RT x TEAM

@egeblc New tool drop! 🔥🔥 de-optimizer uses several mathematical approaches for mutating machine code instructions to their functional equivalents. Very good for bypassing rule-based detection without using any RWE memory. https://github.com/EgeBalci/deoptimizer

🖼️ RegreSSHion — OpenSSH Unauthenticated RCE The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems. 🔗 Research: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server 🔗 PoC: https://github.com/7etsuo/cve-2024-6387-poc #openssh #glibc #rce #cve

SingleFile saving a copy of a complete web page in one HTML file SingleFile is a web extension (and CLI tool) compatible with Chrome, Firefox, Microsoft Edge, Safari, Vivaldi, Brave, Waterfox, Yandexbrowser and Opera. - This repository will help you save a complete web page into a single HTML file. https://github.com/gildas-lormeau/SingleFile

Sundowndev - a collection of hacking tools, resources and links to ethical hacking practices. — This repository is an overview of what you need to learn penetration testing, as well as a collection of hacking tools, resources, and links for practicing ethical hacking. Most tools are UNIX compatible, free and open source. https://github.com/sundowndev/hacker-roadmap

Caldera - attacker emulation platform Caldera is a cybersecurity platform designed to easily automate adversary emulation, assist with manual RedTeam management, and automate incident response. — This tool allows you to conduct practical information security tests using various attack scenarios. Using the ATT&CK framework, the system emulates the attacker’s behavior as if a real invasion was occurring. https://github.com/mitre/caldera

BADUnboxing: Automated Android unpacker It works by locating and decompiling code inside the APK that is relevant to the unpacking process. Once Bad Unboxing detects packing, it automatically generates a new Java application based on the decompiled code https://github.com/LaurieWired/BadUnboxing

Smoke and Mirrors — Driver Signatures Are Optional ItsNotASecurityBoundary is an exploit that leverages False File Immutability assumptions in Windows Code Integrity (ci.dll) to trick it into accepting an improperly-signed security catalog containing fraudulent authentihashes. With attacker-controlled authentihashes loaded and trusted by CI, the kernel will load any driver of the attacker's choosing, even unsigned ones. 🔗 https://github.com/gabriellandau/ItsNotASecurityBoundary #driver #signature #bypass #ffi #windows