GitHub - kris-nova/boopkit: Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin. - GitHub - kris-nova/boopkit: Linux eBPF backdoor over TCP. Spawn reverse shells, RCE,...
GitHub - arget13/DDexec: A technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process.
A technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process. - GitHub - arget13/DDexec: A technique to run binaries filelessly and stealthily o...
GitHub - cybersecsi/HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.
Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all. - GitHub - cybersecsi/HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion. The ...
Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec
Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...
GitHub - lanjelot/patator: Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. - GitHub - lanjelot/patator: Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Juice Shop - Insecure Web Application for Training | OWASP
Probably the most modern and sophisticated insecure web application for security trainings, awareness demos and CTFs. Also great voluntary guinea pig for your security tools and DevSecOps pipelines!
10 real-world stories of how we’ve compromised CI/CD pipelines
Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD pipeline? What does this type of attack look like in practice? NCC Group has found many attack paths through different security assessments that could have led to a compromised CI/CD pipeline in enterprises large and small. In this post, we will share some of our war stories about what we have observed and been able to demonstrate on CI/CD pipeline security assessments, clearly showing why there is the saying, “they are execution engines"
outflanknl/RedELK: Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations. - outflanknl/RedELK: Red Team's S...
kgretzky/pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. - kgretzky/pwndrop: Self-deployable file hosting service for red teamers, al...