WHAT'S NEW
- All
- Android
- Android
- Applications
- Blog
- Cyber security
- Database Assessment
- Exploitation Tools
- Forensics
- Hacking Tools
- Information Gathering
- iphone
- Kali Linux
- Kali Linux Tools
- Linux
- Malware
- New Post
- Password Attacks
- PCI
- Pentesting Tools
- Phishing
- Post Exploitation
- Security Hacker
- Sniffing/Spoofing
- software
- Stress Testing
- TECH
- Tech today
- Tutorials
- VPN
- Vulnerability Analysis
- Web Application Analysis
- Wi-Fi
- Wi-Fi
- Windows
- Wireless Attacks
- YECH
Vulnhuntr – Unleashing LLMs For Advanced Security Vulnerability Detection In Codebases
LsassReflectDumping – A Deep Dive Into Secure Credential Extraction Techniques
CVE-2024-30090 : LPE Proof Of Concept Detailed
Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration
go-exploitdb : A Comprehensive Guide To Managing Exploit Databases
WINDOWS PHONE
Beanshooter : JMX Enumeration And Attacking Tool
LATEST ARTICLES
Vulnhuntr – Unleashing LLMs For Advanced Security Vulnerability Detection In Codebases
Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing. See all the details including the Vulnhuntr output for all the 0-days here:...
LsassReflectDumping – A Deep Dive Into Secure Credential Extraction Techniques
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process. Steps Getting the handle of Lsass.exe process Cloning Lsass.exe process using RtlCreateProcessReflection (Process Forking) Using MINIDUMP_CALLBACK_INFORMATION callbacks to create cloned process minidump Confirming the dump content and size. Terminating the cloned...
CVE-2024-30090 : LPE Proof Of Concept Detailed
In the evolving landscape of cybersecurity, understanding the mechanisms behind vulnerabilities is crucial for both mitigation and responsible exploitation. This article dives into CVE-2024-30090, a significant Local Privilege Escalation (LPE) vulnerability uncovered by the renowned security researcher Angelboy and his team at DEVCORE. Here, we provide an in-depth analysis and a step-by-step Proof of Concept (PoC) for exploiting this...
Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration
Arena-Hard-Auto-v0.1 (See Paper) is an automatic evaluation tool for instruction-tuned LLMs. It contains 500 challenging user queries sourced from Chatbot Arena. We prompt GPT-4-Turbo as judge to compare the models' responses against a baseline model (default: GPT-4-0314). Notably, Arena-Hard-Auto has the highest correlation and separability to Chatbot Arena among popular open-ended LLM benchmarks (See Paper). If you are curious...
go-exploitdb : A Comprehensive Guide To Managing Exploit Databases
This is a tool for searching Exploits from some Exploit Databases. Exploits are inserted at sqlite database(go-exploitdb) can be searched by command line interface. In server mode, a simple Web API can be used. As the following vulnerabilities database ExploitDB(OffensiveSecurity) by CVE number or Exploit Database ID. GitHub Repositories Awesome Cve Poc inTheWild DB Docker Deployment There's a Docker image available docker pull vulsio/go-exploitdb. When using...
Awesome LLM AIOps: A Comprehensive Survey Of Incident
A list of awesome academic researches and industrial materials about Large Language Model (LLM) and Artificial Intelligence for IT Operations (AIOps). Content Awesome LLM AIOps Content Introduction Keywords Convention 1. LLM for Incident Management 1.1 Incident Lifecycle 1.2 Incident Reporting 1.3 Root Cause Analysis 1.4 Incident Mitigation 1.5 Incident Postmortem Analysis 1.6 AIOps Question Answering 2. LLM for Log Analysis 2.1 Log Parsing 2.2 Log Anomaly Detection 2.3 Logging Statement Generation Contribution Contributing to this paper list Introduction This...
PwnedPasswordsDownloader – Efficient Downloading Of HIBP Password Hashes Using Curl Parallelism
Thanks for HIBP and this downloader. At first I was considering using it, but the API of HIBP passwords is so easy that I wrote a small shell script for it. It was slow as hell, because it had no parallelism at all. It was far too slow for my taste, thus I was thinking about adding parallelism. And...
Cybersecurity Conferences – A Comprehensive Slide Collection
Comprehensive repository for presentation slides from major cybersecurity conferences held in 2023 and 2024. It provides quick access to the latest insights and research presented at these notable events, catering to professionals and enthusiasts in the field of cybersecurity. Conference presentation slides: Black Hat USA 2024 slides (3-8 August,2024) REcon 2024 Slides (28-30 Jun,2024) Offensivecon 2024 (May 10-11,2024 Berlin) Blackhat Asia 2024 (April 16-19,...
DLL Proxy Generator – Harnessing Advanced Proxy Capabilities
Generate a proxy dll for arbitrary dll, while also loading a user-defined secondary dll. In the evolving landscape of software development and security, the ability to customize and control application behaviors is paramount. The DLL Proxy Generator offers a robust solution by enabling the creation of proxy DLLs. This tool not only facilitates the proxying of any designated DLL but...
DLL Universal Patcher – A Comprehensive Guide To Advanced Binary Patching
DLL Universal Patcher is a flexible and convenient code patcher that doesn't touch the files on disk. It can be used for replacing any tasks that you'd otherwise achieve with on-disk patching, such as fixing old software on modern machines, or fixing bugs in others' software. In addition, due to more control over when the patching happens, it is...