{"vulnerability": "CVE-2024-3839", "sightings": [{"uuid": "a42e4595-aba1-4686-9955-7ea591e33333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38396", "type": "seen", "source": "MISP/bb3804ec-d19b-4521-9b88-42b6d05c969f", "content": "", "creation_timestamp": "2024-06-26T16:06:39.000000Z"}, {"uuid": "90867fd8-784f-4262-9192-5aa451281fb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38395", "type": "seen", "source": "MISP/5b5d7be3-1582-40fe-9006-139de65f9b7d", "content": "", "creation_timestamp": "2024-06-26T16:06:39.000000Z"}, {"uuid": "38709d56-76a5-45c1-bbd6-845ea3a512be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38392", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114274816639635641", "content": "", "creation_timestamp": "2025-04-03T15:48:43.009294Z"}, {"uuid": "3c67404b-1917-464d-8fcd-2fba0defba5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38392", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114274816639635641", "content": "", "creation_timestamp": "2025-04-03T15:48:43.027469Z"}, {"uuid": "e8748580-d6f2-4a1f-9d9b-1356e723f84c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38399", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lztuw3n7b227", "content": "", "creation_timestamp": "2025-09-27T21:02:31.114374Z"}, {"uuid": "37069027-1b1a-4b49-acbd-2d86e6092d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38396", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7677", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\nURL\uff1ahttps://github.com/vin01/poc-cve-2024-38396\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-16T18:51:02.000000Z"}, {"uuid": "718671b4-4713-49e9-998a-842a0b74a34a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7677", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\nURL\uff1ahttps://github.com/vin01/poc-cve-2024-38396\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-16T18:51:02.000000Z"}, {"uuid": "e2837165-4803-4dd9-8cbc-f70cfa146fb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38399", "type": "published-proof-of-concept", "source": "https://t.me/orderofsixangles/2727", "content": "An in-depth exploration of the Qualcomm KGSL Faults Subsystem, including patch analysis and vulnerability insights for CVE-2024-38399.\n\nhttps://streypaws.github.io/posts/Fast-and-Faulty-A-Use-After-Free-in-KGSL-Fault-Handling/", "creation_timestamp": "2025-09-26T04:48:20.000000Z"}, {"uuid": "092a777b-4710-48fb-a31e-da5e5fdf8f47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38392", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10202", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38392\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code.\n\ud83d\udccf Published: 2025-04-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T13:20:55.565Z\n\ud83d\udd17 References:\n1. https://docs.pexip.com/admin/security_bulletins.htm", "creation_timestamp": "2025-04-03T13:34:47.000000Z"}, {"uuid": "25aa69ba-2f56-4839-b343-9e6c7abb46b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38399", "type": "seen", "source": "https://t.me/cvedetector/7219", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38399 - Apache HTTPD Out-of-Bounds Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38399 \nPublished : Oct. 7, 2024, 1:15 p.m. | 32\u00a0minutes ago \nDescription : Memory corruption while processing user packets to generate page faults. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-07T15:57:46.000000Z"}, {"uuid": "49a02de4-dc50-40a0-9e59-253a5317412c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38397", "type": "seen", "source": "https://t.me/cvedetector/7218", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38397 - AVM FritzBox DNS Amplification Attack\", \n  \"Content\": \"CVE ID : CVE-2024-38397 \nPublished : Oct. 7, 2024, 1:15 p.m. | 32\u00a0minutes ago \nDescription : Transient DOS while parsing probe response and assoc response frame. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-07T15:57:45.000000Z"}, {"uuid": "e6fb7d5c-dada-4f27-b3ed-965e98394fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38396", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10697", "content": "#Red_Team_Tactics\n1. ScriptBlock Smuggling:\nSpoofing PowerShell Security Logs and Bypassing AMSI Without Reflection/Patching\nhttps://bc-security.org/scriptblock-smuggling\n2. Abusing title reporting and tmux integration in iTerm2 for code execution (PoC for CVE-2024-38396)\nhttps://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html", "creation_timestamp": "2024-06-18T11:31:25.000000Z"}, {"uuid": "5d1f98b1-bbff-4fa3-a834-75976a528f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38395", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3363", "content": "Tools - Hackers Factory \n\nOfficial Kali Linux tool to check all urls of a domain for SQL injections.\n\nhttps://github.com/malvads/sqlmc\n\nAn ADCS honeypot to catch attackers in your internal network.\n\nhttps://github.com/srlabs/Certiception\n\nActive Directory Cheat Sheet\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\nA decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported.\n\nhttps://github.com/mahaloz/DAILA\n\nA SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses.