{"uuid": "e8fdd4b1-0e71-4a60-b96e-cb7625ceaaa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28311", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2888", "content": "Tools - Hackers Factory\n\n\u200b\u200bAndroid Forensics References\n\nhttps://github.com/RealityNet/Android-Forensics-References\n\n#forensics #infosec\n\nAwesome-FOFA\n\nThe FOFA Library collects usage tips, common scenarios, F&Q, and more for FOFA.\n\nhttps://github.com/FofaInfo/Awesome-FOFA\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bSafeguards Study\n\nThis repository contains the data and software for experimenting with Internet of Things safeguards. We released this with the public release of the paper \"Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards\".\n\nhttps://github.com/IoTrim/safeguards-study\n\nDetails:\nhttps://iotrim.github.io/safeguards.html\n\n#cybersecurity #infosec\n\n\u200b\u200bSSRF-Testing\n\nSSRF (Server Side Request Forgery) testing resources.\n\nhttps://github.com/cujanovic/SSRF-Testing\n\n#pentesting #redteam #bugbounty\n\nMemProcFS\n\nMemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.\n\nhttps://github.com/ufrisk/MemProcFS\n\n#cybersecurity #infosec\n\n\u200b\u200bAuthorization-Nuclei-Templates\n\nhttps://github.com/Lu3ky13/Authorization-Nuclei-Templates\n\n#pentesting #redteam #bugbounty\n\n\u200b\u200bgetallurls (gau)\n\nFetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.\n\nhttps://github.com/lc/gau\n\n#cybersecurity #infosec\n\nCVE-2023-28311 MS Word RCE Vulnerability\n\nThe attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim's computer. The attacker can trick the victim to open a malicious web page by using a Word malicious file and he can steal credentials, and bank accounts information, sniffing and tracking all the traffic of the victim without stopping - it depends on the scenario and etc.\n\nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28311\n\n#infosec #pentesting #redteam\n\n\u200b\u200bKnock\n\nKnockpy is a portable and modular python3 tool designed to quickly enumerate subdomains on a target domain through passive reconnaissance and dictionary scan.\n\nhttps://github.com/guelfoweb/knock\n\n#pentesting #redteam #bugbounty\n\n\u200b\u200bICS Security Tools, Tips, and Trade\n\nThis effort intends to pull together tools, tips, and tricks of the trade to working on cyber security in the ICS environment. The code repository will house any specific scripts, tools, configurations, or other useful tidbits to utilize in this space.\n\nhttps://github.com/ITI/ICS-Security-Tools\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-04-19T00:33:25.000000Z"}