{"uuid": "862600b2-941b-44be-8f86-8ae79dc41a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2822", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3060", "content": "Tools - Hackers Factory\n\n\u200b\u200binteractsh\n\nOpen-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions.\n\nhttps://github.com/projectdiscovery/interactsh\n\n#pentesting #redteam #bugbounty\n\n\u200b\u200bHSTS Parser\n\nA tool to parse Firefox and Chrome HSTS databases into #forensic artifacts!\n\nhttps://github.com/thebeanogamer/hstsparser\n\n#cybersecurity #infosec\n\nOWASP Web Application Security Testing Checklist.\n\nhttps://github.com/0xRadi/OWASP-Web-Checklist\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bFile Archiver In The Browser\n\nTwo sample phishing templates that can be used with .zip domains to emulate a file archiver in the browser.\n\nhttps://github.com/mrd0x/file-archiver-in-the-browser\n\nFile Archiver In The Browser:\nhttps://mrd0x.com/file-archiver-in-the-browser/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bRansomchats\n\nHere you'll find #ransomware negotiations normalised as JSON files. Ransomware negotiations are usually not shared widely, limiting the understanding of the process. This project aims at changing that, in a respectful manner for the victims of cyberattacks: chats are anonymized as long as the victim hasn't been publicly disclosed, either by the attackers or in the media.\n\nhttps://github.com/Casualtek/Ransomchats\n\n#cybersecurity #infosec\n\n\u200b\u200bIntroduction to macOS - TCC\n\nTCC (Transparency, Consent and Control) is a macOS mechanism aimed at protecting sensitive information. This includes access to user's private files (e.g. files on the Desktop), access to the camera and the microphone, location services access and many more. Interestingly, TCC protects those even against root-level attacks.\n\nhttps://github.com/yo-yo-yo-jbo/macos_tcc\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bNixImports\n\nA .NET malware loader, using API-Hashing and dynamic invoking to evade static analysis.\n\nhttps://github.com/dr4k0nia/NixImports\n\n#malware #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-2822\n\nSimple flask application to implement an intentionally vulnerable web app to demo CVE-2023-2822.\n\nhttps://github.com/cberman/CVE-2023-2822-demo\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bDamn Vulnerable Bank\n\nDamn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.\n\nhttps://github.com/rewanthtammana/Damn-Vulnerable-Bank\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE 2023 25690 \n\nProof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.\n\nhttps://github.com/dhmosfunk/CVE-2023-25690-POC\n\n#cve #poc #infosec\n\n\u200b\u200bShaco\n\nShaco is a minimal C linux agent for Havoc. Shaco communicate with http to the server using hardcoded socket\n\nhttps://github.com/souzomain/Shaco\n\n#infosec #pentesting #redteam\n\n\u200b\u200bShellcrypt\n\nA single-file cross-platform quality of life tool to obfuscate a given shellcode file and output in a useful format for pasting directly into your source code.\n\nhttps://github.com/iilegacyyii/Shellcrypt\n\n#infosec #pentesting #redteam\n\n\u200b\u200bweb2shell\n\nA Python program used to automate converting webshells into reverse shells. If you regularly do CTF, HTB, or red teaming you've probably spent a good chunk of time testing payloads to convert a webshell into a reverse shell. This tool aims to simplify this process. \n\nhttps://github.com/ejedev/web2shell\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-23T17:00:05.000000Z"}