https://lots-project.com/
Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain. Website design credits: LOLBAS & GTFOBins.
https://filesec.io/
Stay up-to-date with the latest file extensions being used by attackers.
If you would like to contribute
https://malapi.io/
Malware API
by https://twitter.com/mrd0x

This is the exploit for CVE-2022-27666, a vulnerability that achieves local privilege escalation on the latest Ubuntu Desktop 21.10.Our preliminary experiment shows this vulnerability affects the latest Ubuntu, Fedora, and Debian. Our exploit was built to attack Ubuntu Desktop 21.10.
https://github.com/plummm/CVE-2022-27666
#LPE

#spring cloud #RCE 3 to 3.2.2
https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE

#Notion (the notetaking app) as a #C2.
https://github.com/mttaggart/OffensiveNotion

Spring4shell- pw:infected

اپ آسیب پذیر به #Spring4shell :
https://github.com/jbaines-r7/spring4shell_vulnapp
اکسپلویت :
https://news.1rj.ru/str/Peneter_Tools/274
توضیحات اضافی :
https://news.1rj.ru/str/learnpentest/513
اسکنر spring4shell :
https://github.com/jfrog/jfrog-spring-tools
https://github.com/hillu/local-spring-vuln-scanner

Tools and PoCs for Windows syscall investigation.
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper

EventPipe - An IPC method to transfer binary data between processes using event objects
https://www.x86matthew.com/view_post?id=eventpipe

14 Payload Repositories to find all the required Payloads & Attack Vectors.
https://twitter.com/harshbothra_/status/1509870706347032579?s=20
Payloads All The Things
1. https://github.com/swisskyrepo/PayloadsAllTheThings
2. https://github.com/payloadbox/
3. https://github.com/s0md3v/AwesomeXSS
4. https://github.com/0xInfection/Awesome-WAF
5. https://github.com/omurugur/SQL_Injection_Payload
6. https://github.com/Muhammd/Awesome-Payloads
7. https://github.com/foospidy/payloads
8. https://github.com/1N3/IntruderPayloads
9. https://github.com/pgaijin66/XSS-Payloads
10. https://github.com/terjanq/Tiny-XSS-Payloads
11. https://github.com/chinarulezzz/pixload
12. https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
13. https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html
14. https://github.com/danielmiessler/SecLists

#Bugbounty Report Generator
https://buer.haus/breport/

A testing Red Team Infrastructure created with Docker
https://github.com/DFlavian/Red-Team-Infrastructure
+ Extra:
https://www.ired.team/offensive-security/red-team-infrastructure

وب شل soap روی IIS
https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap
https://github.com/0xbad53c/webshells/blob/main/iis/soapshell.soap

HaxUnit combines multiple active and passive subdomain enumeration tools and port scanning tools with vulnerability discovery tools.

https://github.com/Bandit-HaxUnit/haxunit

PoC Exploit Released for MacOS SUHelper Root Privilege Escalation (CVE-2022-22639)
https://github.com/jhftss/CVE-2022-22639

Boopkit :
* Remote code injection via TCP with malicious eBPF installed on the server.
* Tested on Linux kernel 5.17
* "This is NOT an exploit!"
https://github.com/kris-nova/boopkit
#linux #backdoor

Imuunity Canvas 03.10.2021

Improving software supply chain security
https://github.com/slsa-framework/slsa-github-generator-go
https://github.com/sigstore/sigstore
https://github.com/ossf/scorecard

https://security.googleblog.com/2022/04/improving-software-supply-chain.html

Borat Rat Source Code:
https://github.com/vxunderground/MalwareSourceCode/blob/main/Leaks/Win32/Win32.Borat.7z

nginx 1.18 zero day - just details
https://github.com/AgainstTheWest/NginxDay

#VMware Workspace ONE Access Server-side Template Injection CVE-2022-22954 #SSTI

https://github.com/sherlocksecurity/VMware-CVE-2022-22954/blob/main/CVE-2022-22954.yaml

nuclei Template for Detect:
https://github.com/projectdiscovery/nuclei-templates/pull/4113