Hacking

cwe_checker finds vulnerable patterns in binary executables - fkie-cad/cwe_checker

Weaponize DLL hijacking easily. Backdoor any function in any DLL. - Print3M/DllShimmer

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil...

💀 Don't fear the Reaper 👻

ARMO reveals how io_uring enables rootkits to bypass major Linux security tools like Falco, and Defender. Learn about the Curing rootkit and detection strategies.

curl-impersonate: A special build of curl that can impersonate Chrome & Firefox - lwthiker/curl-impersonate

A Unified Platform for Adversary Emulation and Red Team Operations - FunnyWolf/Viper

Astral-PE is a low-level mutator (headers obfuscator) for native Windows PE files (x32/x64) - DosX-dev/Astral-PE

ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native executables. - wietze/ArgFuscator.net

📌 This is a cross-post from DEVCORE. The research was first published at Black Hat Europe 2024. Personally, I would like to thank splitline, the co-author of this research & article, whose help

Userland exec PoC to be used as attack vector technique - hardenedlinux/userland-exec

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. - xaitax/TotalRecall

.NET deserialization hunter.

ROP-based sleep obfuscation to evade memory scanners - Kudaes/Shelter

Microsoft recently published an article that documented how the HAFNIUM threat actor leveraged a flaw in how scheduled tasks are stored in the registry to hide their presence.

Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them. In this paper, I'll unleash novel attack concepts to coax out server secrets

In this blog post, we document Linux process injection techniques, and explain how to detect and mitigate them.

This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation.

An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution - Octoberfest7/Secure_Stager

A tool for testing for certificate validation vulnerabilities of TLS connections made by a client device or an application. - aapooksman/certmitm

Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.

Dynamically invoke arbitrary unmanaged code.

Authors: Boudewijn Meijer && Rick Veldhoven Introduction As defensive security products improve, attackers must refine their craft. Gone are the days of executing malicious binaries from di…

In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).