{"uuid": "3d02e26b-2cda-416b-bf29-442993497742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28206", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2869", "content": "50 Tools - Hackers Factory\n\n\u200b\u200blearning-reverse-engineering\n\nThis repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.\n\nhttps://github.com/jstrosch/learning-reverse-engineering\n\n#cybersecurity #infosec #reverse\n\n\u200b\u200bMalware Reverse Engineering for Beginners\n\nThis repository contains relevant samples and data related to \"Malware Reverse Engineering for Beginners\" articles.\n\nhttps://github.com/intezer/Malware-Reverse-Engineering-for-Beginners\n\n#cybersecurity #infosec #reverse\n\n\u200b\u200bPentest Python\n\nA simple pentest container equipped with common python pentest tools. The container runs on Python 3.9.2 which circumevents the TLS issues with Python 3.10.\n\nhttps://github.com/maurizi0/pentest-python\n\n#infosec #pentesting #redteam\n\n\u200b\u200bSymbiote\n\nYour target's phone's front and back cameras\ud83d\udcf8 can be accessed by sending a link\n\nhttps://github.com/hasanfirnas/symbiote\n\n#infosec #pentesting #redteam\n\n\u200b\u200bReverse-Engineering\n\nA FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.\n\nhttps://github.com/mytechnotalent/Reverse-Engineering\n\n#cybersecurity #infosec #reverse\n\n\u200b\u200bRecon Scripts\n\nRecon scripts for Red Team and Web blackbox auditing.\n\nhttps://github.com/mtimani/Recon_scripts\n\n#infosec #pentesting #redteam\n\n\u200b\u200bPayloadsAllTheThings\n\nA list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!\n\nhttps://github.com/swisskyrepo/PayloadsAllTheThings\n\n#infosec #pentesting #CTF\n\n\u200b\u200bLOOBins\n\nLiving Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes. This list does not include overlapping Unix binaries that are detailed in GTFOBins.\n\nhttps://github.com/infosecB/LOOBins\n\n#cybersecurity #infosec\n\n\u200b\u200blearning-malware-analysis\n\nThis repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.\n\nhttps://github.com/jstrosch/learning-malware-analysis\n\n#malware #cybersecurity #infosec\n\n\u200b\u200bLinux Kernel Fuzzer Corpus\n\nhttps://github.com/cmu-pasta/linux-kernel-enriched-corpus\n\n#cybersecurity #infosec\n\n\u200b\u200biocextract\n\nIndicator of Compromise (IOC) extractor for some of the most commonly ingested artifacts.\n\nhttps://github.com/InQuest/python-iocextract\n\n#cybersecurity #infosec\n\n\u200b\u200bAPTnotes Data\n\nA repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets.\n\nhttps://github.com/aptnotes/data\n\n#infosec #pentesting #redteam #APT\n\n\u200b\u200bFiber\n\nThis is a simple PoC of how you can leverage fibers to execute in-memory code without spawning threads and hiding suspicious thread stacks among others.\n\nhttps://github.com/Kudaes/Fiber\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-28206\n\nThis is a PoC for CVE-2023-28206, triggering an oob memmove in IosaColorManagerMSR8::getHDRStats_gatedContext.\n\nhttps://gist.github.com/LinusHenze/728db96a836b6817ecb727cfbde606b3\n\nAttackSurfaceMapper \n\nASM is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on. \n\nhttps://github.com/superhedgy/AttackSurfaceMapper\n\n#infosec #pentesting #redteam", "creation_timestamp": "2023-04-13T10:30:27.000000Z"}