios-oauth
CVE-2024-30078 Exploit
basic concept for the latest windows wifi driver CVE
https://github.com/blkph0x/CVE_2024_30078_POC_WIFI
CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13
https://github.com/pl4int3xt/cve_2024_0044
DOSVisor: x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform
https://github.com/x86matthew/DOSVisor
Off-path TCP hijacking in NAT-enabled Wi-Fi networks
https://blog.apnic.net/2024/06/18/off-path-tcp-hijacking-in-nat-enabled-wi-fi-networks
Preauth RCE on NVIDIA Triton Server
https://sites.google.com/site/zhiniangpeng/blogs/Triton-RCE
From Clipboard to Compromise: A PowerShell Self-Pwn
https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn
Attack Paths Into VMs in the Cloud
https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors
Exploit for CVE-2024-23692
Unauthenticated RCE Flaw in Rejetto HTTP File Server
https://github.com/0x20c/CVE-2024-23692-EXP
Go keylogger for Windows, logging keyboard input to a file using Windows API functions, and it is released under the Unlicense
https://github.com/EvilBytecode/Keylogger
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability
https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitive-user-data-from-apps-on-android-12-and-13-using-cve-2024-0044-vulnerability
Bloxstrap-Persistance: modifies Bloxstrap's settings (Settings.json) to add persistent integrations, showcasing how applications can be exploited
https://github.com/EvilBytecode/Bloxstrap-Persistance
CVE-2024-20693: Windows cached code signature manipulation
https://sector7.computest.nl/post/2024-06-cve-2024-20693-windows-cached-code-signature-manipulation
DLL Jmping: Old Hollow Trampolines in Windows DLL Land
https://www.blackhillsinfosec.com/dll-jmping
Lifetime-Amsi-EtwPatch: Two in one, patch lifetime powershell console, no more etw and amsi
https://github.com/EvilBytecode/Lifetime-Amsi-EtwPatch
SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment
https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment
Lifetime AMSI bypass
https://github.com/EvilBytecode/Lifetime-AmsiBypass
Powershell-Persistance (PoC)
https://github.com/EvilBytecode/Powershell-Persistance
Evil-Go: A malicous Golang Package
https://github.com/EvilBytecode/Evil-Go
Active Directory Methodology in Pentesting: A Comprehensive Guide
verylazytech/active-directory-methodology-in-pentesting-a-comprehensive-guide-fa7e8e5ff9d3" rel="nofollow">https://medium.com/@verylazytech/active-directory-methodology-in-pentesting-a-comprehensive-guide-fa7e8e5ff9d3
Progressive Web Apps (PWA) on Windows - forensics and detection of use
https://www.boredhackerblog.info/2024/06/progressive-web-apps-pwa-on-windows.html
VOIDGATE: A technique that can be used to bypass AV/EDR memory scanners
https://github.com/vxCrypt0r/Voidgate
EDR-XDR-AV-Killer: Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
https://github.com/EvilBytecode/EDR-XDR-AV-Killer
Section-based payload obfuscation technique for x64
https://github.com/pygrum/gimmick
Analysis of user password strength
https://securelist.com/passworde-brute-force-time
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability
https://github.com/scs-labrat/android_autorooter
Spoofing PowerShell Security Logs and Bypassing AMSI Without Reflection or Patching
https://bc-security.org/scriptblock-smuggling
ScriptBlock-Smuggling:
https://github.com/BC-SECURITY/ScriptBlock-Smuggling
Malware Development
Part 5: DLL injection into the process
Part 6: DLL hijacking
Part 7: Advanced Code Injection
Iconv, set the charset to RCE:
Exploiting the glibc to hack the PHP engine (part 2)
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Abusing title reporting and tmux integration in iTerm2 for code execution
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html
VBA: having fun with macros, overwritten pointers & R/W/X memory
https://adepts.of0x.cc/vba-hijack-pointers-rwa