Kraken Mask
A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption, a ROP chain is employed with QueueUserAPC and NtContinue.
https://github.com/RtlDallas/KrakenMask
@IRCyberGuardians
A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption, a ROP chain is employed with QueueUserAPC and NtContinue.
https://github.com/RtlDallas/KrakenMask
@IRCyberGuardians
The Ultimate Guide to Finding Bugs With Nuclei
https://blog.projectdiscovery.io/ultimate-nuclei-guide/
@IRCyberGuardians
https://blog.projectdiscovery.io/ultimate-nuclei-guide/
@IRCyberGuardians
ProjectDiscovery
The Ultimate Guide to Finding Bugs With Nuclei — ProjectDiscovery Blog
Efficient, extensible, flexible, open source vulnerability scanning.
Introduction
Nuclei is a fast, efficient, and extensible vulnerability scanner. It can scan thousands of hosts in just a few minutes.
The Nuclei engine uses YAML-based templates to define…
Introduction
Nuclei is a fast, efficient, and extensible vulnerability scanner. It can scan thousands of hosts in just a few minutes.
The Nuclei engine uses YAML-based templates to define…
Weaponized Browser-in-the-Middle (BitM) for Penetration Testers
https://github.com/fkasler/cuddlephish
@IRCyberGuardians
https://github.com/fkasler/cuddlephish
@IRCyberGuardians
GitHub
GitHub - fkasler/cuddlephish: Weaponized Browser-in-the-Middle (BitM) for Penetration Testers
Weaponized Browser-in-the-Middle (BitM) for Penetration Testers - fkasler/cuddlephish
An OSINT tool that helps detect members of a company with leaked credentials
https://github.com/infobyte/emploleaks
@IRCyberGuardians
https://github.com/infobyte/emploleaks
@IRCyberGuardians
GitHub
GitHub - infobyte/emploleaks: An OSINT tool that helps detect members of a company with leaked credentials
An OSINT tool that helps detect members of a company with leaked credentials - infobyte/emploleaks
Titan Stealer Source
DL : https://drive.google.com/file/d/1_VCdso5U0UIMq5BGfHAkjqMjDoX6idE_
@IRCyberGuardians
DL : https://drive.google.com/file/d/1_VCdso5U0UIMq5BGfHAkjqMjDoX6idE_
@IRCyberGuardians
Telegram
Cyber Guardians
RedTeaming TTPs
Bug Hunting
Web PenTest
Web Security
Binary Analysis
Exploit DEV
Malware DEV
Malware Analysis
BlueTeaming
Threat Hunting
SOC
CSIRT
FORENSICS
Open-Source Intelligence(OSINT)
Cybersec Tools
Bug Hunting
Web PenTest
Web Security
Binary Analysis
Exploit DEV
Malware DEV
Malware Analysis
BlueTeaming
Threat Hunting
SOC
CSIRT
FORENSICS
Open-Source Intelligence(OSINT)
Cybersec Tools
goctopus
Blazing fast GraphQL discovery & fingerprinting toolbox.
https://github.com/Escape-Technologies/goctopus
@IRCyberGuardians
Blazing fast GraphQL discovery & fingerprinting toolbox.
https://github.com/Escape-Technologies/goctopus
@IRCyberGuardians
GitHub
GitHub - Escape-Technologies/goctopus: Blazing fast GraphQL discovery & fingerprinting toolbox.
Blazing fast GraphQL discovery & fingerprinting toolbox. - Escape-Technologies/goctopus
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
https://github.com/TheWover/donut
@IRCyberGuardians
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
https://github.com/TheWover/donut
@IRCyberGuardians
GitHub
GitHub - TheWover/donut: Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files,…
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters - TheWover/donut
Unlocking the power of Red Teaming: An overview of trainings and certifications
https://blog.nviso.eu/2023/07/31/unlocking-the-power-of-red-teaming-an-overview-of-trainings-and-certifications/?amp
@IRCyberGuardians
https://blog.nviso.eu/2023/07/31/unlocking-the-power-of-red-teaming-an-overview-of-trainings-and-certifications/?amp
@IRCyberGuardians
NVISO Labs
Unlocking the power of Red Teaming: An overview of trainings and certifications
NVISO enjoys an excellent working relationship with SANS and has been involved as Instructors and Course Authors for a variety of their courses: For SEC511, Continuous Monitoring and Security Opera…
Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
https://samcurry.net/universal-xss-on-netlifys-next-js-library/
@IRCyberGuardians
https://samcurry.net/universal-xss-on-netlifys-next-js-library/
@IRCyberGuardians
samcurry.net
Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library
On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js "netlify-ipx" repository which would allow an attacker to achieve persistent cross-site scripting and full-response server side request forgery on any website out of the…
Upgrading Simple Shells to Fully Interactive TTYs
https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
@IRCyberGuardians
https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
@IRCyberGuardians
ropnop blog
Upgrading Simple Shells to Fully Interactive TTYs
Catching a reverse shell over netcat is great…until you accidentally Ctrl-C and lose it. These techniques let you upgrade your shell to a proper TTY
Top disclosed reports from HackerOne
https://github.com/reddelexc/hackerone-reports/tree/master
@IRCyberGuardians
https://github.com/reddelexc/hackerone-reports/tree/master
@IRCyberGuardians
GitHub
GitHub - reddelexc/hackerone-reports: Top disclosed reports from HackerOne
Top disclosed reports from HackerOne. Contribute to reddelexc/hackerone-reports development by creating an account on GitHub.
In this repository I'll host my research and methodologies for auditing vulnerabilities
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities
@IRCyberGuardians
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities
@IRCyberGuardians
GitHub
GitHub - OlivierLaflamme/Auditing-Vulnerabilities: In this repository I'll host my research and methodologies for auditing vulnerabilities
In this repository I'll host my research and methodologies for auditing vulnerabilities - GitHub - OlivierLaflamme/Auditing-Vulnerabilities: In this repository I'll host my researc...
SSRF and Open Redirect CheatSheet
https://www.hahwul.com/phoenix/ssrf-open-redirect/
@IRCyberGuardians
https://www.hahwul.com/phoenix/ssrf-open-redirect/
@IRCyberGuardians
HAHWUL
SSRF and Open Redirect CheatSheet
Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899)
https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/
@IRCyberGuardians
https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/
@IRCyberGuardians
Telegram
Cyber Guardians
RedTeaming TTPs
Bug Hunting
Web PenTest
Web Security
Binary Analysis
Exploit DEV
Malware DEV
Malware Analysis
BlueTeaming
Threat Hunting
SOC
CSIRT
FORENSICS
Open-Source Intelligence(OSINT)
Cybersec Tools
Bug Hunting
Web PenTest
Web Security
Binary Analysis
Exploit DEV
Malware DEV
Malware Analysis
BlueTeaming
Threat Hunting
SOC
CSIRT
FORENSICS
Open-Source Intelligence(OSINT)
Cybersec Tools
A collection of smart contract vulnerabilities along with prevention methods.
https://github.com/kadenzipfel/smart-contract-vulnerabilities
@IRCyberGuardians
https://github.com/kadenzipfel/smart-contract-vulnerabilities
@IRCyberGuardians
GitHub
GitHub - kadenzipfel/smart-contract-vulnerabilities: A collection of smart contract vulnerabilities along with prevention methods
A collection of smart contract vulnerabilities along with prevention methods - kadenzipfel/smart-contract-vulnerabilities