CVE ID: CVE-2025-56157 Date:12/18/2025 Vendor: LangGenius (Dify)Product: Dify Affected Versions: <= v1.5.1Vulnerability Type: Insecure Permissions / Default Credentials Severity: High (Remote Code Execution, Privilege Escalation, Information Disclosure)

This book equips readers with the knowledge and practical skills needed to excel in DevOps. From foundational concepts to advanced techniques, it covers the DevOps lifecycle, including version control, CI/CD, IaC, containerization, Kubernetes, observability, security integration, and site reliability engineering. Each chapter includes hands-on exercises using industry-standard tools like Docker, Jenkins, Terraform, and Prometheus

A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC-the-hash.

1. The lineage: IRC → HTTP/HTTPS → DGA & P2P → fast-flux → cloud/“legit” platforms → blockchain contracts.
2. Why on-chain C2 matters: immutable contracts, pseudonymous wallets, and payload retrieval over public RPC.
3. Trade-offs: resilience vs latency, and how transparency enables forensics even as takedowns get harder.
4. Practical detection: block JSON-RPC egress to public providers, use TLS/JARM and beacon-timing patterns, and watch for DNS tunneling.

Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.

A PoC implementation of an enahnced version of StackMoonwalk, which combines its original technique to remove the caller from the call stack, with a memory self-encryption routine, using ROP to both desynchronize unwinding from control flow and simultaneously encrypt the executing shellcode to hide it from inpection.

A Burp Suite extension for real-time sharing of HTTP traffic between team members with user-based highlighting.

This document outlines the results of a pentest and whitebox security review conducted against a number of Tor Project items. Test Targets: Network Metrics, Visualization Stack, Relay & Network Health Tools, Exit Relay Scanning, Bandwidth Measurement, Tor Core Code Changes

Explore zero-click exploits — stealthy, interactionless chains that evade defenses. Case studies reveal patch gaps and the need for stronger validation.

A tool that provides a web interface to easily perform GitHub Device Code phishing on red team engagements.

Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.

Boflink is a tool designed to act as a sort of fill-in for the missing linking stage that comes with the BOF development process. It is a linker that takes unmodified object files generated by a compiler and links them together into a Beacon Object File capable of being loaded by a BOF loader.

Its main goal is to act as a bridge between the BOF development and the BOF loading process to help simplify them.