🚨 NextSploit — scanner/exploiter for CVE-2025-29927 (Next.js middleware auth bypass). It detects Next.js apps, checks vulnerable versions & can attempt middleware bypass for testing. If you run Next.js middleware: patch to latest release & add upstream auth layers. 👉…
AdaptixC2 v0.8 is out! github.com/Adaptix-Framew… * AxScript: new events and functions * Added Targets Manager * Updated tunnels Full update details: adaptix-framework.gitbook.io/adaptix-framew…
🚀 dockur/windows — Run full Windows inside a Docker container! ⌛ Auto-downloads & boots Windows (7,10,11, Server…) via KVM+QEMU. 🌐 Access via web UI or RDP instantly. Supports Docker Compose & Kubernetes. Perfect for sandbox testing or isolated envs. 👉…
🛡 OpenCVE — Open-source Vulnerability Intelligence Platform • Aggregates CVEs from MITRE, NVD, RedHat & more • Filter by vendor, product, CVSS, EPSS, CWE; save views & dashboards • Subscribe to alerts via email or webhook • Available as SaaS or self-hosted deployment 🔗…
🚨 CVE-2025-49667 — Win32K ICOMP double-free LPE PoC released! Exploitable on Windows 10 (1909–22H2); Windows 11 already patched Double-free → kernel pointer overwrite → SYSTEM 🔗 github.com/Yuri08loveElai… #CVE202549667 #LPE #Windows10 #Infosec
🚀 HexStrike-AI v6.0 — Autonomous AI C2 for pentesting • 150+ security tools powered by AI agents (Claude, GPT, Copilot) • Smart orchestration: tool selection, CVE analysis, exploit generation • Real-time visual dashboards & workflow automation 🔗 github.com/0x4m4/hexstrik……
🛠 hoontr — A DLL hunting Swiss Army knife for red teamers! • stomphoont: find PE files with large .text sections • exporthoont: locate modules by export name substring • bytehoont: scan .text for specific byte sequences Rust, multi-threaded, stealthy DLL research tool 🔗…
🔥 Remote DLL Injection via Timer-based Shellcode Execution Use Windows thread pool timers to run shellcode stealthily in the target process—no remote threads, just hidden timer callbacks. A novel injection tactic that’s stealthier and EDR-resistant. 🔗 github.com/andreisss/Remo……
🔍 ReconFTW — Automate recon like a pro! • Subdomain enumeration, OSINT & vuln scanning (XSS, SSRF, SQLi, LFI…) • Port scanning, screenshots & directory fuzzing • Supports distributed Ax Framework, Docker, ARM, AI report generation 🔗 github.com/six2dez/reconf… #Recon #BugBounty…
🎯 BeaconatorC2 — Modular C2 framework for red teaming & adversarial emulation! • Schema-driven GUI dynamically adapts to each beacon’s capabilities • Supports HTTP/TCP/UDP/SMB & Meterpreter, with built-in base64/XOR/ROT handling 🔗 github.com/CroodSolutions… #RedTeam #C2
🚀 ChromeAlone — Turn Chrome into a C2 implant! Leverages legacy & modern Chrome features for: • raw TCP proxying • YubiKey phishing • cookie & credential dumping • keystroke logging • shell execution via WebAssembly Bypassed AVs 🔗 github.com/praetorian-inc… #RedTeam…
🚀 TheFatRat — An easy-to-use exploit tool integrating MSFvenom & Metasploit to generate cross-platform backdoors (Windows, Linux, macOS, Android). 📦 Supports .exe, .apk, .docm formats, AutoRun USB/CD, payload pumping, and auto-listener setup—many payloads evade AV. 🔗…
🛡️ EnumEDR‑s — Lightweight C tool to enumerate active EDRs on Windows 🔍 Scans processes & drivers to detect Microsoft Defender (AV/EPP), Elastic EDR, Sysmon, and more ⚙️ Easily extendable via EDRs.c Perfect for red team reconnaissance or blue team detection validation 🔗…
🚀 CobaltStrikeBeaconCppSource is an open-source C++ reimplementation of Cobalt Strike’s Beacon—built from scratch (not decompiled). Perfect for red teamers to study Beacon behavior, build custom loaders, or explore protocol logic. 🔗 github.com/kyxiaxiang/Cob… #CobaltStrike…
github.com
GitHub - kyxiaxiang/CobaltStrikeBeaconCppSource: Out-of-the-box CobaltStrike Beacon source code use...
Out-of-the-box CobaltStrike Beacon source code use C++ - kyxiaxiang/CobaltStrikeBeaconCppSource
🚨 CVE‑2025‑47227 — Critical unauthenticated admin password reset bypass in Netmake ScriptCase (≤ v9.12.006) 🔐 RESET admin creds via crafted GET+POST to login.php 🎯 Chainable with CVE‑2025‑47228 for full RCE 🔧 PoC repo: github.com/B1ack4sh/Black… #CVE202547227 #ScriptCase #RCE…
🚀 Meet TorGuard tgv2ray — a Sing‑Box-powered LuCI app for OpenWRT 🧩 Supports VLESS / VMess / Trojan / Shadowsocks via TorGuard subscription or custom config 🌐 Dual proxy (SOCKS5/HTTP) + VPN mode with TUN interface 📱 Full Web UI + UCI integration 🔗 github.com/torguardvpn/tg……
🚨 CVE‑2025‑30406 — Critical deserialization flaw in Gladinet CentreStack & Triofox 🔐 Hardcoded machineKey allows attackers to forge ViewState and trigger RCE 🌍 Actively exploited in the wild since Mar 2025; CVSS: ~9.8 ⚠️ Patch to CentreStack v16.4.10315.56368 or rotate…
This is why you don't share just everything on the web. The vid you see here must be one of the most effective AI awareness videos.
🚨 CVE‑2025‑8220 — SQL Injection in Engeman Web password recovery page (LanguageCombobox)! 🔐 Unauthenticated attacker can inject SQL remotely 📂 Affects Engeman Web ≤ 12.0.0.1; vendor non-responsive 🧪 PoC repo: github.com/m3m0o/engeman-… #SQLi #CVE20258220 #WebSecurity #PoC
☁️🔥 New from @carlospolop — cloudPeaSS is a powerful post-exploitation tool for cloud red teams. 🚀 Supports: •Azure & AWS privilege escalation enumeration •Role misconfig checks •Detection of over-permissive policies •Identity abuse scenarios 🔗 github.com/carlospolop/cl……
United States 趨勢
- 1. No Kings 605K posts
- 2. Semaj Morgan N/A
- 3. Dork Cult Protest Day 20.1K posts
- 4. Araujo 583K posts
- 5. Vandy 3,737 posts
- 6. #GoBlue 1,334 posts
- 7. College Gameday 2,105 posts
- 8. Jelly Roll 1,180 posts
- 9. Gil Manzano 21.3K posts
- 10. Haaland 44.5K posts
- 11. Andrew Marsh N/A
- 12. Girona 40.5K posts
- 13. Bournemouth 19.8K posts
- 14. Diego Pavia N/A
- 15. Mateta 10.2K posts
- 16. Saban 7,677 posts
- 17. Harlem Berry N/A
- 18. Ange 82.7K posts
- 19. Georgia Tech 2,880 posts
- 20. Massie 52.8K posts
Something went wrong.
Something went wrong.