Ralf Hacker Channel

Уже не новость, что Notion уходит, вот альтернатива)

https://github.com/toeverything/AFFiNE

Кто пользуется, накидайте фидбек в комменты))

#notes #git #soft

GitHub

GitHub - toeverything/AFFiNE: There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base…

There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable an...

🔥18👍10

15.6K viewsRalf Hacker, 10:14

Ralf Hacker Channel

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE

blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

PoC: https://github.com/RickdeJager/cupshax

patch:

sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed

#exploit #git #pentest #redteam

evilsocket

Attacking UNIX Systems via CUPS, Part I

🔥30😁11👍7

19.9K viewsRalf Hacker, 10:56

Ralf Hacker Channel

Попалась на глаза python версия шарповой утилиты Seatbelt

https://github.com/0xthirteen/Carseat

#git #pentest #ad

GitHub

GitHub - 0xthirteen/Carseat: Python implementation of GhostPack's Seatbelt situational awareness tool

Python implementation of GhostPack's Seatbelt situational awareness tool - 0xthirteen/Carseat

🔥16👍10😱4

17.3K viewsRalf Hacker, 09:45

Ralf Hacker Channel

CVE-2024-38193: Windows LPE

PATCHED: August 13, 2024

~~https://github.com/Nephster/CVE-2024-38193~~

Upd.: https://github.com/killvxk/CVE-2024-38193-Nephster

P.S. Протестил на Win11, работает

#git #exploit #lpe #pentest #redteam

🔥41👍11😁6🙏1

19.1K viewsRalf Hacker, edited 22:20

Ralf Hacker Channel

GodPotato на Rust нужен кому-нибудь?))

https://github.com/safedv/RustPotato

Пусть будет...

#potato #pentest #redteam #git

GitHub

GitHub - safedv/RustPotato: A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP…

A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations. - safedv/RustPotato

😁23👍8🔥3🙏1

18.5K viewsRalf Hacker, 12:58

Ralf Hacker Channel

CVE-2024-49138: Windows LPE in CLFS.sys

PATCHED: Dec 10, 2024

https://github.com/MrAle98/CVE-2024-49138-POC

Tested on Windows 11 23h2

UPD. Ждем ресерч...

#git #exploit #lpe #pentest #redteam

🔥21👍9

15.5K viewsRalf Hacker, edited 08:45

Ralf Hacker Channel

CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE

PATCHED: Oct 8, 2024

Exploit: https://github.com/synacktiv/CVE-2024-43468

Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections

#git #exploit #ad #rce #sccm #pentest #redteam

GitHub

GitHub - synacktiv/CVE-2024-43468

Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.

🔥15👍7🤯3

22.6K viewsRalf Hacker, 22:15

Ralf Hacker Channel

Интересный проект

https://github.com/airbus-seclab/soxy

soxy is a modular tool to interact with several VDIs that operates over RDP, such as VMware Horizon, Citrix and native Windows RDP. It supports useful debug services (e.g. clipboard, console/shell, sharing, FTP server, SOCKS5 proxy).

#git #tools #pentest #redteam

GitHub

GitHub - airbus-seclab/soxy: A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual…

A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels. - airbus-seclab/soxy

🔥17👍3

16K viewsRalf Hacker, 21:30

Ralf Hacker Channel

CVE-2025-21420: Windows LPE (cleanmgr.exe DLL sideload)

PoC: https://github.com/Network-Sec/CVE-2025-21420-PoC

P.S. LPE такая себе конечно, но sideload отметим)

#lpe #git #exploit #pentest #redteam

🔥26👍6😁5

16.9K viewsRalf Hacker, 12:28

Ralf Hacker Channel

CVE-2025-49113: Roundcube (1.6.10) Auth RCE

blog: https://fearsoff.org/research/roundcube

PoC: https://github.com/fearsoff-org/CVE-2025-49113

#exploit #git #pentest #redteam

fearsoff.org

Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]

