Others Just useful resources & links

AztecPo · May 24, 2023

( sorry for the design, I'm just presenting useful information)

O.MG Cable

The O.MG Cable is a hand made USB cable with an advanced implant hidden inside. It is designed to allow your Red Team to emulate attack scenarios of sophisticated adversaries. Until now, a cable like this would cost $20,000 (ex: COTTONMOUTH-I). These cables will allow you to test new detection...

shop.hak5.org

O.MG Cable
The O.MG Cable is a hand made USB cable with an advanced implant hidden inside. It is designed to allow your Red Team to emulate attack scenario

Bash Bunny

The groundbreaking payload platform that introduced multi-vector USB attacks has evolved.Pull off covert attacks or IT automation tasks faster than ever with just the flick of a switch. The NEW Bash Bunny Mark II goes from plug to pwn in 7 seconds — so when the light turns green it's a hacked...

shop.hak5.org

(https://shop.hak5.org/products/bash-bunny)

The groundbreaking payload platform that introduced multi-vector USB attacks has evolved.Pull off covert attacks or IT automation

IOS reverse engineering

GitHub - kpwn/iOSRE: iOS Reverse Engineering

iOS Reverse Engineering. Contribute to kpwn/iOSRE development by creating an account on GitHub.

github.com

GitHub - Siguza/ios-resources: Useful resources for iOS hacking

Useful resources for iOS hacking. Contribute to Siguza/ios-resources development by creating an account on GitHub.

github.com

https://papers.put.as/papers/ios/2019/LucaPOC.pdf

GitHub - potmdehex/multicast_bytecopy: kernel r/w exploit for iOS 15.0 - 15.1.1

kernel r/w exploit for iOS 15.0 - 15.1.1. Contribute to potmdehex/multicast_bytecopy development by creating an account on GitHub.

github.com

https://www.reddit.com/r/jailbreak/comments/5zzgmo

Reverse engineering focusing on x64 Windows.

GitHub - 0xZ0F/Z0FCourse_ReverseEngineering: Reverse engineering focusing on x64 Windows.

Reverse engineering focusing on x64 Windows. Contribute to 0xZ0F/Z0FCourse_ReverseEngineering development by creating an account on GitHub.

github.com

GitHub - tylerha97/awesome-reversing: A curated list of awesome reversing resources

A curated list of awesome reversing resources. Contribute to tylerha97/awesome-reversing development by creating an account on GitHub.

github.com

GitHub - b01lers/welcome-to-ctf: A small repo to host b01lers' outline of what CTF is and how to get into it.

A small repo to host b01lers' outline of what CTF is and how to get into it. - GitHub - b01lers/welcome-to-ctf: A small repo to host b01lers' outline of what CTF is and how to get into it.

github.com

How to Learn Binary Exploitation Roadmap

https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN

GitHub - connormcgarr/Exploit-Development

Contribute to connormcgarr/Exploit-Development development by creating an account on GitHub.

github.com

GitHub - wtsxDev/Exploit-Development: Resources for learning about Exploit Development

Resources for learning about Exploit Development. Contribute to wtsxDev/Exploit-Development development by creating an account on GitHub.

github.com

GitHub - sathwikch/windows-exploitation

Contribute to sathwikch/windows-exploitation development by creating an account on GitHub.

github.com

Windows LPE via StorSvc

redteam-research/LPE via StorSvc at master · blackarrowsec/redteam-research

Collection of PoC and offensive techniques used by the BlackArrow Red Team - redteam-research/LPE via StorSvc at master · blackarrowsec/redteam-research

github.com

redteam-research
Collection of PoC and offensive techniques used by the BlackArrow Red Team - redteam-research/LPE via StorSvc
PoC: https://github.com/blackarrowsec/redteam-research/tree/master/LPE via StorSvc

PetitPotam: Local Privilege Escalation
Now PetitPotato can elevate to SYSTEM on the latest windows.

GitHub - wh0amitz/PetitPotato: Local privilege escalation via PetitPotam (Abusing impersonate privileges).

Local privilege escalation via PetitPotam (Abusing impersonate privileges). - GitHub - wh0amitz/PetitPotato: Local privilege escalation via PetitPotam (Abusing impersonate privileges).

github.com

Luxury Shield 12.8.9.0 - FUD Crypter

️
» Make your .exe undetectable (FUD) From all Anti-Virus «

Password : hack1ngt0ols

Luxury Shield 12.8.9.zip - AnonFiles

anonfiles.com

CVE-2022-25765 - PDFkit-CMD-Injection

GitHub - nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765: Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6

Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6 - GitHub - nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765: Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6

github.com

exploit for VMware vRealize Log Insight

GitHub - horizon3ai/vRealizeLogInsightRCE: POC for RCE using vulnerabilities described in VMSA-2023-0001

POC for RCE using vulnerabilities described in VMSA-2023-0001 - GitHub - horizon3ai/vRealizeLogInsightRCE: POC for RCE using vulnerabilities described in VMSA-2023-0001

github.com

CVE-2023-0045

Bypassing Spectre-BTI User Space Mitigations on Linux

GitHub - es0j/CVE-2023-0045

Contribute to es0j/CVE-2023-0045 development by creating an account on GitHub.

github.com

A POC for the new injection technique, abusing windows fork API to evade EDRs.

