The sources of the Linux kernel exploitation technique called DirtyCred are now on GitHub. The attack, which was presented at Black Hat 2022 security conference, is a kernel exploitation concept that swaps unprivileged kernel credentials with privileged ones to escalate privileges without overwriting any critical data on the kernel heap.

https://github.com/Markakd/DirtyCred
#LPE

Named Pipe File System Elevation of Privilege Vulnerability CVE-2022-22715
https://github.com/k0keoyo/my_vulnerabilities/tree/master/CVE-2022-22715
Write up:
https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe
#LPE #Windows

CVE-2022-32250-Linux-Kernel-LPE
demo : https://www.youtube.com/watch?v=YqmwA6fPjKE
https://github.com/theori-io/CVE-2022-32250-exploit

UAC Bypass by abusing RPC and debug objects
https://github.com/Kudaes/Elevator

Bootkit for Windows Sandbox to disable DSE/PatchGuard.
https://github.com/thesecretclub/SandboxBootkit

Teamsniper is a tool for fetching keywords in a Microsoft Teams such as (passwords, emails, database, etc.).

https://github.com/xRET2pwn/Teamsniper

#Teamsniper #redteaming

#acunetix #webscanner

#netsparker #webscanner

#nessus #scanner

#appscan #scanner

#burpsuite #burpbounty

https://github.com/3xp0rt/LockBit-Black-Builder
#ransomware #lockbit

A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.
https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE