Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130)
https://github.com/BitsByWill/ksmbd-n-day
https://github.com/BitsByWill/ksmbd-n-day
GitHub
GitHub - BitsByWill/ksmbd-n-day: Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130
Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130 - BitsByWill/ksmbd-n-day
EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
https://github.com/TwoSevenOneT/EDR-Freeze
https://github.com/TwoSevenOneT/EDR-Freeze
GitHub
GitHub - TwoSevenOneT/EDR-Freeze: EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state. - TwoSevenOneT/EDR-Freeze
Let's start 2026 with a major Responder update!
It now supports:
- CLDAP ping pong to SMB auth.
- SNMPv3 authentication and hashes.
- New rogue Kerberos server forcing AS-REQ when receiving TGS-REQ + support for Kerberos type 17/18 hashes.
- IMAP support for NTLM authentication.
- SMTP support for AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM authentication.
- DCE-RPC server now supports SAMR, SRVSVC, WKSSVC, WINREG, SVCCTL, ATSVC, DNSSERVER
- DNS server now supports SOA, MX, SRV, ANY, etc
-> SOA -> Appear as the authoritative DNS server
-> MX poisoning → Email client connects to rogue SMTP/IMAP → capture credentials
-> SRV poisoning → Domain services connect to rogue SMB/LDAP/Kerberos → capture NTLM/AS-REQ
- LDAP GSSAPI, GSS-SPNEGO, NTLM, DIGEST-MD5
https://github.com/lgandx/Responder
It now supports:
- CLDAP ping pong to SMB auth.
- SNMPv3 authentication and hashes.
- New rogue Kerberos server forcing AS-REQ when receiving TGS-REQ + support for Kerberos type 17/18 hashes.
- IMAP support for NTLM authentication.
- SMTP support for AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM authentication.
- DCE-RPC server now supports SAMR, SRVSVC, WKSSVC, WINREG, SVCCTL, ATSVC, DNSSERVER
- DNS server now supports SOA, MX, SRV, ANY, etc
-> SOA -> Appear as the authoritative DNS server
-> MX poisoning → Email client connects to rogue SMTP/IMAP → capture credentials
-> SRV poisoning → Domain services connect to rogue SMB/LDAP/Kerberos → capture NTLM/AS-REQ
- LDAP GSSAPI, GSS-SPNEGO, NTLM, DIGEST-MD5
https://github.com/lgandx/Responder
GitHub
GitHub - lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication…
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat...