Weekly Shaarli
Week 39 (September 25, 2023)
Original PoC for CVE-2023-32784. Contribute to vdohney/keepass-password-dumper development by creating an account on GitHub.

KnockKnock - Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output http://www.kitploit.com/2023/09/knockknock-enumerate-valid-users-within.html

Tools for exploring and testing OAuth and OpenID Connect flows. With this free tool you can learn and explore the inner workings of OpenID Connect and OAuth.

Visual studio code tunnel Introduction Since July 2023, Microsoft is offering the perfect reverse shell, embedded inside Visual Studio Code, a widely used …

The Network Execution Tool. Contribute to Pennyw0rth/NetExec development by creating an account on GitHub.

Download MarkDownload - Markdown Web Clipper for Firefox. This extension works like a web clipper, but it downloads articles in a markdown format. Turndown and Readability.js are used as core libraries. It is not guaranteed to work with all websites.
Helps you create requests faster, saving precious time on development.

Never ever ever use pixelation as a redaction technique - GitHub - BishopFox/unredacter: Never ever ever use pixelation as a redaction technique
Let’s Go (VS) Code - Red Team style or the Microsoft signed and hosted Reverse Shell TL;DR; MS is offering a signed binary (code.exe), which will establish a Command&Control channel via an official Microsoft domain https://vscode.dev. The C2 communication itself is going to https://global.rel.tunnels.api.visualstudio.com over WebSockets. An attacker only needs an Github account.