GitHub - deepinstinct/Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...

github.com

Weblogic-CVE-2023-21839

GitHub - DXask88MA/Weblogic-CVE-2023-21839

Contribute to DXask88MA/Weblogic-CVE-2023-21839 development by creating an account on GitHub.

github.com

Sudo Killer
A tool for finding and exploiting various vulnerabilities that appeared as a result of errors in incorrectly configured files, sudo rule vulnerabilities, incorrectly configured file accesses, and so on. Toulouse is ideal if you need to increase privileges during pentesting, increase security by system administrators, CTF players, and the like.

GitHub - TH3xACE/SUDO_KILLER: A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation. - GitHub - TH3xACE/SUDO_KILLER: A tool to identify and exploit sudo ...

github.com

MyBB 1.8.32 - Chained LFI Remote Code Execution (RCE) (Authenticated)

GitHub - FDlucifer/mybb_1832_LFI_RCE: MyBB 1.8.32 - Chained LFI Remote Code Execution (RCE) (Authenticated) python exploit script...

MyBB 1.8.32 - Chained LFI Remote Code Execution (RCE) (Authenticated) python exploit script... - GitHub - FDlucifer/mybb_1832_LFI_RCE: MyBB 1.8.32 - Chained LFI Remote Code Execution (RCE) (Authent...

github.com

BypassCredGuard
Credential Guard Bypass Via Patching Wdigest Memory

GitHub - wh0amitz/BypassCredGuard: Credential Guard Bypass Via Patching Wdigest Memory

Credential Guard Bypass Via Patching Wdigest Memory - GitHub - wh0amitz/BypassCredGuard: Credential Guard Bypass Via Patching Wdigest Memory

github.com

Privileger
tool to work with windows privileges

GitHub - MzHmO/Privileger: Privileger is a tool to work with Windows Privileges

Privileger is a tool to work with Windows Privileges - GitHub - MzHmO/Privileger: Privileger is a tool to work with Windows Privileges

github.com

RToolZ
A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.

GitHub - OmriBaso/RToolZ: A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.

A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls. - GitHub - OmriBaso/RToolZ: A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL ...

github.com

FilelessNtdllReflection
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported API from the export table

https://github.com/D1rkMtr/FilelessNtdllReflection

A cool python exploit to spoof your payload into another extension like pdf, docx, png, jpg, mp3

https://github.com/vesperlol/Extension-Spoofer

Bypassing IDS DCSync Signature for secretsdump

Thread by @snovvcrash on Thread Reader App

@snovvcrash: 🧵 (1/) Bypassing IDS DCSync Signature for #secretsdump I’ve been asked lately to bypass a private IDS rule for #impacket’s DCSync operation and I’ve immediately remembered this Charlie’s question ⬇️ 🧵 (...…

threadreaderapp.com

secretsdump.py DCSync without SMB interaction

secretsdump.py DCSync without SMB interaction. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

Gepetto: IDA plugin which queries OpenAI's ChatGPT to explain decompiled functions

GitHub - JusticeRage/Gepetto: IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering

IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering - GitHub - JusticeRage/Gepetto: IDA plugin which queries OpenAI's gpt-3.5-turbo language model...

github.com

Telepathy - a tool for analyzing Telegram chats
A set of tools for OSINT that allows you to explore Telegram chats.
Telegram Swiss Knife, which allows you to analyze and archive Telegram chats (including responses, media content, comments and reactions), collect lists of participants, find users by location, analyze top posters in the chat, map forwarded messages and much more.

GitHub - proseltd/Telepathy: Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.

Public release of Telepathy, an OSINT toolkit for investigating Telegram chats. - GitHub - proseltd/Telepathy: Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.

github.com

Remote shellcode launch

Filling out a form from a remote bin file using WinHTTP.
Shell codes are dead, long live shell codes without files.

GitHub - kleiton0x00/RemoteShellcodeExec: Execute shellcode from a remote-hosted bin file using Winhttp.

Execute shellcode from a remote-hosted bin file using Winhttp. - GitHub - kleiton0x00/RemoteShellcodeExec: Execute shellcode from a remote-hosted bin file using Winhttp.

github.com

KRAKEN
Modular multi-language webshell

GitHub - kraken-ng/Kraken: Kraken, a modular multi-language webshell coded by @secu_x11

Kraken, a modular multi-language webshell coded by @secu_x11 - GitHub - kraken-ng/Kraken: Kraken, a modular multi-language webshell coded by @secu_x11

github.com

Welcome To Crax.Pro Forum!