\n\nhttps://github.com/blacklanternsecurity/TREVORproxy\n\nCloud-Based Identity to Exfiltration Attack\n\nhttps://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder%2FDay16-CloudId-Exfiltration-AttackReport-Part1.md\n\nPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\n\nhttps://github.com/vin01/poc-cve-2024-38396\n\nReflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege.\n https://github.com/sokaRepo/CoercedPotatoRDLL\n\nEyes is an OSINT tool to get existing accounts from an email\n\nhttps://github.com/C3n7ral051nt4g3ncy/Eyes\n\nTunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available \n\ngithub.com/erebe/wstunnel\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-06-29T18:04:14.000000Z"}, {"uuid": "46f5c933-1046-469f-a4c6-a4a904a257ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38396", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3363", "content": "Tools - Hackers Factory \n\nOfficial Kali Linux tool to check all urls of a domain for SQL injections.\n\nhttps://github.com/malvads/sqlmc\n\nAn ADCS honeypot to catch attackers in your internal network.\n\nhttps://github.com/srlabs/Certiception\n\nActive Directory Cheat Sheet\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\nA decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported.\n\nhttps://github.com/mahaloz/DAILA\n\nA SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses.\n\nhttps://github.com/blacklanternsecurity/TREVORproxy\n\nCloud-Based Identity to Exfiltration Attack\n\nhttps://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder%2FDay16-CloudId-Exfiltration-AttackReport-Part1.md\n\nPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\n\nhttps://github.com/vin01/poc-cve-2024-38396\n\nReflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege.\n https://github.com/sokaRepo/CoercedPotatoRDLL\n\nEyes is an OSINT tool to get existing accounts from an email\n\nhttps://github.com/C3n7ral051nt4g3ncy/Eyes\n\nTunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available \n\ngithub.com/erebe/wstunnel\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-06-29T18:04:14.000000Z"}, {"uuid": "9aaf436c-8578-4847-ac36-8b4c652e6073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38395", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6836", "content": "Tools - Hackers Factory \n\nOfficial Kali Linux tool to check all urls of a domain for SQL injections.\n\nhttps://github.com/malvads/sqlmc\n\nAn ADCS honeypot to catch attackers in your internal network.\n\nhttps://github.com/srlabs/Certiception\n\nActive Directory Cheat Sheet\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\nA decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported.\n\nhttps://github.com/mahaloz/DAILA\n\nA SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses.\n\nhttps://github.com/blacklanternsecurity/TREVORproxy\n\nCloud-Based Identity to Exfiltration Attack\n\nhttps://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder%2FDay16-CloudId-Exfiltration-AttackReport-Part1.md\n\nPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\n\nhttps://github.com/vin01/poc-cve-2024-38396\n\nReflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege.\n https://github.com/sokaRepo/CoercedPotatoRDLL\n\nEyes is an OSINT tool to get existing accounts from an email\n\nhttps://github.com/C3n7ral051nt4g3ncy/Eyes\n\nTunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available \n\ngithub.com/erebe/wstunnel\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-06-30T13:56:15.000000Z"}, {"uuid": "a24ca755-59f7-4e73-bc7d-e2b43a9be7b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38396", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6836", "content": "Tools - Hackers Factory \n\nOfficial Kali Linux tool to check all urls of a domain for SQL injections.\n\nhttps://github.com/malvads/sqlmc\n\nAn ADCS honeypot to catch attackers in your internal network.\n\nhttps://github.com/srlabs/Certiception\n\nActive Directory Cheat Sheet\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\nA decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported.\n\nhttps://github.com/mahaloz/DAILA\n\nA SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses.\n\nhttps://github.com/blacklanternsecurity/TREVORproxy\n\nCloud-Based Identity to Exfiltration Attack\n\nhttps://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder%2FDay16-CloudId-Exfiltration-AttackReport-Part1.md\n\nPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\n\nhttps://github.com/vin01/poc-cve-2024-38396\n\nReflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege.\n https://github.com/sokaRepo/CoercedPotatoRDLL\n\nEyes is an OSINT tool to get existing accounts from an email\n\nhttps://github.com/C3n7ral051nt4g3ncy/Eyes\n\nTunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available \n\ngithub.com/erebe/wstunnel\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-06-30T13:56:15.000000Z"}, {"uuid": "b916671c-861f-44db-9bf1-1e6094a04f47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38395", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8087", "content": "Tools - Hackers Factory \n\nOfficial Kali Linux tool to check all urls of a domain for SQL injections.\n\nhttps://github.com/malvads/sqlmc\n\nAn ADCS honeypot to catch attackers in your internal network.