A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.
https://github.com/RoseSecurity/Automator-Terminator

Atomic Red Team™ is library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
https://github.com/redcanaryco/atomic-red-team

A TCP proxy to simulate network and system conditions for #chaos and #resiliency #testing
https://github.com/Shopify/toxiproxy
#toxiproxy #TCPproxy

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
https://github.com/splunk/attack_range

Combine namp and masscan for fast scanning and identification tools Github: https://github.com/MrLion7/Lmap

#tools #Scanner

Proof-of-concept obfuscation toolkit for C# post-exploitation tools
https://github.com/xforcered/InvisibilityCloak
#POC #FUD

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://github.com/projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei-templates
#scanner #bugbounty

Turbolist3r is a fork of the #sublist3r #subdomain discovery tool. In addition to the original #OSINT capabilties of sublist3r, turbolist3r automates some analysis of the results, with a focus on subdomain takeover.
https://github.com/alex14324/Turbolist3r

A Series of Baseband & LMP Exploits against Bluetooth Classic Controllers
https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
https://wadcoms.github.io/

Backdoor
https://github.com/skerkour/black-hat-rust/tree/main/extra/backdoors
https://kerkour.com/rust-crate-backdoor/

Windows LPE 0day
https://github.com/klinix5/InstallerFileTakeOver
#0day #LPE #windows

LSA secrets Dumper
https://github.com/gtworek/PSBits/tree/master/LSASecretDumper

Log4j reverse shell : https://www.youtube.com/watch?v=oShZwiDTx9U
Exploit https://github.com/r00tkiiT/log4shell-vulnerable-app
MSrc:https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
@learnpentest

Same the Admin Explain: https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
Exploits: https://github.com/cube0x0/noPac
https://github.com/WazeHell/sam-the-admin
@learnpentest

CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes
https://blog.aquasec.com/cve-2022-0185-linux-kernel-container-escape-in-kubernetes
POC : https://github.com/Crusaders-of-Rust/CVE-2022-0185
#0day #Linux

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://www.ayrx.me/pwnkit-no-logs/
CVE-2021-4034 Exploit:
https://github.com/Ayrx/CVE-2021-4034
https://github.com/ly4k/PwnKit
#Exploit #LPE #linux