Forwarded from SoheilSec (Soheil Hashemi)
یک تکنیک جدید جهت احراز هویت اجباری ADCS
https://github.com/decoder-it/ADCSCoercePotato
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
#ردتیم
https://github.com/decoder-it/ADCSCoercePotato
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
#ردتیم
Keylogging in the Windows kernel with undocumented data structures
https://github.com/eversinc33/Banshee
https://eversinc33.com/posts/kernel-mode-keylogging/
https://github.com/eversinc33/Banshee
https://eversinc33.com/posts/kernel-mode-keylogging/
GitHub
GitHub - eversinc33/Banshee: Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features. - eversinc33/Banshee
Teler Real-time HTTP intrusion detection
https://github.com/kitabisa/teler
https://github.com/kitabisa/teler
Process Hypnosis: Debugger assisted control flow hijack
https://github.com/CarlosG13/Process-Hypnosis-Debugger-assisted-control-flow-hijack/tree/main
API : https://malapi.io/winapi/DebugActiveProcessStop
https://github.com/CarlosG13/Process-Hypnosis-Debugger-assisted-control-flow-hijack/tree/main
API : https://malapi.io/winapi/DebugActiveProcessStop
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
https://github.com/notselwyn/cve-2024-1086
https://github.com/notselwyn/cve-2024-1086
GitHub
GitHub - Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most…
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9...
Peneter Tools
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images. https://github.com/notselwyn/cve…
GitHub
GitHub - YuriiCrimson/ExploitGSM: Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5
Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5 - YuriiCrimson/ExploitGSM
lateral movement noscript that leverages the CcmExec service to remotely hijack user sessions.
https://github.com/mandiant/CcmPwn
https://github.com/mandiant/CcmPwn
GitHub
GitHub - mandiant/ccmpwn
Contribute to mandiant/ccmpwn development by creating an account on GitHub.
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
https://github.com/EvilBytecode/EDR-XDR-AV-Killer
https://github.com/EvilBytecode/EDR-XDR-AV-Killer
GitHub
GitHub - EvilBytecode/EDR-XDR-AV-Killer: Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by…
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver - EvilBytecode/EDR-XDR-AV-Killer
Process injection alternative
https://github.com/CICADA8-Research/IHxExec
https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
https://github.com/CICADA8-Research/IHxExec
https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
GitHub
GitHub - CICADA8-Research/IHxExec: Process injection alternative
Process injection alternative. Contribute to CICADA8-Research/IHxExec development by creating an account on GitHub.
EDR TELEMETRY BLOCKING VIA PERSON-IN-THE-MIDDLE ATTACKS
https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.
https://github.com/keywa7/keywa7
https://github.com/keywa7/keywa7
GitHub
GitHub - keywa7/keywa7: The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP…
The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION. - keywa7/keywa7
A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities
https://github.com/SafeBreach-Labs/WindowsDowndate
https://github.com/SafeBreach-Labs/WindowsDowndate
GitHub
GitHub - SafeBreach-Labs/WindowsDowndate: A tool that takes over Windows Updates to craft custom downgrades and expose past fixed…
A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities - SafeBreach-Labs/WindowsDowndate