{"uuid": "fa9c7f54-8190-4a81-8ae7-c4bc21fbd5dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2002", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2887", "content": "Tools - Hackers Factory\n\n\u200b\u200bDisctopia\n\nA malware generator that generates backdoors which use online platforms as C2s. This includes, Discord, Telegram and Github. The disctopia backdoors are using libraries which allow the backdoor to act as a \"Bot\" for the above mentioned platorms. Essentially the attacker contacts the bot and the specifies a malicious command to execute on the target \"Agent\".\n\nhttps://github.com/3ct0s/disctopia-c2\n\n#infosec #pentesting #redteam\n\n\u200b\u200bNmap-API\n\nUses python3.10, Debian, python-Nmap, and flask framework to create a Nmap API that can do scans with a good speed online and is easy to deploy. This is a implementation for our college PCL project which is still under development and constantly updating.\n\nhttps://github.com/morpheuslord/Nmap-API\n\n#infosec #pentesting #redteam\n\n\u200b\u200bAV/EPP/EDR Windows API hook list\n\nDepending on the AV/EDR we will check which Windows APIs are hooked by the AV/EDR.\n\nhttps://github.com/VirtualAlllocEx/AV-EPP-EDR-Windows-API-Hooking-List\n\n#infosec #bypass #redteam\n\n\u200b\u200bGreatSCT\n\nThe project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.\n\nhttps://github.com/GreatSCT/GreatSCT\n\n#blueteam #cybersecurity #infosec\n\nPASTIS\n\nA fuzzing framework aiming at combining various software testing techniques within the same workflow to perform collaborative fuzzing also called ensemble fuzzing. At the moment it supports the following fuzzing engines:\n\n\u2022 Honggfuzz (greybox fuzzer)\n\u2022 AFL++ (greybox fuzzer)\n\u2022 TritonDSE (whitebox fuzzer)\n\nhttps://github.com/quarkslab/pastis\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCeWLeR\n\nCustom Word List generator Redefined. CeWL alternative in Python, based on the Scrapy framework.\n\nhttps://github.com/roys/cewler\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bDiscord DLL hijacking / Automation via Excel Macros.\n\nThis is a simple quick example of DLL hijacking enabling proxy execution for the Discord Binary. This can be beneficial for attackers requiring proxy execution to bypass EDR.\n\nhttps://github.com/MitchHS/Discord-DLL-Hijacking\n\n#infosec #pentesting #redteam\n\n\u200b\u200bDecryption #Lockbit\n\nStatic String Decryption For Lockbit 3.0 MacOS Variant\n\nhttps://gist.github.com/X-Junior/2c49f52b5361bf28c3eba8a825a72ebe\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-2002\n\nLinux Bluetooth: Unauthorized management command execution (CVE-2023-2002).\n\nhttps://github.com/lrh2000/CVE-2023-2002\n\n#cve #infosec #pentesting\n\n\u200b\u200bLAPSDecrypt.cs\n\nQuick PoC looking at how encryption works for LAPS (v2).\n\nhttps://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-04-19T00:31:43.000000Z"}