Weekly Shaarli

All links of one week in a single page.

Week 39 (September 25, 2023)

GitHub - vdohney/keepass-password-dumper: Original PoC for CVE-2023-32784

Original PoC for CVE-2023-32784. Contribute to vdohney/keepass-password-dumper development by creating an account on GitHub.

KnockKnock - Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output
thumbnail

KnockKnock - Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output http://www.kitploit.com/2023/09/knockknock-enumerate-valid-users-within.html

OAuth Tools
thumbnail

Tools for exploring and testing OAuth and OpenID Connect flows. With this free tool you can learn and explore the inner workings of OpenID Connect and OAuth.

Blocking Visual Studio Code embedded reverse shell before it's too late
thumbnail

Visual studio code tunnel Introduction Since July 2023, Microsoft is offering the perfect reverse shell, embedded inside Visual Studio Code, a widely used …

Bruno Vs Postman
tldraw
thumbnail

A free and instant collaborative diagramming tool.

GitHub - Pennyw0rth/NetExec: The Network Execution Tool
thumbnail

The Network Execution Tool. Contribute to Pennyw0rth/NetExec development by creating an account on GitHub.

MarkDownload - Markdown Web Clipper – Get this Extension for 🦊 Firefox (en-GB)
thumbnail

Download MarkDownload - Markdown Web Clipper for Firefox. This extension works like a web clipper, but it downloads articles in a markdown format. Turndown and Readability.js are used as core libraries. It is not guaranteed to work with all websites.

Hoppscotch • Open source API development ecosystem

Helps you create requests faster, saving precious time on development.

GitHub - BishopFox/unredacter: Never ever ever use pixelation as a redaction technique
thumbnail

Never ever ever use pixelation as a redaction technique - GitHub - BishopFox/unredacter: Never ever ever use pixelation as a redaction technique

Introduction - NetExec
thumbnail

Learn to use NetExec

Let’s Go (VS) Code - Red Team style

Let’s Go (VS) Code - Red Team style or the Microsoft signed and hosted Reverse Shell TL;DR; MS is offering a signed binary (code.exe), which will establish a Command&Control channel via an official Microsoft domain https://vscode.dev. The C2 communication itself is going to https://global.rel.tunnels.api.visualstudio.com over WebSockets. An attacker only needs an Github account.