{"uuid": "88bed83e-d9d0-4f4c-9207-6d99cfb9db5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2274", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2782", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nRescope\n\nA tool geared towards pentesters and bug-bounty researchers, that aims to make life easier when defining scopes for Burp Suite and #OWASP ZAP.\n\nFeatures:\n\u25ab\ufe0f Define public scope(s) directly from any supported BBaaS (Bug-Bounty-as-a-Service) platform.\n\u25ab\ufe0f Define private scopes by copy/pasting target definitions from pretty much anywhere.\n\u25ab\ufe0f Outputs results that are compatible with Burp Suite and Zaproxy for direct import.\n\u25ab\ufe0f Combine private and public scopes.\n\u25ab\ufe0f Easily separate excludes from includes.\n\u25ab\ufe0f Parse multiple scopes to the same result.\n\u25ab\ufe0f Supports IP-ranges &amp; CIDR.\n\nhttps://github.com/root4loot/rescope\n\n\u200b\u200bNebula\n\nNebula is a Cloud and (hopefully) DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or automation engines like Ansible, Terraform, Chef, etc.\n\nCurrently covers:\n\u25ab\ufe0f S3 Bucket name bruteforce\n\u25ab\ufe0f IAM, EC2, S3, STS and Lambda Enumeration\n\u25ab\ufe0f IAM, EC2, STS, and S3 exploitation\n\u25ab\ufe0f SSM Enumeration + Exploitation\n\u25ab\ufe0f Custom HTTP User-Agent\n\u25ab\ufe0f Enumerate Read Privileges (working on write privs)\n\u25ab\ufe0f Reverse Shell\n\u25ab\ufe0f No creds Reconnaisance\n\nThere are currently 67 modules covering:\n\u25ab\ufe0f Reconnaissance\n\u25ab\ufe0f Enumeration\n\u25ab\ufe0f Exploit\n\u25ab\ufe0f Cleanup\n\u25ab\ufe0f Reverse Shell\n\nhttps://github.com/gl4ssesbo1/Nebula\n\n\u200b\u200bKnownDllUnhook\n\nReplace the .txt section of the current loaded modules from \\KnownDlls\\ to bypass edrs\n\nhttps://github.com/ORCx41/KnownDllUnhook\n\n\u200b\u200bCVE-2022-2274\n\nOpenSSL 3.0.4 - bug in the RSA implementation\n\nhttps://github.com/Malwareman007/CVE-2022-2274\n\n\u200b\u200bFreeze\n\nA payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze utilizes multiple techniques to not only remove Userland EDR hooks, but to also execute shellcode in such a way that it circumvents other endpoint monitoring controls.\n\nhttps://github.com/optiv/Freeze\n\n\u200b\u200bKernelhub\n\nWindows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file \n\nhttps://github.com/Ascotbe/Kernelhub\n\n\u200b\u200bwafaray\n\nEnhance your malware detection with WAF + YARA (WAFARAY)\n\nWAFARAY is a LAB deployment based on Debian 11.3.0 (stable) x64 made and cooked between two main ingredients WAF + YARA to detect malicious files (e.g. webshells, virus, malware, binaries) typically trough web functions (upload files).\n\nhttps://github.com/alt3kx/wafaray\n\n\u200b\u200bRoastInTheMiddle\n\nRoast in the Middle is a rough proof of concept (not attack-ready) that implements a man-in-the-middle ARP spoof to intercept AS-REQ's to modify and replay to perform a Kerberoast attack.\n\nFor more information about this attack, read the blog post All Ur AS Are Belong To Us.\n\nhttps://github.com/0xe7/RoastInTheMiddle\n\n\u200b\u200bSinMapper\n\nusermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to prevent modern anti-cheats (BattlEye, EAC) from finding your driver and having the power to hook anything and create system threads / callbacks due to being inside of legit memory (signed legit driver).\n\nhttps://github.com/armvirus/SinMapper\n\n\u200b\u200bEVA ICS\n\nHome and Industrial/Enterprise IoT automation platform.\n\nEVA ICS allows the setup of a single IoT/IIoT management node and then easily scales it to its own private ultra-secure automation Cloud, where nodes and components discover each other automatically via the Internet or local communications.\n\nhttps://github.com/alttch/eva3\n\n\u200b\u200bPython-Honeypot\n\nAutomated Deception Framework.\n\n#OWASP Honeypot is an open-source software in Python language designed for creating honeypots and honeynets in an easy and secure way!\n\nhttps://github.com/OWASP/PyPython-Honeypo\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-03-30T08:38:18.000000Z"}