| CyRC Advisory: CVE-2024-5185 - AI Web Application Data Poisoning Vulnerability |
| CyRC Advisories: Remote Code Execution Vulnerabilities in Different Mouse and Keyboard Applications |
| Nmap Detection Scripts for CVE-2022-45477, CVE-2022-45479, CVE-2022-45482, CVE-2022-45481 |
| Quick and Dirty Reconnaissance and Vulnerability Scanning Tool |
| Multiple RCEs in Different Mouse and Keyboard Applications |
| Nginx 0.6.18 < 1.20.1 Memory Overwrite Vulnerability Proof of Concept CVE-2021-23017 |
| Automating the build of a Vulnerable AD environment (IaC) |
| Multiple Web Vulnerabilities on Rumble Mail Server 0.51.3135 CVE-2021-43459 CVE-2021-43461 CVE-2021-43462 |
| Presentation Hacking From the Sky - Building a Penetration Testing UAV prototype |
| @Miner Automated Vulnerability Discovery and Exploitation in Windows Applications |
| Applied Purple Teaming Series ( Attack, Detect, & Defend ) Part 3 |
| Applied Purple Teaming Series ( Weaponize Windows ) Part 2 |
| Applied Purple Teaming Series ( The Virtual Environment ) Part 1 |
| Microsoft security researcher acknowledgment May 31, 2021 |
| Git Scanner: Detect Sensitive Data in Organization Repositories |
| Windows Memory-Injected Malware Detection Freeware Comparison |
| Resource Efficient Internal Network Honeypots (Homelab) |
| Studying Sysmon’s Ability to Detect Process Injections Using Different Configuration Schemas |
| Ansible playbook designed to configure and deploy rsyslog, Wazuh, Kolide Fleet launcher, OSquery, and Winlogbeat for Windows and Linux (Blue-Team) |
| “It's ours now” is a C# tool that collects unpacked/downloaded files using Windows event handlers (Malware-analysis) |
| Playbook that randomly selects malware and deploys it to add a layer of difficulty when practicing IR & Threat Hunting (Blue-Team) |
| Traccar GPS Tracking System service path vulnerability CVE-2021-21292 |
| Unquoted service path on Veyon Microsoft Windows LPE CVE-2020-15261 |
| Machine Learning Approach to Guess Passwords via Microphones Write-up & PoC (Red-Team) |
| Developing Use Cases That Nefariously Utilize Twitter’s API For The Purpose of Building Covert Communications Talk & Paper (Red-Team) |
| Malicious patch for Pfsense router to perform Red Team activities Bfsense (Red-Team) |
| RosarioSIS 6.7.2 Reflected Cross-Site Scripting CVE-2020-15718, CVE-2020-15717, CVE-2020-15716, CVE-2020-15721 |
| RosarioSIS < 6.5.1 Reflected Cross-Site Scripting CVE-2020-13278 |
| Scalable infrastructures for Red/Blue/Gray-Team themed competitions Stateless (IaC) |
| Google Chrome Extension Automates Testing Fundamental Web Problems (Pentesting) |
| In-memory implant that uses C# techniques to bypasses Windows Firewall and Defender C2 (Red-Team) |
| Processes To Watch For Unwanted & Unexpected Blue Team Actions Windows Persistence (Red-Team) |
| rConfig Network Device Configuration Management 3.9.5 RCE CVE-2020-15715 |
| rConfig Network Device Configuration Management 3.9.5 SQLi CVE-2020-15714, CVE-2020-15713 |
| rConfig Network Device Configuration Management 3.9.5 LFI CVE-2020-15712 |
| Integrated Windows rootkit projects and persistence techniques Nemo (Red-Team) |
| Post-exploitation C2 that targets browsers Write-up & tool (Red-Team) |
| Malicious process monitors and infects specific kinds of files (Red-Team) |
| Admidio version 3.3.13 Unauthenticated SQLi CVE-2020-11004 |
| C2 project controls a self-propagating MS17-010 worm M-Botnet (Red-Team) |
| CellTower is credentials, events, and any data logging tool QSearchSploit (Red-Team) |
| Leantime management system < 2.0.15 BSQL Injection CVE-2020-5292 |
| Customizing Searchsploit outputs from Kali Linux QSearchSploit (Tool) |
| Preparation material to prepare for AWAE course (Resources) |
| Hidden in Plain Sight: Developing Use Cases That Nefariously Utilize Twitter’s API For The Purpose of Building Covert Communications |
| Information theft through covert channel by exploiting HTTP Post method (PoC) |
| PWNDashboard, Engagements and competitions dashboard (Red-Team) |
| Ansible playbook to customize Kali Linux Kai-TX (Tool) |
| Clearview, Web Application Challenge (Education) |
| BlueDucky, Creates a list of USB-Rubber-Ducky instructions (Blue-Team) |
| DHCP Starvation & DHCP Spoofing attacks On Cisco Network Switches (Infrastructure Security) |
| Integrating C3 With Cobalt Strike via ExternalC2 And Studying Their Behavior |
| Windows Exploit Development: Egg Hunting |
| Windows Exploit Development: Unicode and Venetian shellcode techniques |
| Detecting Bugs Using Network Protocol Fuzzing |
| Exploit Development: Utilizing imported functions |
| Exploit Development: Manually Encode Bytes & Shellcode Carving |
| TorMultiplier creates multiple Tor sockets PoC |
| Simple CLI web Intruder that uses Netcat |