CVE-2023-21768 Local Privilege Escalation POC
For demonstration purposes only. Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems:
https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768
For demonstration purposes only. Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems:
https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768
GitHub
GitHub - chompie1337/Windows_LPE_AFD_CVE-2023-21768: LPE exploit for CVE-2023-21768
LPE exploit for CVE-2023-21768. Contribute to chompie1337/Windows_LPE_AFD_CVE-2023-21768 development by creating an account on GitHub.
BlueHat 2023 security conference video
from Microsoft Security Response Center (MSRC)
— https://www.youtube.com/playlist?list=PLXkmvDo4MfusWp9f7IHT9xAPCkN2ZSm2L
from Microsoft Security Response Center (MSRC)
— https://www.youtube.com/playlist?list=PLXkmvDo4MfusWp9f7IHT9xAPCkN2ZSm2L
GOAD (Game Of Active Directory) - version 2
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques:
-- https://github.com/Orange-Cyberdefense/GOAD
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques:
-- https://github.com/Orange-Cyberdefense/GOAD
Mini Robot Enters Blood Vessels
Researchers demonstrate proof of concept in a pig’s artery:
— https://spectrum.ieee.org/mini-robot-surgeon
Researchers demonstrate proof of concept in a pig’s artery:
— https://spectrum.ieee.org/mini-robot-surgeon
Active Directory Cheatsheet with code examples
- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…
— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory
- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…
— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory
hideandsec.sh
Active Directory | HideAndSec
This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and labs,...
Debugging D-Link: Emulating firmware and hacking hardware
— https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware
— https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware
www.greynoise.io
Debugging D-Link: Emulating firmware and hacking hardware
GreyNoise researchers explain the process of how attackers gain footholds in organizations via exploiting weaknesses in device firmware, with a practical, working example of exploiting several vulnerabilities in D-Link routers.
Shells In Plain Sight – Storing Payloads In The Cloud
inside in a image…
— https://www.trustedsec.com/blog/shells-in-plain-sight-storing-payloads-in-the-cloud/
inside in a image…
— https://www.trustedsec.com/blog/shells-in-plain-sight-storing-payloads-in-the-cloud/
TrustedSec
Shells in Plain Sight - Storing Payloads in the Cloud
TL;DR: Encode payload in image file, host it publicly, and nobody's the wiser. Each pixel's data is encoded as RGB (Red, Green, and Blue). Figure 2 - RGB…
Abusing Microsoft Outlook 365 to Capture NTLM
— https://www.hackingarticles.in/abusing-microsoft-outlook-365-to-capture-ntlm/
— https://www.hackingarticles.in/abusing-microsoft-outlook-365-to-capture-ntlm/
Hacking Articles
Abusing Microsoft Outlook 365 to Capture NTLM
Learn how attackers exploit Microsoft Outlook to capture NTLM hashes, with detection and mitigation techniques for security teams.
Local privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)
https://github.com/wh0amitz/PetitPotato
https://github.com/wh0amitz/PetitPotato
GitHub
GitHub - wh0amitz/PetitPotato: Local privilege escalation via PetitPotam (Abusing impersonate privileges).
Local privilege escalation via PetitPotam (Abusing impersonate privileges). - wh0amitz/PetitPotato
Cross-site noscripting (XSS) cheat sheet
-- https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet#assignable-protocol-with-location
-- https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet#assignable-protocol-with-location
portswigger.net
Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security Academy
Interactive cross-site noscripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.
CVE-2023-23397_EXPLOIT_0DAY
Exploit for the CVE-2023-23397 Credit to domchell
— https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
Exploit for the CVE-2023-23397 Credit to domchell
— https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
GitHub
GitHub - sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY: Exploit for the CVE-2023-23397
Exploit for the CVE-2023-23397. Contribute to sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY development by creating an account on GitHub.
Forwarded from Sys-Admin InfoSec
Good News and New Changes in Sys-Admin Open BLD ecosystem
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:
New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet
Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements
Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was foundament for this service)
Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:
New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet
Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements
Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was foundament for this service)
⚰Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛
Veeam Backup & Replication CVE-2023-27532 Response
PoC
— https://www.huntress.com/blog/veeam-backup-replication-cve-2023-27532-response
PoC
— https://www.huntress.com/blog/veeam-backup-replication-cve-2023-27532-response
Huntress
Veeam Backup & Replication CVE-2023-27532 Response | Huntress
We cover CVE-2023-27532, a vulnerability in the Veeam Backup & Replication component that allowed an unauthenticated user to retrieve host credentials.
Tools (from bottom to up):
— https://www.geeksforgeeks.org/brutex-open-source-tool-for-brute-force-automation/
— https://github.com/EmreOvunc/ARP-Poisoning-Tool
— https://charlesreid1.com/wiki/Kali/Layer_5_Attacks
— https://charlesreid1.com/wiki/Kali/Layer_4_Attacks
— https://charlesreid1.com/wiki/Kali/Layer_3_Attacks
— https://charlesreid1.com/wiki/Kali/Layer_2_Attacks
— https://charlesreid1.com/wiki/Kali/Layer_1_Attacks
— https://www.geeksforgeeks.org/brutex-open-source-tool-for-brute-force-automation/
— https://github.com/EmreOvunc/ARP-Poisoning-Tool
— https://charlesreid1.com/wiki/Kali/Layer_5_Attacks
— https://charlesreid1.com/wiki/Kali/Layer_4_Attacks
— https://charlesreid1.com/wiki/Kali/Layer_3_Attacks
— https://charlesreid1.com/wiki/Kali/Layer_2_Attacks
— https://charlesreid1.com/wiki/Kali/Layer_1_Attacks
Chaos-Rootkit
Is a x64 kernel-mode rootkit that can hide processes or elevate their privileges, work on the latest Windows versions:
— https://github.com/ZeroMemoryEx/Chaos-Rootkit
Is a x64 kernel-mode rootkit that can hide processes or elevate their privileges, work on the latest Windows versions:
— https://github.com/ZeroMemoryEx/Chaos-Rootkit
GitHub
GitHub - ZeroMemoryEx/Chaos-Rootkit: Now You See Me, Now You Don't
Now You See Me, Now You Don't . Contribute to ZeroMemoryEx/Chaos-Rootkit development by creating an account on GitHub.