\n\nhttps://github.com/srlabs/Certiception\n\nActive Directory Cheat Sheet\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\nA decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported.\n\nhttps://github.com/mahaloz/DAILA\n\nA SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses.\n\nhttps://github.com/blacklanternsecurity/TREVORproxy\n\nCloud-Based Identity to Exfiltration Attack\n\nhttps://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder%2FDay16-CloudId-Exfiltration-AttackReport-Part1.md\n\nPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\n\nhttps://github.com/vin01/poc-cve-2024-38396\n\nReflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege.\n https://github.com/sokaRepo/CoercedPotatoRDLL\n\nEyes is an OSINT tool to get existing accounts from an email\n\nhttps://github.com/C3n7ral051nt4g3ncy/Eyes\n\nTunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available \n\ngithub.com/erebe/wstunnel\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-06-30T13:56:15.000000Z"}, {"uuid": "2c63980b-27d1-4946-a391-11c2cce059c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38396", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8087", "content": "Tools - Hackers Factory \n\nOfficial Kali Linux tool to check all urls of a domain for SQL injections.\n\nhttps://github.com/malvads/sqlmc\n\nAn ADCS honeypot to catch attackers in your internal network.\n\nhttps://github.com/srlabs/Certiception\n\nActive Directory Cheat Sheet\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\nA decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported.\n\nhttps://github.com/mahaloz/DAILA\n\nA SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses.\n\nhttps://github.com/blacklanternsecurity/TREVORproxy\n\nCloud-Based Identity to Exfiltration Attack\n\nhttps://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder%2FDay16-CloudId-Exfiltration-AttackReport-Part1.md\n\nPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\n\nhttps://github.com/vin01/poc-cve-2024-38396\n\nReflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege.\n https://github.com/sokaRepo/CoercedPotatoRDLL\n\nEyes is an OSINT tool to get existing accounts from an email\n\nhttps://github.com/C3n7ral051nt4g3ncy/Eyes\n\nTunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available \n\ngithub.com/erebe/wstunnel\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-06-30T13:56:15.000000Z"}, {"uuid": "30cf7965-75da-4312-a7d5-6571e9db85da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38396", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25179", "content": "Tools - Hackers Factory \n\nOfficial Kali Linux tool to check all urls of a domain for SQL injections.\n\nhttps://github.com/malvads/sqlmc\n\nAn ADCS honeypot to catch attackers in your internal network.\n\nhttps://github.com/srlabs/Certiception\n\nActive Directory Cheat Sheet\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\nA decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported.\n\nhttps://github.com/mahaloz/DAILA\n\nA SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses.\n\nhttps://github.com/blacklanternsecurity/TREVORproxy\n\nCloud-Based Identity to Exfiltration Attack\n\nhttps://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder%2FDay16-CloudId-Exfiltration-AttackReport-Part1.md\n\nPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\n\nhttps://github.com/vin01/poc-cve-2024-38396\n\nReflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege.\n https://github.com/sokaRepo/CoercedPotatoRDLL\n\nEyes is an OSINT tool to get existing accounts from an email\n\nhttps://github.com/C3n7ral051nt4g3ncy/Eyes\n\nTunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available \n\ngithub.com/erebe/wstunnel\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-06-29T14:34:01.000000Z"}, {"uuid": "ee85fc1d-05e5-43d4-879d-ff532627be22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38395", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25179", "content": "Tools - Hackers Factory \n\nOfficial Kali Linux tool to check all urls of a domain for SQL injections.\n\nhttps://github.com/malvads/sqlmc\n\nAn ADCS honeypot to catch attackers in your internal network.\n\nhttps://github.com/srlabs/Certiception\n\nActive Directory Cheat Sheet\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\nA decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported.\n\nhttps://github.com/mahaloz/DAILA\n\nA SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses.\n\nhttps://github.com/blacklanternsecurity/TREVORproxy\n\nCloud-Based Identity to Exfiltration Attack\n\nhttps://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder%2FDay16-CloudId-Exfiltration-AttackReport-Part1.md\n\nPoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution\n\nhttps://github.com/vin01/poc-cve-2024-38396\n\nReflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege.\n https://github.com/sokaRepo/CoercedPotatoRDLL\n\nEyes is an OSINT tool to get existing accounts from an email\n\nhttps://github.com/C3n7ral051nt4g3ncy/Eyes\n\nTunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available \n\ngithub.com/erebe/wstunnel\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-06-29T14:34:01.000000Z"}]}