Lateral Movement: Abuse the Power of DCOM Excel Application https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922

Finding Deserialization Bugs in the Solarwind Platform https://www.zerodayinitiative.com/blog/2023/9/21/finding-deserialization-bugs-in-the-solarwind-platform

Multiple Command and Control (C2) Frameworks During Red Team Engagements https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-command-and-control-c2-frameworks-during-red-team-engagements/

Introduction to TPM (Trusted Platform Module) https://sergioprado.blog/introduction-to-tpm-trusted-platform-module/

WTSRM - Writing Tiny Small Reliable Malware https://github.com/rad9800/WTSRM

Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation) https://github.com/malcomvetter/Periscope

Padre - Blazing Fast, Advanced Padding Oracle Exploit https://www.kitploit.com/2023/11/padre-blazing-fast-advanced-padding.html

Bypassing UAC with SSPI Datagram Contexts https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html?m=1

BOF to add or remove Windows Defender exclusions https://github.com/EspressoCake/Defender-Exclusions-Creator-BOF

Setup a Hardware Hacking Lab https://voidstarsec.com/hw-hacking-lab/vss-lab-guide

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool https://github.com/FalconForceTeam/FalconHound

NimExec - Fileless Command Execution For Lateral Movement In Nim https://www.kitploit.com/2023/12/nimexec-fileless-command-execution-for.html

CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

Retool blames breach on Google Authenticator MFA cloud sync feature https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/

ShellTorch: Multiple Critical Vulnerabilities in PyTorch Model Server (TorchServe) (CVSS 9.9, CVSS 9.8) Threatens Countless AI Users - Immediate Action Required https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654

CVE-2023-50428: Bitcoin Core Client Vulnerability (controversial) https://securityonline.info/cve-2023-50428-bitcoin-core-client-vulnerability/?expand_article=1

Netsupport Intrusion Results in Domain Compromise https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/

threat9/routersploit: Exploitation Framework for Embedded Devices https://github.com/threat9/routersploit

threat9/routersploit: Exploitation Framework for Embedded Devices https://github.com/threat9/routersploit

Survive Access Key Deletion with sts:GetFederationToken https://hackingthe.cloud/aws/post_exploitation/survive_access_key_deletion_with_sts_getfederationtoken/