DarkWidow – A Stealthy Windows Dropper And Post-Exploitation Tool

0

A formidable tool tailored for both dropper and post-exploitation scenarios on Windows systems. With its sophisticated capabilities including dynamic syscall invocation, process injection, and PPID spoofing, DarkWidow emerges as a potent weapon in the arsenal of cyber adversaries. This article delves into its functionalities, compile instructions, and evasion tactics, shedding light on its intricate workings and potential implications for...

Cobalt-Strike-Profiles-For-EDR-Evasion + SourcePoint Is A C2 Profile Generator For Cobalt Strike

0

Bypassing Memory Scanners The recent versions of Cobalt Strike have made it so easy for the operators to bypass memory scanners like BeaconEye and Hunt-Sleeping-Beacons. The following option will make this bypass possible: set sleep_mask "true"; By enabling this option, Cobalt Strike will XOR the heap and every image section of its beacon prior to sleeping, leaving no string or...

Living Off The LandLeaked Certificates (LoLCerts) – Unveiling The Underworld

0

Threat actors are known to sign their malware using stolen, or even legally acquired, code signing certificates. This threat is becoming more relevant as more and more defenses are relying on digital signatures for allowing or not execution on an endpoint. This project aims at collecting the details of the certificates that are known to be abused in the...

Powershell Digital Forensics And Incident Response (DFIR) – Leveraging Scripts For Effective Cybersecurity

0

This repository contains multiple PowerShell scripts that can help you respond to cyber attacks on Windows Devices. The following Incident Response scripts are included: DFIR Script: Collects all items as listed in section DFIR Script. CollectWindowsEvents: Collects all Windows events and outputs it as CSV. CollectWindowsSecurityEvents: Collects all Windows security events and outputs it as CSV. CollectPnPDevices: Collects all Plug and Play devices, such as...

CVE-2023-4427 – Unveiling Chrome Vulnerability Exploitation And Mitigation Strategies

0

In this article, we delve into the intricacies of a recently discovered vulnerability in Google Chrome, identified as CVE-2023-4427. Discovered by glazunov and originating from the v8ctf platform, this vulnerability poses significant risks to users of Chrome version 117.0.5938.62 on Linux systems. We explore the methods utilized to exploit this vulnerability, including bypassing Address Space Layout Randomization (ASLR) and...

CVE-2024-20931 – Bypassing Patched Vulnerabilities In Oracle WebLogic

0

A vulnerability that serves as a bypass for the patched CVE-2023-21839 in Oracle WebLogic. This article delves into the exploit's mechanics, showcasing its usage and providing insights into its development and implications within the cybersecurity landscape. CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839 Oracle Weblogic Usage: Setup JNDI, the specific one Exploit: java -jar CVE-2024-20931.jar Please input target IP:127.0.0.1 Please input...

Automated Multi UAC Bypass – Streamlining Elevation Across Windows Versions

0

In today's digital landscape, navigating User Account Control (UAC) prompts efficiently across various Windows operating system versions is a critical aspect of system administration and security testing. This article explores an innovative approach to automate UAC bypasses, offering a seamless experience tailored for a spectrum of Windows versions, including Windows 10, Windows 11, Windows Server 2019, and Windows Server...

Clight GUI – Empowering Users With A User-Friendly Interface For Brightness Control On Linux

0

A graphical user interface built on Qt, designed to streamline the configuration and control of Clight and Clightd daemons. With features like tray applets for easy access to settings and seamless integration with the latest versions of Clight and Clightd, this tool offers Linux users a convenient solution for managing brightness settings. Explore how Clight GUI enhances your Linux...

io_uring_LPE-CVE-2023-2598 : Analysis Of The Conquering Memory Exploit

0

We dissect the exploit's mechanisms, shedding light on how it manipulates memory through io_uring. By delving into the technical nuances, we aim to provide a comprehensive understanding of this critical security issue for educational and research purposes. LPE exploit for CVE-2023-2598. My write-up of the vulnerability: Conquering the memory through io_uring - Analysis of CVE-2023-2598 You can compile the exploit with gcc exploit.c -luring...

TPM Sniffing – Unveiling Methods To Retrieve Bitlocker Keys Through Hardware Communication Channels

0

Retrieving Bitlocker keys from the TPM using SPI, I2C or LPC communications requires an understanding of the specific protocol supported by the TPM chip, as well as the device's make and model. Proper documentation and research are essential for successful key retrieval. This repo is to collaborate all the awesome resources and information hopefully into one place! NOTE: I'm 100%...