A deep technical breakdown of CVE-2025-49113, a critical Roundcube vulnerability involving PHP session serialization. Learn how the bug was discovered, exploited, and responsibly disclosed with full PoC and recommendations for defenders and developers. Kirill…

🔥16👍7🤯3🥰1😁1

14.7K viewsRalf Hacker, 18:21

Ralf Hacker Channel

CVE-2025-32756: Fortinet UnAuth RCE

PoC: https://github.com/kn0x0x/CVE-2025-32756-POC

Affected Products: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera

#exploit #git #pentest #redteam

1👍23🔥5🤔5😁2🥰1

16.1K viewsRalf Hacker, 07:18

Ralf Hacker Channel

Недавно у моего любимого инструмента bloodyAD появился новый модуль msldap. https://github.com/CravateRouge/bloodyAD/wiki/User-Guide#msldap-commands Кто юзает, обновляйтесь. А если не слышали о bloodyAD, советую попробовать) #ad #pentest #redteam

А это очень круто... это как bloodyAD, только в BOF'ах 😳

https://github.com/P0142/LDAP-Bof-Collection

#redteam #pentest #soft #git #ad

🔥30👍11🤔5

13.2K viewsRalf Hacker, 20:59

Ralf Hacker Channel

И автор статьи выше, опубликовал свой инструмент... В описании все сказано))

Pipetap helps you observe, intercept, and replay traffic over Windows Named Pipes.

https://github.com/sensepost/pipetap

#soft #git

1🔥32👍16😱3🤔2

16.5K viewsRalf Hacker, 18:38

Ralf Hacker Channel

Решил выходить с творчекого перерыва, и заметки снова сюда писать))

Утилита для SCCM CRED1 (PXE boot media)

https://github.com/leftp/SharpPXE

Питонов много есть, шарп пусть будет тоже, а там и BOF появится😁

#sccm #soft #git

GitHub

GitHub - leftp/SharpPXE: A C# tool for extracting information from SCCM PXE boot media.

A C# tool for extracting information from SCCM PXE boot media. - GitHub - leftp/SharpPXE: A C# tool for extracting information from SCCM PXE boot media.

👍26🔥11🤔4🎉3😁2

8.97K viewsRalf Hacker, 14:31

Ralf Hacker Channel

https://github.com/zh54321/SharePointDumper

Enumerates all SharePoint sites/drives a user can access via Microsoft Graph, recursively downloads files, and logs every Graph + SharePoint HTTP request for SIEM correlation, detection engineering, and IR testing.

#soft #ad #git

👍19🔥15😱4🥰3🤔2

11.7K viewsRalf Hacker, 20:09

Ralf Hacker Channel

Новый сканер для обнаружения уязвимостей к NTLM релеям

https://github.com/depthsecurity/RelayKing-Depth/

* Сканирует по SMB, LDAP/S, MSSQL, HTTP/S, RPC, WinRM
* Находит WebDAV WebClient, CVE-2025-33073 (NTLM reflection), NTLMv1 + всякие PrinterBug, PetitPotam и т.п.
* Поддерживает аудит всего домена
* Составляет список таргетов для ntlmrelayx и других софтин.
* Сохраняет отчет в plaintext/JSON/CSV/Markdown

Есть статья в блоге: https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/

#soft #git #ad #pentest #relay

👍33🔥17🤔5😱2🥰1🤯1

14.8K viewsRalf Hacker, 13:14

Ralf Hacker Channel

Кто-то реализовал линуховый beacon для Cobalt Strike

https://github.com/EricEsquivel/CobaltStrike-Linux-Beacon

#soft #c2 #git

GitHub

GitHub - EricEsquivel/CobaltStrike-Linux-Beacon: Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons

Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons - EricEsquivel/CobaltStrike-Linux-Beacon

👍21🔥8😱5🤔1

4.87K viewsRalf Hacker, 19:13

About

Blog

Apps

Platform