Check our new Marketplace at Crax.Shop

Others Just useful resources & links

Others Just useful resources & links

"S'all Good, Man."​

"Perfection Is The Enemy Of Perfectly Adequate."​

"Money Is The Point!"​

"I Travel In Worlds You Can't Even Imagine."​

"Say Nothing, You Understand? Get A Lawyer!"​

“Confidence is good. Facts on your side, better.” ​

“Facts are facts.”​

“Sometimes the good guys win.”​

“I’m not good at building shit, you know? I’m excellent at tearing it down.”​

“Money is not beside the point… Money is the point.”​

“Whoa, whoa. Hold up. What the hell happened to you? I get it, the first rule of Fight Club, right?”​

“A good magician never reveals his secrets.”​

“Got to look successful to be successful.”​

“The lesson is, if you’re gonna be a criminal, do your homework.” ​

“If I had to do it all over again, I would maybe do some things differently. I just thought you should know that.”​

“Some men aren't looking for anything logical. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn.”​

"Ernest Hemingway once wrote, "The world is a fine place and worth fighting for." I agree with the second part."​

“There’s no better way to destroy someone’s life than to uncover their secrets.”​

“Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.”​

“Hackers often describe what they do as playfully creative problem-solving.”​

“Computer hackers do not need to know each other’s real names, or even live on the same continent, to steal millions in mere hours."​

“While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.”​

“Very smart people are often tricked by hackers, by phishing. I don’t exclude myself from that. It’s about being smarter than a hacker. Not about being smart.”​

“At the end of the day, my goal was to be the best hacker.”​

“Humiliation is the favorite currency of the hacker.”​

“The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.”​

"Rules. Without Them We Live With The Animals.”​

“Consider This A Professional Courtesy.”​

"I've Lived My Life My Way, And I'll Die My Way."​

"You stabbed the devil in the back, and forced him back into the life that he had just left."​

"You Want A War, Or Do You Want To Just Give Me A Gun?"​

"Leave one wolf alive and the sheep are never safe."​

"When you play the game of thrones, you win or you die. There is no middle ground."​

"It's not easy to see something that’s never been before: A good world."​

"I believe in second chances. I don't believe in third chances."​

"If you only trust the people you grew up with, you won't make many allies."​

"A man with no motive is a man no one suspects. Always keep your foes confused: If they don't know who you are, what you want—they can't know what you plan to do next."​

"Never forget what you are, the rest of the world will not. Wear it like armor and it can never be used to hurt you."​

"I try to know as many people as I can. You never know which one you'll need."​

"It's hard to put a leash on a dog once you've put a crown on its head."​

“Everything before the word ‘but’ is horseshit.”​

“A lion doesn’t concern himself with the opinions of a sheep.”​

“Nothing FUCKS you harder than time.”​

“You pray for rain, you gotta deal with the mud too. That’s a part of it.”​

“I’d be more frightened by not using whatever abilities I’d been given.”​

“Luck is where opportunity meets preparation.”​

“If you have an enemy, then learn and know your enemy, don’t just be mad at him or her.”​

“Every failed experiment is one step closer to success.”​

When you work on a computer your hands travel 20 kilometres a day!​

Fugaku supercomputer is the world’s fastest computer. The $1-billion supercomputer has 7,630,848 cores, requires 29,899 kilowatts of electricity, and can execute 442,010 teraFLOPs.​

“Every day, about 317 million new viruses are discovered.​

“Microsoft’s founder, the infamous Bill Gates, was actually a college dropout."​

Did you know?​

“On average, a human blinks 20 times per minute, but using a computer reduces it to 7."​

Did you know?​

“The most common password for a computer and social media platforms is 123456."​

Did you know?​

“There are eight varieties of computers: mainframe, supercomputer, workstation, personal computer, Apple Macintosh, laptop, tablet, and smartphone."​

Did you know?​

“Linux leads the industry as it is used by Google, Facebook, Twitter, and Amazon."​

Did you know?​

“NASA computers were hijacked by a 15-year-old, resulting in a 21-day halt."​

Did you know?​

“You may heat a room with Gaming PCs more effectively than a heater."​

Did you know?​

“Physical money accounts for just around 10% of global cash, while the rest is stored on computers."​

Did you know?​

“YouTube actually started as a dating website." (Oh crap xD)​

Did you know?​

“Before they could progress as stable brands, Microsoft, HP, and Apple began manufacturing computers in their Garages."​

Did you know?​

“For every 12 million email spams, only one gets a reply."​

Did you know?​

“Banks and other corporate giants hire white hats or “good hackers” to help fix security issues and prevent system infiltration."​

Did you know?​

“If Earth stopped rotating for 1 second, everyone would die."​

"S'all Good, Man."

