An unexpected Redis sandbox escape affecting only Debian, Ubuntu, and other derivatives
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce

A newly discovered #vulnerability (CVE-2022-25636) in the Netfilter #firewall module of #Linux kernel could be exploited to gain root privileges on vulnerable systems, escape containers or cause a kernel panic.
https://github.com/Bonfee/CVE-2022-25636

RCE exploit for dompdf
https://positive.security/blog/dompdf-rce
https://github.com/positive-security/dompdf-rce

malfrat’s osint map:
https://map.malfrats.industries/

CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera
https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera

Source Code conti v3
https://anonfiles.com/b6Ha5eP7x2/conti_v3_7z

Top Search Engines for Cyber Security ⚡️📜
1️⃣http://censys.io – Censys Search Engine
2️⃣http://shodan.io – Search engine for Internet-connected devices
3️⃣http://viz.greynoise.io – GreyNoise Visualizer
4️⃣http://zoomeye.org – Cyberspace Search Engine
5️⃣http://onyphe.io – Cyber Defense Search Engine
6️⃣http://wigle.net – Wireless Network Mapping
7️⃣http://intelx.io – Intelligence X
8️⃣http://fofa.so – Cyberspace Security Search Engine
9️⃣http://hunter.io – OSINT Search Engine
🔟http://zorexeye.com – Hacker’s Search Engine
https://twitter.com/HackerGautam/status/1506932786435100674?s=20&t=ZF5EObm8IZSuBqzRZU1sJA

Utility to craft HTML smuggled files for Red Team engagements
https://github.com/surajpkhetani/AutoSmuggle

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
https://github.com/XaFF-XaFF/Cronos-Rootkit

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
https://github.com/Sh0ckFR/DLLirant

LPE exploit targets Ubuntu 21.10 with kernel 5.13.0-37.
https://github.com/Bonfee/CVE-2022-0995
This is my exploit for CVE-2022-0995, an heap out-of-bounds write in the watch_queue Linux kernel component. It uses the same technique described in https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html.

CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7

https://github.com/RICSecLab/CVE-2019-0708

https://lots-project.com/
Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain. Website design credits: LOLBAS & GTFOBins.
https://filesec.io/
Stay up-to-date with the latest file extensions being used by attackers.
If you would like to contribute
https://malapi.io/
Malware API
by https://twitter.com/mrd0x

This is the exploit for CVE-2022-27666, a vulnerability that achieves local privilege escalation on the latest Ubuntu Desktop 21.10.Our preliminary experiment shows this vulnerability affects the latest Ubuntu, Fedora, and Debian. Our exploit was built to attack Ubuntu Desktop 21.10.
https://github.com/plummm/CVE-2022-27666
#LPE

#spring cloud #RCE 3 to 3.2.2
https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE

#Notion (the notetaking app) as a #C2.
https://github.com/mttaggart/OffensiveNotion

Spring4shell- pw:infected

اپ آسیب پذیر به #Spring4shell :
https://github.com/jbaines-r7/spring4shell_vulnapp
اکسپلویت :
https://news.1rj.ru/str/Peneter_Tools/274
توضیحات اضافی :
https://news.1rj.ru/str/learnpentest/513
اسکنر spring4shell :
https://github.com/jfrog/jfrog-spring-tools
https://github.com/hillu/local-spring-vuln-scanner

Tools and PoCs for Windows syscall investigation.
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper

EventPipe - An IPC method to transfer binary data between processes using event objects
https://www.x86matthew.com/view_post?id=eventpipe