hacker_trick | Unsorted

Telegram-канал hacker_trick - Real profit

2941

Just invest your time

Subscribe to a channel

Real profit

Escalating Privileges in Google Cloud via Open Groups 
https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups

Читать полностью…

Real profit

Binary Hollowing
https://github.com/timwhitez/BinHol

Читать полностью…

Real profit

Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1

Читать полностью…

Real profit

Local KDC for Windows: This is an example program that can run a Kerberos Key Distribution Center (KDC) on a Windows host and have Windows authenticate to that without joining it to a domain
https://github.com/jborean93/LocalKdc

Читать полностью…

Real profit

DockerSpy: searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more
https://github.com/UndeadSec/DockerSpy

Читать полностью…

Real profit

ICMTC Finals Digital Forensics Challenges
ELJoOker/icmtc-finals-digital-forensics-challenges-50d358ccf5c7" rel="nofollow">https://medium.com/@ELJoOker/icmtc-finals-digital-forensics-challenges-50d358ccf5c7

Читать полностью…

Real profit

How to Leverage PowerShell Profiles for Lateral Movement
https://practicalsecurityanalytics.com/how-to-leverage-powershell-profiles-for-lateral-movement

Читать полностью…

Real profit

Specula - Turning Outlook Into a C2 With One Registry Change
https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change

Читать полностью…

Real profit

Hellshazzard: Indirect Syscall implementation to bypass userland NTAPIs hooking
https://github.com/Faran-17/Hellshazzard

Читать полностью…

Real profit

Threat Hunting - Suspicious Named pipes
https://mthcht.medium.com/threat-hunting-suspicious-named-pipes-a4206e8a4bc8

Читать полностью…

Real profit

In the 3.3.5a WoW client there is a  RCE that allows any private server owner to inject and run arbitrary code on your computer. This patcher will modify your WoW executable file to fix the exploit
https://github.com/stoneharry/RCEPatcher

Читать полностью…

Real profit

CheckUACBypass.ps1 is a PowerShell script designed to test if certain executables can be used to bypass UAC
https://github.com/AngeTia/CheckUACBypass

Читать полностью…

Real profit

BYOVD Technique Example using viragt64 driver
https://github.com/CyberSecurityUP/ProcessKiller-BYOVD

Читать полностью…

Real profit

PDF dropper Red Team Scenairos
https://github.com/0x6rss/pdfdropper

Читать полностью…

Real profit

timebased blind sqli with 99% success rate
https://github.com/coffinxp/BSQLi

Читать полностью…

Real profit

Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows
https://github.com/WKL-Sec/LayeredSyscall

Читать полностью…

Real profit

Credential Disclosure in LastPass
https://certitude.consulting/blog/en/credential-disclosure-in-lastpass

Читать полностью…

Real profit

Exploit for CVE-2024-36401 GeoServer RCE
https://github.com/Chocapikk/CVE-2024-36401
Outlook CVE-2024-21413 for RCE. Hacking through a letter
https://blog.injectexp.dev/outlook-cve-2024-21413-for-rce-hacking-through-a-letter/07/rce

Читать полностью…

Real profit

URL Requester: is an advanced multi-protocol request tool designed for performing HTTP requests to multiple URLs with comprehensive support for proxy usage, rate limiting, and other advanced features
https://github.com/Mr-dark55/URL-RequESTER

Читать полностью…

Real profit

Android malware (.apk) can be spread through a fake PDF document by manipulating the file extension in the WhatsApp application
https://github.com/0x6rss/WhatsApp-extension-manipulation-PoC

Читать полностью…

Real profit

How To Find And Exploit Information Disclosure Vulnerabilities
shaikhminhaz1975/step-by-step-guide-to-finding-information-disclosure-vulnerabilities-7a2ee33a82cd" rel="nofollow">https://medium.com/@shaikhminhaz1975/step-by-step-guide-to-finding-information-disclosure-vulnerabilities-7a2ee33a82cd

Читать полностью…

Real profit

[Shellcode x64] Find and execute WinAPI functions with Assembly
https://print3m.github.io/blog/x64-winapi-shellcoding

Читать полностью…

Real profit

.NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit is loading a malicious DLL using Task Scheduler (MMC) to bypass UAC and getting admin privileges
https://github.com/Offensive-Panda/.NET_PROFILER_DLL_LOADING

Читать полностью…

Real profit

Double Dipping Cheat Developer Gets Caught Red-Handed
https://www.cyberark.com/resources/threat-research-blog/double-dipping-cheat-developer-gets-caught-red-handed

Читать полностью…

Real profit

Abusing PIM-related application permissions in Microsoft Graph - Part 1
https://www.emiliensocchi.io/abusing-pim-related-application-permissions-in-microsoft-graph-part-1

Читать полностью…

Real profit

Exploit Searchor 2.4.0 RCE
https://github.com/b0ySie7e/Exploit_Searchor_2.4.0_RCE

Читать полностью…

Real profit

A tool for manual or automatic patch shellcode into binary file Oder to bypass AV
https://github.com/yj94/BinarySpy

Читать полностью…

Real profit

Process Injection using Thread Name
https://github.com/hasherezade/thread_namecalling

Читать полностью…

Real profit

Database Hacking with common SQL Injection commands
redfanatic7/database-hacking-with-common-sql-injection-commands-c33b049554fe" rel="nofollow">https://medium.com/@redfanatic7/database-hacking-with-common-sql-injection-commands-c33b049554fe

Читать полностью…

Real profit

Deep Sea Phishing Pt. 1
https://posts.specterops.io/deep-sea-phishing-pt-1-092a0637e2fd

Читать полностью…
Subscribe to a channel