Redherd Framework -A Collaborative And Serverless Framework For Orchestrating A Geographically Distributed Group Of Assets

RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets capable of conducting simulating complex offensive cyberspace operations. --- Getting Started Take a look at the RedHerd documentation for instructions on how to getting started with...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable systems and applications,...

ThreatBox - A Standard And Controlled Linux Based Attack Platform

ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why no...

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. About I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software...

SillyRAT - A Cross Platform Multifunctional (Windows/Linux/Mac) RAT

A Cross Platform multifunctional Windows/Linux/Mac RAT. Getting Started Description A cross platform RAT written in pure Python. The RAT accept commands alongside arguments to either perform as the server who accepts connections or to perform as the client/target who establish connections to the...

vulhub1

This is a repository for a project called Vulhub, which appears to be a collection of vulnerable systems and applications for testing and learning purposes. The repository contains various files and directories, including: 1. .gitattributes: A file that specifies which files should be ignored by...

What You Should Know About CNC Prototyping

By Owais Sultan CNC prototyping is the use of a CNC machine to make prototype parts. These parts are used in functional testing or fundraising in the market. This is a post from HackRead.com Read the original post: What You Should Know About CNC Prototyping...

GHSA-WWGQ-9JHF-QGW6 Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys

Impact Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email. Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply...

CVE-2021-0146

Hardware allows activation of test or debug logic at runtime for some IntelR processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

american-testing.com Improper Access Control vulnerability OBB-2274872

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Microsoft Security Update Validation Report November 2021

Microsoft’s November 2021 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders

ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...

Exploit for SQL Injection in Zabbix

This is an offensive tool repository for Vulhub, a web application vulnerability training platform. The repository contains various tools and exploits for testing and demonstrating vulnerabilities in different web applications and frameworks. The primary classification of this repository is: "It ...

EulerOS 2.0 SP9 : gd (EulerOS-SA-2021-2683)

According to the versions of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read v...

FormatFuzzer - A Framework For High-Efficiency, High-Quality Generation And Parsing Of Binary Inputs

FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs. It takes a binary template that describes the format of a binary input and generates an executable that produces and parses the given binary format. From a binary template for GIF, for instance,...

RottenPotatoNG - A C++ DLL And Standalone C++ Binary - No Need For Meterpreter Or Other Tools

New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools. RottenPotatoDLL This project generates a DLL and EXE file. The DLL contains all the code necessary to perform the RottenPotato attack and get a handle to a privileged token. The...

Intel VTune Profiler 安全漏洞

Intel VTune Profiler is a performance testing tool for optimized software from Intel USA. The software performs performance testing of IoT embedded applications, media software, Java applications, and high-performance computing applications. A security vulnerability exists in Intel VTune Profiler...

kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c

A flaw was found in the Linux kernel. On some Haswell CPUs, userspace applications such as perf-fuzzer can cause a system crash because the PEBS status in a PEBS record is mishandled...

Ddosify - High-performance Load Testing Tool

Features Protocol Agnostic - Currently supporting HTTP, HTTPS, HTTP/2. Other protocols are on the way. Scenario-Based - Create your flow in a JSON file. Without a line of code! Different Load Types - Test your system's limits across different load types. Installation ddosify is available via...

Types of Penetration Testing

If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your...