Living Off Trusted Sites (LOTS)

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection.

https://lots-project.com

#lots #redteam #blueteam #sites #upload

Docem

A utility to embed XXE and XSS payloads in docx, odt, pptx, etc - any documents that is a zip archive with bunch of xml files inside.

https://github.com/whitel1st/docem

#xxe #xss #doc #file #upload