Exploit for Deserialization of Untrusted Data in Facebook React

⚛️ React2Shell CVE-2025-55182 !Pythonhttps://img.shields...

SqlScanner

SqlScanner SQL Injection Scanner deve...

awesome-burp-extensions

This is a curated list of Burp Extensions, a collection of user-submitted plugins for the Burp Suite web application security testing tool. The repository is maintained under a CC0 1.0 Universal license, allowing for the permanent relinquishment of copyright and related rights to the works...

wshawk

WSHawk v2.0 - Professional WebSocket Security Scanner !Pyth...

Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence

A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service BITS so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign...

Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence

A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service BITS so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign...

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing

Introduction Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. One of the most commonly seen techniques of this "fileless" execution is code injection. Rather than executing the malware directly, attackers inject the...

RIG EK Still Makes Waves, This Time with a Stealthy Backdoor

Exploit kit activity has been declining since the latter half of 2016, but the RIG EK seems to buck the trend. It’s been involved in ongoing activity involving a wide range of crimeware payloads; and the latest campaign saw RIG dropping the Grobios malware, which is tailored to be a really stealt...

CVE-2002-2438

TCP firewalls could be circumvented by sending a SYN Packets with other flags like e.g. RST flag set, which was not correctly discarded by the Linux TCP stack after firewalling...

BNAT Router

This module will properly route BNAT traffic and allow for connections to be established to machines on ports which might not otherwise be accessible. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Super strong 2 0 0 0 platform Shell ACKcmd Backdoor analysis-vulnerability warning-the black bar safety net

Description -=-=-=-=--= ACKcmd is to provide a Win2000 under remote command Shell is a backdoor, it uses TCP to transfer, but different from the normal TCP connection a three-way handshake, ACKcmd using only TCP ACK packets, so the General case can pass through firewalls and avoid IDS detection...

Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC

Hi All !! While I was testing desktop based firewalls here it is Zone Alarm Pro with the firewall evasion kit developed by me, I found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by...

freebsd/x86 - connect 102 bytes

freebsd/x86 connect 102 bytes. Shellcode exploit for freebsdx86 platform ; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades firewalls... ; ; YES, this is for NASM, I detest AT&T syntaxis - it's gross...

Multiple BSD ipfw / ip6fw ECE Bit Filtering Evasion

The remote host seems vulnerable to a bug wherein a remote attacker can circumvent the firewall by setting the ECE bit within the TCP flags field. At least one firewall ipfw is known to exhibit this sort of behavior. Known vulnerable systems include all FreeBSD 3.x ,4.x, 3.5-STABLE, and 4.2-STABL...

HTTP Proxy Open gopher:// Request Relaying

Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others. By making gopher requests, an attacker may evade your firewall settings, by making connections ...

ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (3)

/ copyright LAST STAGE OF DELIRIUM feb 2001 poland ://lsd-pl.net/ / / bind 8.2 8.2.1 8.2.2 8.2.2-PX Solaris 2.7 x86 / / The code establishes a TCP connection with port 53 of a target system. / / It makes use of the "infoleek" bug through UDP to obtain the base / / value of the named process frame...

BSD Passive Connection Shellcode

BSD Passive Connection Shellcode. Shellcode exploit for bsd platform ; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades firewalls... ; ; YES, this is for NASM, I detest AT&T syntaxis - it's gross and...

BSD Passive Connection Shellcode

Exploit for bsd platform in category shellcode ================================ BSD Passive Connection Shellcode ================================ ; Passive Connection Shellcode ; ; Coded by Scrippie - email protected - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades...