{"uuid": "c274b21a-3d5f-4c98-afe9-9cf62484b7cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3122", "content": "\u200b\u200bGitHub Logs\n\nExtracting #OSINT Insights from 15TB of GitHub Event Logs.\n\nhttps://github.com/trickest/github-logs\n\n#cybersecurity #infosec\n\n\u200b\u200bWeb Hacker's Weapons\n\nA collection of cool tools used by Web hackers.\n\nhttps://github.com/hahwul/WebHackersWeapons\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200b\ud83d\udc27 Awesome Linux Rootkits\n\nBest linux rootkits resources.\n\nhttps://github.com/milabs/awesome-linux-rootkits\n\n#infosec #pentesting #redteam\n\nglit\n\nA little #OSINT tool to retrieve all mails of user related to a git repository, a git user or a git organization.\n\nhttps://github.com/shadawck/glit\n\n#cybersecurity #infosec\n\n\u200b\u200bCoWitness\n\nA powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.\n\nhttps://github.com/stolenusername/cowitness\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bLinux Kernel Factory\n\nLinux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.\n\nhttps://github.com/bsauce/kernel-exploit-factory\n\n#infosec #pentesting #redteam\n\n\u200b\u200bdocleaner\n\nA web service to clean #documents from potentially privacy-invasive #metadata.\n\nhttps://github.com/TUD-CERT/docleaner\n\n\u200b\u200bHadesLdr\n\nShellcode loader implementing indirect dynamic syscall, api hashing, fileless shellcode retrieving using winsock2.\n\n\u2022 Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.\n\u2022 API Hashing by resolving modules &amp; APIs base address from PEB by hashes\n\u2022 Fileless Chunked RC4 Shellcode retrieving using Winsock2\n\nhttps://github.com/CognisysGroup/HadesLdr\n\nDetails:\nhttps://labs.cognisys.group/posts/Combining-Indirect-Dynamic-Syscalls-and-API-Hashing/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bLOLAPPS \n\nKind of like the cousin of LOLBAS and GTFObins. Sometimes you might struggle to common binaries to exploit and LOLAPPS is meant to be a supplementary resource for identifying native functionality in applications that can be used to the hacker's advantage, both third-party and from within.\n\nhttps://github.com/LOLAPPS-Project/LOLAPPS\n\nWeb:\nhttps://lolapps-project.github.io/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-36884\n\nOffice/Windows HTML RCE Vulnerability\n\nhttps://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bRWXfinder\n\nWindows-specific tool written in C which uses Windows API functions to traverse through directories and look for DLL files with an RWX section in memory.\n\nhttps://github.com/pwnsauc3/RWXFinder\n\n#infosec #pentesting #redteam\n\n\u200b\u200bPlumHound \n\nBloodHoundAD Report Engine for Security Teams\n\nhttps://github.com/PlumHound/PlumHound\n\n#infosec #pentesting #redteam\n\n\u200b\u200bLolDriverScan\n\nA golang tool that allows users to discover vulnerable drivers on their system. This tool fetches the loldriverscan.io list from their APIs and scans the system for any vulnerable drivers This project is implemented in Go and does not require elevated privileges to run.\n\nhttps://github.com/FourCoreLabs/loldriverscan\n\n#cybersecurity #infosec\n\n\u200b\u200bJayFinder\n\nWhether you knew Process Mockingjay since ever or you just got to know it, this tool helps you to find DLLs with RWX section. This is done parsing the PE Section Headers and checking the \"Characteristics\" attribute of each section.\n\nhttps://github.com/oldboy21/JayFinder\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-37582\n\nApache RocketMQ Arbitrary File Write Vulnerability #Exploit.\n\nhttps://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\n#cybersecurity #infosec\n\n\u200b\u200bUDP Protocol Scanner\n\nA tool for identifying UDP services running on remote hosts. This tool may be of use to those performing security testing - e.g. during penetration testing, vulnerability assessments or while pivoting.\n\nhttps://github.com/CiscoCXSecurity/udpy_proto_scanner\n\n#cybersecurity #infosec #pentesting\n\nhttps://t.me/dilagrafie\n\n2/2", "creation_timestamp": "2023-07-15T21:16:53.000000Z"}