CyRC Advisory: CVE-2024-5185 - AI Web Application Data Poisoning Vulnerability |
CyRC Advisories: Remote Code Execution Vulnerabilities in Different Mouse and Keyboard Applications |
Nmap Detection Scripts for CVE-2022-45477, CVE-2022-45479, CVE-2022-45482, CVE-2022-45481 |
Quick and Dirty Reconnaissance and Vulnerability Scanning Tool |
Multiple RCEs in Different Mouse and Keyboard Applications |
Nginx 0.6.18 < 1.20.1 Memory Overwrite Vulnerability Proof of Concept CVE-2021-23017 |
Automating the build of a Vulnerable AD environment (IaC) |
Multiple Web Vulnerabilities on Rumble Mail Server 0.51.3135 CVE-2021-43459 CVE-2021-43461 CVE-2021-43462 |
Presentation Hacking From the Sky - Building a Penetration Testing UAV prototype |
@Miner Automated Vulnerability Discovery and Exploitation in Windows Applications |
Applied Purple Teaming Series ( Attack, Detect, & Defend ) Part 3 |
Applied Purple Teaming Series ( Weaponize Windows ) Part 2 |
Applied Purple Teaming Series ( The Virtual Environment ) Part 1 |
Microsoft security researcher acknowledgment May 31, 2021 |
Git Scanner: Detect Sensitive Data in Organization Repositories |
Windows Memory-Injected Malware Detection Freeware Comparison |
Resource Efficient Internal Network Honeypots (Homelab) |
Studying Sysmon’s Ability to Detect Process Injections Using Different Configuration Schemas |
Ansible playbook designed to configure and deploy rsyslog, Wazuh, Kolide Fleet launcher, OSquery, and Winlogbeat for Windows and Linux (Blue-Team) |
“It's ours now” is a C# tool that collects unpacked/downloaded files using Windows event handlers (Malware-analysis) |
Playbook that randomly selects malware and deploys it to add a layer of difficulty when practicing IR & Threat Hunting (Blue-Team) |
Traccar GPS Tracking System service path vulnerability CVE-2021-21292 |
Unquoted service path on Veyon Microsoft Windows LPE CVE-2020-15261 |
Machine Learning Approach to Guess Passwords via Microphones Write-up & PoC (Red-Team) |
Developing Use Cases That Nefariously Utilize Twitter’s API For The Purpose of Building Covert Communications Talk & Paper (Red-Team) |
Malicious patch for Pfsense router to perform Red Team activities Bfsense (Red-Team) |
RosarioSIS 6.7.2 Reflected Cross-Site Scripting CVE-2020-15718, CVE-2020-15717, CVE-2020-15716, CVE-2020-15721 |
RosarioSIS < 6.5.1 Reflected Cross-Site Scripting CVE-2020-13278 |
Scalable infrastructures for Red/Blue/Gray-Team themed competitions Stateless (IaC) |
Google Chrome Extension Automates Testing Fundamental Web Problems (Pentesting) |
In-memory implant that uses C# techniques to bypasses Windows Firewall and Defender C2 (Red-Team) |
Processes To Watch For Unwanted & Unexpected Blue Team Actions Windows Persistence (Red-Team) |
rConfig Network Device Configuration Management 3.9.5 RCE CVE-2020-15715 |
rConfig Network Device Configuration Management 3.9.5 SQLi CVE-2020-15714, CVE-2020-15713 |
rConfig Network Device Configuration Management 3.9.5 LFI CVE-2020-15712 |
Integrated Windows rootkit projects and persistence techniques Nemo (Red-Team) |
Post-exploitation C2 that targets browsers Write-up & tool (Red-Team) |
Malicious process monitors and infects specific kinds of files (Red-Team) |
Admidio version 3.3.13 Unauthenticated SQLi CVE-2020-11004 |
C2 project controls a self-propagating MS17-010 worm M-Botnet (Red-Team) |
CellTower is credentials, events, and any data logging tool QSearchSploit (Red-Team) |
Leantime management system < 2.0.15 BSQL Injection CVE-2020-5292 |
Customizing Searchsploit outputs from Kali Linux QSearchSploit (Tool) |
Preparation material to prepare for AWAE course (Resources) |
Hidden in Plain Sight: Developing Use Cases That Nefariously Utilize Twitter’s API For The Purpose of Building Covert Communications |
Information theft through covert channel by exploiting HTTP Post method (PoC) |
PWNDashboard, Engagements and competitions dashboard (Red-Team) |
Ansible playbook to customize Kali Linux Kai-TX (Tool) |
Clearview, Web Application Challenge (Education) |
BlueDucky, Creates a list of USB-Rubber-Ducky instructions (Blue-Team) |
DHCP Starvation & DHCP Spoofing attacks On Cisco Network Switches (Infrastructure Security) |
Integrating C3 With Cobalt Strike via ExternalC2 And Studying Their Behavior |
Windows Exploit Development: Egg Hunting |
Windows Exploit Development: Unicode and Venetian shellcode techniques |
Detecting Bugs Using Network Protocol Fuzzing |
Exploit Development: Utilizing imported functions |
Exploit Development: Manually Encode Bytes & Shellcode Carving |
TorMultiplier creates multiple Tor sockets PoC |
Simple CLI web Intruder that uses Netcat |