몾 Artemis @mixic@nanao.cybtex.fr
247365
Inscrit·e en mar. 2022
CVE-2022-0847
A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
Back in 2016, an exploit called Hot Potato was revealed and opened a Pandora's box of local privilege escalations at the window manufacturer. Over the next few years, Microsoft kept patching « Won't fix », which eventually got bypassed with new techniques, always bringing new potatoes.
The goal of this article is to present all the exploits from the first one to the last one, how they work and how to use it. So, let's dive into the incredible Mousline mash up of impersonations and privilege escalations.
https://hideandsec.sh/books/windows-sNL/page/in-the-potato-family-i-want-them-all
Bindings for Microsoft WinDBG TTD
Microsoft AppLocker bypass by hash caching misuse
https://github.com/gtworek/PSBits/tree/master/AppLockerBypass
Duke: You Wanna Dance?
CrackHound
A way to introduce plain-text passwords into BloodHound. This allows you to upload all your cracked hashes to the Neo4j database and use it for reporting purposes (csv exports) or path finding in BloodHound using custom queries.
SyscallPack : Beacon Object File (BOF) and Shellcode for full DLL unhooking.
SysWhispers3 is a SysWhispers on Steroids.
AV/EDR evasion by generating header/ASM files implants can use to make direct system calls.
👨🏻💻
nmap -p 443 --scriptpjl-info-config<ip>👨🏻💻
nmap -p 443 --scripthttp-lexmark-version<ip>
Related articles:
⌨️ Online Assembler & Disassembler
😍 http://shell-storm.org/online/Online-Assembler-and-Disassembler/
247365
Inscrit·e en mar. 2022