"Perfection Is The Enemy Of Perfectly Adequate."

"Money Is The Point!"

"I Travel In Worlds You Can't Even Imagine."

"Say Nothing, You Understand? Get A Lawyer!"

“Confidence is good. Facts on your side, better.”

“Facts are facts.”

“Sometimes the good guys win.”

“I’m not good at building shit, you know? I’m excellent at tearing it down.”

“Money is not beside the point… Money is the point.”

“Whoa, whoa. Hold up. What the hell happened to you? I get it, the first rule of Fight Club, right?”

“A good magician never reveals his secrets.”

“Got to look successful to be successful.”

“The lesson is, if you’re gonna be a criminal, do your homework.”

“If I had to do it all over again, I would maybe do some things differently. I just thought you should know that.”

“Some men aren't looking for anything logical. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn.”

"Ernest Hemingway once wrote, "The world is a fine place and worth fighting for." I agree with the second part."

“There’s no better way to destroy someone’s life than to uncover their secrets.”

“Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.”

“Hackers often describe what they do as playfully creative problem-solving.”

“Computer hackers do not need to know each other’s real names, or even live on the same continent, to steal millions in mere hours."

“While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.”

“Very smart people are often tricked by hackers, by phishing. I don’t exclude myself from that. It’s about being smarter than a hacker. Not about being smart.”

“At the end of the day, my goal was to be the best hacker.”

“Humiliation is the favorite currency of the hacker.”

“The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.”

"Rules. Without Them We Live With The Animals.”

“Consider This A Professional Courtesy.”

"I've Lived My Life My Way, And I'll Die My Way."

"You stabbed the devil in the back, and forced him back into the life that he had just left."

"You Want A War, Or Do You Want To Just Give Me A Gun?"

"Leave one wolf alive and the sheep are never safe."

"When you play the game of thrones, you win or you die. There is no middle ground."

"It's not easy to see something that’s never been before: A good world."

"I believe in second chances. I don't believe in third chances."

"If you only trust the people you grew up with, you won't make many allies."

"A man with no motive is a man no one suspects. Always keep your foes confused: If they don't know who you are, what you want—they can't know what you plan to do next."

"Never forget what you are, the rest of the world will not. Wear it like armor and it can never be used to hurt you."

"I try to know as many people as I can. You never know which one you'll need."

"It's hard to put a leash on a dog once you've put a crown on its head."

“Everything before the word ‘but’ is horseshit.”

“A lion doesn’t concern himself with the opinions of a sheep.”

“Nothing FUCKS you harder than time.”

“You pray for rain, you gotta deal with the mud too. That’s a part of it.”

“I’d be more frightened by not using whatever abilities I’d been given.”

“Luck is where opportunity meets preparation.”

“If you have an enemy, then learn and know your enemy, don’t just be mad at him or her.”

“Every failed experiment is one step closer to success.”

When you work on a computer your hands travel 20 kilometres a day!

Fugaku supercomputer is the world’s fastest computer. The $1-billion supercomputer has 7,630,848 cores, requires 29,899 kilowatts of electricity, and can execute 442,010 teraFLOPs.

“Every day, about 317 million new viruses are discovered.

“Microsoft’s founder, the infamous Bill Gates, was actually a college dropout."

Did you know?

“On average, a human blinks 20 times per minute, but using a computer reduces it to 7."

Did you know?

“The most common password for a computer and social media platforms is 123456."

Did you know?

“There are eight varieties of computers: mainframe, supercomputer, workstation, personal computer, Apple Macintosh, laptop, tablet, and smartphone."

Did you know?

“Linux leads the industry as it is used by Google, Facebook, Twitter, and Amazon."

Did you know?

“NASA computers were hijacked by a 15-year-old, resulting in a 21-day halt."

Did you know?

“You may heat a room with Gaming PCs more effectively than a heater."

Did you know?

“Physical money accounts for just around 10% of global cash, while the rest is stored on computers."

Did you know?

“YouTube actually started as a dating website." (Oh crap xD)

Did you know?

“Before they could progress as stable brands, Microsoft, HP, and Apple began manufacturing computers in their Garages."

Did you know?

“For every 12 million email spams, only one gets a reply."

Did you know?

“Banks and other corporate giants hire white hats or “good hackers” to help fix security issues and prevent system infiltration."

Did you know?

“If Earth stopped rotating for 1 second, everyone would die."

Did you know?

“If someone made a sound of 1100db or larger a black hole would form sucking in our whole solar system."

“People shouldn't be afraid of their government. Governments should be afraid of their people.”

“Behind this mask there is more than just flesh. Beneath this mask there is an idea... and ideas are bulletproof.”