hacker_trick | Unsorted

Telegram-канал hacker_trick - Real profit

2941

Just invest your time

Subscribe to a channel

Real profit

Attacking PowerShell CLIXML Deserialization
https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization

Читать полностью…

Real profit

This repository aims to help you mastering NetExec for your next pentest engagement by allowing you to build the workshop of your choice and experiment with it
https://github.com/Pennyw0rth/NetExec-Lab

Читать полностью…

Real profit

From Amos to Poseidon | A SOC Team’s Guide to Detecting macOS Atomic Stealers 2024
https://www.sentinelone.com/blog/from-amos-to-poseidon-a-soc-teams-guide-to-detecting-macos-atomic-stealers-2024

Читать полностью…

Real profit

The Art of Exploiting Active Directory from Linux
https://gatari.dev/posts/the-art-of-exploiting-ad-from-linux

Читать полностью…

Real profit

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools that attackers might have used in actual attacks. These tools and TTPs are simulated here
https://github.com/S3N4T0R-0X0/APT-Attack-Simulation

Читать полностью…

Real profit

dynamic HTTP/s Payload Stager that automates updating decryption variables, saving time and effort in managing shellcode loaders
https://github.com/WafflesExploits/Dynamic-HTTP-Payload-Stager

Читать полностью…

Real profit

Passworld is a fully customizable wordlist generator
https://github.com/SilvestriF3/Passworld

Читать полностью…

Real profit

Phishing with a fake reCAPTCHA
https://github.com/JohnHammond/recaptcha-phish

Читать полностью…

Real profit

Python3 rewrite of AsOutsider features of AADInternals
https://github.com/synacktiv/AADOutsider-py

Читать полностью…

Real profit

NtDumpBOF: BOF port of the tool NativeDump
https://github.com/deh00ni/NtDumpBOF

Читать полностью…

Real profit

This BOF can be used to identify processes that hold handles to a given file. This can be useful to identify which process is locking a file on disk
https://github.com/Octoberfest7/enumhandles_BOF

Читать полностью…

Real profit

EchoStrike is a tool designed to generate undetectable reverse shells and perform process injection on Windows systems
https://github.com/stivenhacker/EchoStrike

Читать полностью…

Real profit

A bunch of scripts to reduce friction when pentesting Active Directory from Linux
https://github.com/dadevel/impacket-zsh-integration

Читать полностью…

Real profit

Windows AppLocker Driver LPE – CVE-2024-21338
https://www.crowdfense.com/windows-applocker-driver-lpe-vulnerability-cve-2024-21338

Читать полностью…

Real profit

DeadPotato: is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges
https://github.com/lypd0/DeadPotato

Читать полностью…

Real profit

Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine
https://github.com/S3N4T0R-0X0/BEAR

Читать полностью…

Real profit

Windows Hyper-V Elevation of Privilege Vulnerability
https://github.com/pwndorei/CVE-2024-38127
Exploit for Veeam backup and Replication Pre-Auth Deserialization CVE-2024-40711
https://github.com/watchtowrlabs/CVE-2024-40711

Читать полностью…

Real profit

Acquiring Malicious Browser Extension Samples on a Shoestring Budget
https://pberba.github.io/crypto/2024/09/14/malicious-browser-extension-genesis-market

Читать полностью…

Real profit

ScriptBlock Smuggling
https://dfir.ch/posts/scriptblock_smuggling

Читать полностью…

Real profit

XSSpector: A powerful tool for detecting XSS vulnerabilities in web apps. Advanced detection, customizable payloads, proxy support, and cookie management
https://github.com/Vigrahak/XSSpector

Читать полностью…

Real profit

Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode
https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode

Читать полностью…

Real profit

Loading BOF & ShellCode without executable permission
https://github.com/HackerCalico/No_X_BOF-ShellCode

Читать полностью…

Real profit

Elevate Your Skills - From COM object fundamentals to UAC bypasses

Читать полностью…

Real profit

Analyse MSI files for vulnerabilities
https://github.com/CICADA8-Research/MyMSIAnalyzer

Читать полностью…

Real profit

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out
https://github.com/shaddy43/BrowserSnatch

Читать полностью…

Real profit

Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, and install AnyDesk for persistent remote access
https://github.com/alexdhital/Infiltrax

Читать полностью…

Real profit

Dump Kerberos tickets from the KCM database of SSSD
https://github.com/synacktiv/kcmdump

Читать полностью…

Real profit

Car Hacking: The ultimate guide! — Part II
redfanatic7/car-hacking-the-ultimate-guide-part-ii-445fe022a07c" rel="nofollow">https://medium.com/@redfanatic7/car-hacking-the-ultimate-guide-part-ii-445fe022a07c

Читать полностью…

Real profit

Teaching the Old .NET Remoting New Exploitation Tricks
https://code-white.com/blog/teaching-the-old-net-remoting-new-exploitation-tricks

Читать полностью…

Real profit

Create your own custom implant
https://www.ribbiting-sec.info/posts/2024-07-31_implant

Читать полностью…
Subscribe to a channel