Y4to's repositories
Check-WP-CVE-2020-35489
The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489
Get-Shodan
The program allows to download large data from shodan quickly, simply and avoid errors.
Check-CVE-2021-23383
Check the conditions for exploiting CVE-2021-23383 through the handlebars library version assessment.
Special-List-for-Red-Team
Useful lists for red team ;)
search-ms-Attack-Technique
PoC Attack by "search-ms" URI Protocol Handler. Reference: https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html
BlackNET
Unmaintained: Free advanced and modern Windows botnet with a nice and secure PHP panel developed using VB.NET.
AMSI-BYPASS
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
C3
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
CVE-2021-36260
command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVE-2023-36874_BOF
Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
CVE-2024-21412_Water-Hydra
according to trendmicro's research
CVE-2024-29988-exploit
Exploit for Microsoft SmartScreen malicious execution (april 2024)
Darkside
C# AV/EDR Killer using less-known driver (BYOVD)
dnspooq
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Hide-Cobalt-Strike-like-a-PRO
Bypass Kaspersky End Point Security AV/EDR
HSC24RedTeamInfra
Slides and Codes used for the workshop Red Team Infrastructure Automation
Impulse
Impulse Denial-of-service ToolKit
ios_15_rce
Remote Code Execution V1 For iOS 15 sent through airdrop after the device was connected to a trusted host
LockBit-RansomWare
Cracked version of LockBit Ransomware Including the missing Locker files. Including source code.
Reg-Restore-Persistence-Mole
a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring. This POC will use
SspiUacBypass
Bypassing UAC with SSPI Datagram Contexts
Stealerium
Stealer + Clipper + Keylogger
SubSeven
SubSeven Legacy Official Source Code Repository
tr069-client-burpsuite
Burp Suite Extension useful to pentest on TR-069.
UBoat
HTTP Botnet Project
ZipExec
A unique technique to execute binaries from a password protected zip