{"uuid": "2fcc63cb-a603-485b-a7b6-cc0ca0589bcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3096", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27 \ud83d\udd28  - Hackers Factory \n\n\u200b\u200bSophia Script for Windows\n\nThe largest PowerShell module on GitHub for Windows 10 & Windows 11 for fine-tuning and automating the routine tasks. It offers more than 150 unique tweaks, and shows how Windows can be configured without making any harm to it.\n\nhttps://github.com/farag2/Sophia-Script-for-Windows\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bCVE-2023-35844\n\nLightdash directory traversal.\n\nhttps://github.com/Szlein/CVE-2023-35844\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27372 \n\nSPIP < 4.2.1 - Remote Code Execution Vulnerability Scanner \ud83d\udee1\ud83d\udcbb\n\nhttps://github.com/Chocapikk/CVE-2023-27372\n\n#cve #cybersecurity #infosec\n\nUTBotCpp\n\nTool that generates unit test by C/C++ source code, trying to reach all branches and maximize code coverage.\n\nhttps://github.com/UnitTestBot/UTBotCpp\n\n#cybersecurity #infosec\n\n\u200b\u200bthreat-composer\n\nA threat modeling tool to help humans to reduce time-to-value when threat modeling.\n\nhttps://github.com/awslabs/threat-composer\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-33140\n\nMicrosoft OneNote is vulnerable to spoofing attacks. The malicious user can trick the victim into clicking on a very maliciously crafted URL or download some other malicious file and execute it. When this happens the game will be over for the victim and his computer will be compromised. Exploiting the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.\n\nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-33140\n\n#cve #exploit #RCE\n\n\u200b\u200b\u267b\ufe0f CrackMapExec (a.k.a CME) \n\nA post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of \"Living off the Land\": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.\n\nhttps://github.com/mpgn/CrackMapExec\n\nWiki:\nhttps://wiki.porchetta.industries/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bSecret Fragment exploit v2\n\nThis exploit is a V2 that provides clearer output, new code execution methods, and fixes a few bugs.\n\nDetails:\nhttps://www.ambionics.io/blog/symfony-secret-fragment\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCoffee\n\nA custom implementation of the original Cobalt Strike's beacon_inline_execute. It is written in Rust and supports most of the features of the #CobaltStrike compatibility layer. Coffee is structured so it can be used as a library in other projects too.\n\nhttps://github.com/hakaioffsec/coffee\n\n#infosec #pentesting #redteam\n\n\u200b\u200b\ud83d\udc0d Pyscan\n\nPython dependency vulnerability scanner, written in Rust.\n\nhttps://github.com/aswinnnn/pyscan\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-28T15:16:50.000000Z"}