🔥🔥🔥Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++, the architecture and usage like Cobalt Strike
https://github.com/geemion/Khepri
#post-Exploit
https://github.com/geemion/Khepri
#post-Exploit
GitHub
GitHub - roadwy/RIP
Contribute to roadwy/RIP development by creating an account on GitHub.
spook.js POC
https://news.1rj.ru/str/Peneter_News/23
https://github.com/spookjs/spookjs-poc
#spookjs #Chrome
https://news.1rj.ru/str/Peneter_News/23
https://github.com/spookjs/spookjs-poc
#spookjs #Chrome
Telegram
Peneter News
یک حمله Side channel با نام spook.js که قابلیت دور زدن مکانیسم امنیت Google Chrome که برای حملات Spectre طراحی شده بود را دارد .
https://www.spookjs.com/files/spook-js.pdf
spook.js = transient execution side-channel attack
پ.ن:
حمله Side channel : در واقع…
https://www.spookjs.com/files/spook-js.pdf
spook.js = transient execution side-channel attack
پ.ن:
حمله Side channel : در واقع…
A shellcode function to encrypt a running process image when sleeping
https://github.com/SolomonSklash/SleepyCrypt
https://www.solomonsklash.io/SleepyCrypt-shellcode-to-encrypt-a-running-image.html
#obfuscation #sleepycrypt
https://github.com/SolomonSklash/SleepyCrypt
https://www.solomonsklash.io/SleepyCrypt-shellcode-to-encrypt-a-running-image.html
#obfuscation #sleepycrypt
GitHub
GitHub - SolomonSklash/SleepyCrypt: A shellcode function to encrypt a running process image when sleeping.
A shellcode function to encrypt a running process image when sleeping. - SolomonSklash/SleepyCrypt
MSHTML OFFICE Exploit
https://github.com/klezVirus/CVE-2021-40444
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)
https://github.com/horizon3ai/CVE-2021-38647
https://github.com/klezVirus/CVE-2021-40444
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)
https://github.com/horizon3ai/CVE-2021-38647
GitHub
GitHub - klezVirus/CVE-2021-40444: CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit - klezVirus/CVE-2021-40444
PoC CVE-2021-30632 - Out of bounds write in V8
"Tested against Samsung Internet Browser v15.0.2.47, which does not yet have Google's patch."
Google Chrome
https://github.com/Phuong39/PoC-CVE-2021-30632
"Tested against Samsung Internet Browser v15.0.2.47, which does not yet have Google's patch."
Google Chrome
https://github.com/Phuong39/PoC-CVE-2021-30632
GitHub
GitHub - Phuong39/PoC-CVE-2021-30632: PoC CVE-2021-30632 - Out of bounds write in V8
PoC CVE-2021-30632 - Out of bounds write in V8. Contribute to Phuong39/PoC-CVE-2021-30632 development by creating an account on GitHub.
Using CodeQL to detect client-side vulnerabilities in web applications
codeql database create example.com --language=javanoscript
codeql database analyze example.com javanoscript-lgtm.qls --format=sarif-latest --output=results.sarif
./unwebpack_sourcemap.py --detect https://example.com/auth/login example.com
https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications/
#codeql #vulnerability #scanner #clientside
codeql database create example.com --language=javanoscript
codeql database analyze example.com javanoscript-lgtm.qls --format=sarif-latest --output=results.sarif
./unwebpack_sourcemap.py --detect https://example.com/auth/login example.com
https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications/
#codeql #vulnerability #scanner #clientside
Raz0r.name — Web Application Security
Using CodeQL to detect client-side vulnerabilities in web applications | Raz0r — Web3 Security
GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code. CodeQL is known as a tool to inspect open source repositories, however its usage is not limited just to it. In this article…
A new Chrome browser extension has been released to help bug bounty hunters find keys that have made their way into JavaScript online.
https://github.com/trufflesecurity/Trufflehog-Chrome-Extension
#Trufflehog #javanoscript #bugbounty #redteam
https://github.com/trufflesecurity/Trufflehog-Chrome-Extension
#Trufflehog #javanoscript #bugbounty #redteam
GitHub
GitHub - trufflesecurity/Trufflehog-Chrome-Extension
Contribute to trufflesecurity/Trufflehog-Chrome-Extension development by creating an account on GitHub.
EXOCET - AV-evading, undetectable, payload delivery tool
https://github.com/tanc7/EXOCET-AV-Evasion
#FUD
https://github.com/tanc7/EXOCET-AV-Evasion
#FUD
GitHub
GitHub - tanc7/EXOCET-AV-Evasion: EXOCET - AV-evading, undetectable, payload delivery tool
EXOCET - AV-evading, undetectable, payload delivery tool - tanc7/EXOCET-AV-Evasion
Free,Cross-platform,Single-file mass network protocol server simulator
https://github.com/fofapro/fapro
#blueteam
https://github.com/fofapro/fapro
#blueteam
GitHub
GitHub - fofapro/fapro: Fake Protocol Server
Fake Protocol Server. Contribute to fofapro/fapro development by creating an account on GitHub.
A post exploitation framework designed to operate covertly on heavily monitored environments
https://blog.dylan.codes/shad0w/
https://blog.dylan.codes/shad0w/
NMAP noscript for CVE-2021-41773 (Path Traversal on Apache HTTP Server 2.4.49).
https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse
#apache #nmap
https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse
#apache #nmap
GitHub
PersonalStuff/http-vuln-cve-2021-41773.nse at master · RootUp/PersonalStuff
Upload files done during my research. Contribute to RootUp/PersonalStuff development by creating an account on GitHub.
New version of #BurpSuite Exporter extension.
Fixed minor bugs, added support for HTML Forms, Ruby Net::HTTP, JavaScript XHR and a Tab to search HTTP Requests.
https://github.com/artssec/burp-exporter
#bugbounty #bugbountytips
Fixed minor bugs, added support for HTML Forms, Ruby Net::HTTP, JavaScript XHR and a Tab to search HTTP Requests.
https://github.com/artssec/burp-exporter
#bugbounty #bugbountytips
GitHub
GitHub - artssec/burp-exporter: Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming…
Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions. - artssec/burp-exporter