hacker_trick | Неотсортированное

Telegram-канал hacker_trick - Hacker tricks

-

CVEs🔰 Tools🛠 Security Research🔒

Подписаться на канал

Hacker tricks

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region
https://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV

Читать полностью…

Hacker tricks

Pwn2Own Toronto 2022 :
A 9-year-old bug in MikroTik RouterOS
https://devco.re/blog/2024/05/24/pwn2own-toronto-2022-a-9-year-old-bug-in-mikrotik-routeros-en

Читать полностью…

Hacker tricks

AMSI Bypass via VEH: A PowerShell AMSI Bypass technique via Vectored Exception Handler (VEH)
https://github.com/vxCrypt0r/AMSI_VEH

Читать полностью…

Hacker tricks

New ransomware group abusing BitLocker
https://securelist.com/ransomware-abuses-bitlocker

Читать полностью…

Hacker tricks

Old new email attacks
https://blog.slonser.info/posts/email-attacks

Читать полностью…

Hacker tricks

How to create your own mythic agent in C
https://red-team-sncf.github.io/how-to-create-your-own-mythic-agent-in-c

Читать полностью…

Hacker tricks

Nuking Weak Shellcode Hacker Hashes
https://karma-x.io/blog/post/30

Читать полностью…

Hacker tricks

Format String Exploitation: A Hands-On Exploration for Linux
https://blog.nviso.eu/2024/05/23/format-string-exploitation-a-hands-on-exploration-for-linux

Читать полностью…

Hacker tricks

TrollAMSI: This new technique is called "Reflection with method swapping"
https://github.com/cybersectroll/TrollAMSI

Читать полностью…

Hacker tricks

LetMeowIn – Analysis of a Credential Dumper
https://www.binarydefense.com/resources/blog/letmeowin-analysis-of-a-credential-dumper

Читать полностью…

Hacker tricks

ANSI Escape Injection Vulnerability in WinRAR
https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983

Читать полностью…

Hacker tricks

CVE-2024-21683 RCE in Confluence Data Center and Server
https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server

Читать полностью…

Hacker tricks

no-defender: A slightly more fun way to disable windows defender. (through the WSC api)
https://github.com/es3n1n/no-defender

Читать полностью…

Hacker tricks

Mystique Self-Injection: represents an advancement over the Mockingjay Self-Injection method by eliminating the dependency on a trusted DLL with RWX sections
https://github.com/thiagopeixoto/mystique-self-injection

Читать полностью…

Hacker tricks

Authentication Bypass due to Sensitive Data Exposure in Local Storage
kritikasingh06/authentication-bypass-due-to-sensitive-data-exposure-in-local-storage-8a706c798800" rel="nofollow">https://medium.com/@kritikasingh06/authentication-bypass-due-to-sensitive-data-exposure-in-local-storage-8a706c798800

Читать полностью…

Hacker tricks

A Command-Line Tool for Microsoft Graph API Exploration
https://github.com/dazzyddos/GraphShell

Читать полностью…

Hacker tricks

OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"
https://github.com/ic3qu33n/OffensiveCon24-uefi-task-of-the-translator

Читать полностью…

Hacker tricks

Injecting code into PPL processes without vulnerable drivers
https://github.com/Slowerzs/PPLSystem

Читать полностью…

Hacker tricks

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack

Читать полностью…

Hacker tricks

How to achieve eternal persistence in an Active Directory environment - Part 1
https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence

Читать полностью…

Hacker tricks

CVE-2024-4956 Unauthenticated Path Traversal in Nexus Repository Manager 3
https://github.com/erickfernandox/CVE-2024-4956

Читать полностью…

Hacker tricks

Offensive IoT for Red Team Implants (Part 3)
https://www.blackhillsinfosec.com/offensive-iot-for-red-team-implants-part-3

Читать полностью…

Hacker tricks

Official writeups for Business CTF 2024: The Vault Of Hope
https://github.com/hackthebox/business-ctf-2024

Читать полностью…

Hacker tricks

CVE-2024-21683 Confluence Authenticated RCE
https://github.com/W01fh4cker/CVE-2024-21683-RCE

Читать полностью…

Hacker tricks

Java (JSP) - Bring Your Own Jar
https://red.0xbad53c.com/red-team-operations/initial-access/webshells/java-jsp-bring-your-own-jar

Читать полностью…

Hacker tricks

Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323

Читать полностью…

Hacker tricks

DPRK-Research: Tools to analyze malware from APT groups associated with DPRK
https://github.com/errbody/DPRK-Research

Читать полностью…

Hacker tricks

Bypassing Windows Defender
https://0xstarlight.github.io/posts/Bypassing-Windows-Defender

Читать полностью…

Hacker tricks

Abusing url handling in iTerm2 and Hyper for code execution
https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators

Читать полностью…

Hacker tricks

JS-Tap Mark II: Now with C2 Shenanigans
https://trustedsec.com/blog/js-tap-mark-ii-now-with-c2-shenanigans

Читать полностью…
Подписаться на канал