APT

5 RCEs in npm for $15,000 robertchen.cc/blog

Brute Force Wordlist Some files for bruteforcing certain things. https://github.com/random-robbie/bruteforce-lists #wordlist #bruteforce

CVE-2021-30632 — Chrome 0day

var a;
function foo() {
    a = new Uint32Array(100);
}
%PrepareFunctionForOptimization(foo);
foo();
foo();
a["xxx"] =1;
delete a["xxx"];
%OptimizeFunctionOnNextCall(foo);
foo();

#Chrome #0day #PoC

SpoolSploit SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full system access. https://github.com/BeetleChunks/SpoolSploit #ad #spooler #rpc

targetedKerberoast Kerberoast with ACL abuse capabilities https://github.com/ShutdownRepo/targetedKerberoast #kerberoasting #ad #spn

Kali Linux Tools Page Now you can learn more about all the tools that you can install in Kali. https://kali.org/tools/ #tools #cheatsheet #kali

Karma v2 Passive Open Source Intelligence Automated Reconnaissance Framework https://github.com/Dheerajmadhukar/karma_v2 #osint #recon

Active Directory Pentest Mindmap # https://github.com/Orange-Cyberdefense/arsenal/raw/master/mindmap/pentest_ad.png # https://www.xmind.net/m/5dypm8/ UPD (12.11.2021): https://raw.githubusercontent.com/Orange-Cyberdefense/arsenal/master/mindmap/pentest_ad.png #mindmap #ad #pentest

CVE-2021-40444 — Analysis https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/ #office #CVE_2021_40444 #exploit

Offensive WMI (Part 3) https://0xinfection.github.io/posts/wmi-registry-part-3/ #wmi

https://github.com/lockedbyte/CVE-2021-40444 #poc

CVE-2021-40444 https://pastebin.com/4e9LgNPe #office #payload

NimHollow Nim implementation of Process Hollowing using encrypted shellcodes and direct syscalls (NimlineWhispers by @ajpc500 is rocking 🔥). Some slides for better understanding of the technique are inside! https://github.com/snovvcrash/NimHollow #nim #edr #bypass #syscall

🔥OWASP Top 10 2021 DRAFT is out 🔥 Now available for peer review, comment, translation, and suggestions for improvements: owasp.org/Top10/ #OWASPTop10

https://twitter.com/buffaloverflow/status/1435596990650503168?s=21 #0day #office

RCE on a backend IIS server via file upload with an atypical file extension. More community curated payloads can be found at https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files/Extension%20ASP

AsINT Collection https://start.me/p/b5Aow7/asint_collection #OSINT #Recon

Backstab — Kill EDR Protected Processes Tool capable of killing antimalware protected processes by leveraging sysinternals’ Process Explorer (ProcExp) driver, which is signed by Microsoft. https://github.com/Yaxser/Backstab #edr #bypass #kill #process #unload

Kiterunner — Contextual Content Discovery Tool Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications. Modern application frameworks such as Flask, Rails, Express, Django and others follow the paradigm of explicitly defining routes which expect certain HTTP methods, headers, parameters and values. When using traditional content discovery tooling, such routes are often missed and cannot easily be discovered. By collating a dataset of Swagger specifications and condensing it into our own schema, Kiterunner can use this dataset to bruteforce API endpoints by sending the correct HTTP method, headers, path, parameters and values for each request it sends. https://github.com/assetnote/kiterunner #kiterunner #discovery #tools