Azure Outlook C2 – Unveiling Remote Control Of Windows Devices Via Outlook Mailbox
.webp "Azure Outlook C2 – Unveiling Remote Control Of Windows Devices Via Outlook Mailbox")
Azure Outlook Command And Control that uses Microsoft Graph API for C2 communications And data exfiltration. The intriguing world of 'Azure Outlook C2,' a cutting-edge cybersecurity development that leverages the power of the Microsoft Graph API for command and control (C2) communications and data exfiltration. In this article, we delve into the capabilities and implications of this novel approach,...
CsWhispers – Supercharge Your C# Project With D/Invoke And Indirect Syscalls
.webp "CsWhispers – Supercharge Your C# Project With D/Invoke And Indirect Syscalls")
Source generator to add D/Invoke and indirect syscall methods to a C# project. A game-changer for C# developers, CsWhispers is a source generator that effortlessly integrates D/Invoke and indirect syscall methods into your projects. This article provides a quick start guide, demonstrates its powerful features, and explores the potential for extending its capabilities. Join us on a journey to...
XLL Dropper – Mastering A Red Team’s Ultimate Weapon
.webp "XLL Dropper – Mastering A Red Team’s Ultimate Weapon")
Write XLL Dropper in c++ , a red teams most used dropper , learn how to be like a red teams and APT groups by building your XLL Dropper Before we dig deeper, what is the Hack Dropper, and what the Hack is the XLL Dropper what are the differences and when to use it and why to use it...
ExecIT – Unveiling A Fileless Execution Technique Ith Undetectable DLL Shellcode
.webp "ExecIT – Unveiling A Fileless Execution Technique Ith Undetectable DLL Shellcode")
DLL Shellcode self-inyector/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if victim endpoint has access to attacker-controlled SMB share. It is designed for use with rundll32 and has the potential to enable fileless execution when accessing an attacker-controlled SMB share. The tool claims to be undetected by several EDR solutions but emphasizes ethical...
C++ Standard Library And Qt, Python, etc. Implementation in C – Reviving the Spirit of C For Enhanced Development
.webp "C++ Standard Library And Qt, Python, etc. Implementation in C – Reviving the Spirit of C For Enhanced Development")
This project aims to reimplement the C++ standard library functionality using the C programming language. It provides C developers with tools and libraries commonly available in C++, enabling better data structure management, algorithm implementation, and feature usage while staying within the C language's ecosystem. A Personal Note From Me I undertake this project out of a deep affection for the C...
Awesome GPTs (Agents) For Cybersecurity – The Ultimate Guide
.webp "Awesome GPTs (Agents) For Cybersecurity – The Ultimate Guide")
The "Awesome GPTs (Agents) Repo" represents an initial effort to compile a comprehensive list of GPT agents focused on cybersecurity (offensive and defensive), created by the community. Please note, this repository is a community-driven project and may not list all existing GPT agents in cybersecurity. Contributions are welcome – feel free to add your own creations! Disclaimer: Users should exercise caution...
VPS-Bug-Bounty-Tools : Automating Web Security Tools Installation
.webp "VPS-Bug-Bounty-Tools : Automating Web Security Tools Installation")
Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty. Usage: cd /tmp && git clone https://github.com/drak3hft7/VPS-Bug-Bounty-Tools cd VPS-Bug-Bounty-Tools sudo ./Tools-BugBounty-installer.sh Example During Installation: List Of Tools Inserted: Network Scanner: Nmap Masscan Naabu Subdomain Enumeration And DNS Resolver: Massdns Subfinder Knock Lazyrecon Github-subdomains Sublist3r Crtndstry Assetfinder Dnsx Dnsgen Subdomain Takeovers: SubOver Web Fuzzer: Dirsearch Ffuf Wordlists: SecLists Scanner CMS: Wpscan Droopescan Vuln SQL: SQLmap NoSQLmap Jeeves Enumeration Javascript: LinkFinder SecretFinder JSParser Visual Recon: Aquatone Crawling Web: GoSpider Hakrawler Katana Vuln XSS: XSStrike XSS-Loader Freq Gxss Dalfox Vuln SSRF: SSRFmap Gopherus Vulnerability Scanner: Nuclei Virtual Host Discovery: Virtual host scanner Useful Tools: Anew Unew Gf Httprobe Httpx Waybackurls Arjun Gau Uro Qsreplace SocialHunter Update - Time Line: 28 September 2021: Inserted into the script...
Stardust – A Deep Dive Into A 64-Bit Position Independent Implant Template
An modern 64-bit position independent implant template. raw strings global instance compile time hashing #include <Common.h> #include <Constexpr.h> FUNC VOID Main( _In_ PVOID Param ) { STARDUST_INSTANCE PVOID Message = { 0 }; // // resolve kernel32.dll related functions // if ( ( Instance()->Modules.Kernel32 =...
Automated Emulation – Building A Customizable Breach And Attack Simulation Lab With AWS And Terraform
%20(1).webp "Automated Emulation – Building A Customizable Breach And Attack Simulation Lab With AWS And Terraform")
Automated Emulation is a simple terraform template creating a customizable and automated Breach and Attack Simulation lab. It automically builds the following resources hosted in AWS: One Linux server deploying Caldera, Prelude Operator Headless, and VECTR One Windows Client (Windows Server 2022) auto-configured for Caldera agent deployment, Prelude pneuma, and other Red And Blue tools See the Features and Capabilities section for more details. Key...
CVE-2023-22527 in Confluence : A Step-by-Step Guide And Its Implications
.webp "CVE-2023-22527 in Confluence : A Step-by-Step Guide And Its Implications")
In the world of cybersecurity, staying informed about the latest vulnerabilities is crucial. One such vulnerability that has garnered attention is CVE-2023-22527 in Confluence, a popular collaboration platform. In this article, we'll delve into the details of this vulnerability and provide a step-by-step guide on how it can be exploited. By the end, you'll gain a better understanding of...
