{"uuid": "cf8e9a00-2dec-494a-82a2-268335d90892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25690", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3191", "content": "Hackers Factory \n\nRedEye is a visual analytic tool supporting Red &amp; Blue Team operations\n\nhttps://github.com/cisagov/RedEye\n\nA suite of tools to disrupt campaigns using the Sliver C2 framework.\n\nhttps://github.com/ACE-Responder/RogueSliver\n\nUAC Bypass By Abusing Kerberos Tickets\n\nhttps://github.com/wh0amitz/KRBUACBypass\n\nEscalate Service Account To LocalSystem via Kerberos\n\nhttps://github.com/wh0amitz/S4UTomato\n\nRDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact\n\nhttps://github.com/GoSecure/pyrdp\n\n\"waf-bypass-maker/waf-community-bypasses\"\n\nhttps://github.com/waf-bypass-maker/waf-community-bypasses\n\nAmsi Bypass payload that works on Windwos 11\n\nhttps://github.com/ziyishen97/Amsi_Bypass_In_2023\n\nA curated list of various bug bounty tools\n\nhttps://github.com/vavkamil/awesome-bugbounty-tools\n\nSearch this list of OSINT Practitioners and learn about OSINT, it includes numerous, blogs and tutorials.\n\nhttps://github.com/cqcore/OSINT-Practitioners\n\nMaldev Academy DLL Loader vs Crowdstrike\n\nThe DLL loader is for Maldev members. But we're also publishing an EXE version of the loader on our GitHub for anyone to use.\n\ngithub.com/Maldev-Academy\n\nContainers don't inherit timezones from host machines\n\nThe default timezone for most images is UTC, but it isn't guaranteed\n\nk8tz is a kubernetes admission controller and a CLI tool to inject timezones into Pods\n\ngithub.com/k8tz/k8tz\n\nAwesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.\n\nhttps://github.com/iknowjason/Awesome-CloudSec-Labs\n\nSend phishing messages and attachments to Microsoft Teams users\n\nhttps://github.com/Octoberfest7/TeamsPhisher\n\nA collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics.\n\nhttps://github.com/kargisimos/offensive-bookmarks\n\nNext blog in Windows Internals - Deep dive inside creation of process with C++ and NTAPIs\n\nhttps://github.com/Faran-17/Windows-Internals/blob/main/Processes%20and%20Jobs/Processes/Creation%20Of%20Process.md\n\nCVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.\n\nhttps://github.com/dhmosfunk/CVE-2023-25690-POC\n\n#infosec #cybersecurity #hackersfactory\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-14T05:11:44.000000Z"}