PE-bear (builds only). Contribute to hasherezade/pe-bear-releases development by creating an account on GitHub.

PetitPotam attack attempts to force the DC$ machine account in order to authenticate with the Active Directory Certificate Services and request for a certificate. This certificate can be imported into the current session of the user in order to request an…

CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can lead to an overflow in the cooked_buf…

Resources to help get started with IoT Pentesting - GitHub - adi0x90/IoT-Pentesting-Methodology: Resources to help get started with IoT Pentesting

To be fair, the attack chain is pretty straight forward. I kinda hope all the other vulnerabilities are easy to analyze like this one… log4j By looking at log4j’s official documents, it&#8217…

CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. - cube0x0/noPac

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user - GitHub - safebuffer/sam-the-admin: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from st...

The log4j #log4shell issue explained in 15 seconds:

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

Responder 3.1.1.0

A vulnerability was recently disclosed for the Java logging library, Log4j. The vulnerability is wide-reaching and affects both open source projects and enterprise software, meaning we need to understand how to ID and remediate it in our network environments.…

The purpose of this project is to demonstrate the Log4Shell exploit with Log4J vulnerabilities using PDF as delivery channel - eelyvy/log4jshell-pdf

Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community. - arainho/awesome-api-security

AV/EDR evasion via direct system calls. Contribute to jthuraisamy/SysWhispers2 development by creating an account on GitHub.