{"uuid": "991d1d33-552c-4a15-abfb-2d952a0def95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35250", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2882", "content": "Tools - Hackers Factory\n\n\u200b\u200bPatch Diffing In The Dark\n\nA series of blog posts leveraging CVE analysis and patch diffing to discover new vulnerabilities. As revealed in the blog posts, the following 4 CVEs came from the in-depth study of CVE-2021-1657.\n\n\u2022 Part 1 - Patch Diffing In The Dark\n\u2022 Part 2 - Down the Rabbit Hole\n\u2022 Part 3 - Down But Not Out\n\u2022 Part 4 - Do You Trust Me?\n\nhttps://github.com/VulnerabilityResearchCentre/patch-diffing-in-the-dark\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bSolarWinds-CVE-2021-35250\n\nDuring penetration testing, I came across Serv-U. I started looking for known vulnerabilities, and I was interested in CVE-2020-27994. But it was closed by an update in version 15.2.2, and I was working with Serv-U version 15.3.0. \"I decided to dig deeper and modify the payload in various ways, as well as modify the HTTP request itself, after much agony I managed to reproduce the vulnerability of directory traversal\" :)\n\nhttps://github.com/rissor41/SolarWinds-CVE-2021-35250\n\n#infosec #pentesting #redteam\n\n\u200b\u200bQuadraInspect\n\nQuadraInspect is an Android framework that integrates AndroPass, APKUtil, and MobFS, providing a powerful tool for analyzing the security of Android applications.\n\nhttps://github.com/morpheuslord/QuadraInspect\n\n#cybersecurity #infosec #android\n\n\u200b\u200bSRUM-DUMP2\n\nA forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.\n\nhttps://github.com/MarkBaggett/srum-dump\n\n#cybersecurity #infosec #forensic\n\n\u200b\u200bSecurity Research\n\nThis project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.\n\nhttps://github.com/google/security-research\n\n#cybersecurity #infosec\n\n\u200b\u200bThe Time Machine\n\nWeaponizing WaybackUrls for Recon, BugBounties, OSINT,8 Sensitive Endpoints and what not.\n\nhttps://github.com/anmolksachan/TheTimeMachine\n\nDetails:\nhttp://bit.ly/3MI9Llh\n\n#OSINT #infosec\n\n\u200b\u200bReconAIzer\n\nA Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!\n\nhttps://github.com/hisxo/ReconAIzer\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bThe Atypical OSINT Guide\n\nThe most unusual OSINT guide you've ever seen. The repository is intended for bored professionals only.\n\nhttps://github.com/OffcierCia/non-typical-OSINT-guide\n\n#OSINT #cybersecurity #infosec\n\n\u200b\u200bSharpHound4Cobalt\n\nC# Data Collector for BloodHound with CobaltStrike integration (BOF.NET)\n\nhttps://github.com/Hypnoze57/SharpHound4Cobalt/tree/fb8e9a726a47596b4a29518bda73ecbf8ca6e43b\n\n#infosec #pentesting #redteam\n\n\u200b\u200bAsnmap\n\nGo CLI and Library for quickly mapping organization network ranges using ASN information.\n\nhttps://github.com/projectdiscovery/asnmap\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCRLF\n\nBug scanner for WebPentesters and Bugbounty Hunters.\n\nhttps://github.com/karthi-the-hacker/crlfi\n\n#pentesting #infosec #bugbounty\n\n\u200b\u200bGTFOArgs\n\nA curated list of programs and their associated arguments that can be exploited to gain privileged access or execute arbitrary commands, using argument injection.\n\nhttps://github.com/GTFOArgs/GTFOArgs.github.io\n\nWeb:\nhttps://gtfoargs.github.io/\n\n#cybersecurity #Infosec #cybersec #dilagrafie #activism #cyber\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-04-14T22:46:49.000000Z"}