Skip to content
View sofianeelhor's full-sized avatar
71 followers · 143 following

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pull SharkAchievement: Public Sponsor

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pull SharkAchievement: Public Sponsor

Highlights

Block or report sofianeelhor

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. This tool leverages a flaw in the Az... This tool leverages a flaw in the Azure AD Seamless SSO service. Failed authentication attempts using the autologon endpoint aren't properly logged, allowing for (undetected?) username probing and password spray attacks. Ideal for red teaming
    1 
    //https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
    2 
    package main
    3 
    
              
    
              
    
                4
                
    import (
    
              
    
              
    
                5
                
    	"bufio"
    
              
    
          
    
    
    
  
    

    2. 

      
  2. 
  
    
    
    
      
    
        
    
            
          jazzpizazz/zsh-aliases  jazzpizazz/zsh-aliases          Public
        
    
      
    


      
    
        Aliases and scripts to make common tasks easier.
      
    

      
    
          
  
  Python


          
            
    

            173
          
          
            
    

            25
          
      
    
    
    
  
    

    3. 

      
  3. 
  
    
    
    
      
    
        
    
            
          CVE-2023-22621-POC  CVE-2023-22621-POC          Public
        
    
      
    


      
    
        CVE-2023-22621: SSTI to RCE by Exploiting Email Templates affecting Strapi Versions <=4.5.5
      
    

      
    
          
  
  Python


          
            
    

            24
          
          
            
    

            4
          
      
    
    
    
  
    

    4. 

      

  4. 
  
    
    
    
      
    
        
        Decrypts and parses .ASPXAUTH forms ...  Decrypts and parses .ASPXAUTH forms cookies, and forges new ones using machineKey from web.config. Supports "All" protection mode (AES-256-CBC encrypt + HMACSHA256 sign + binary serialization).      
    

          
    
              
    
                1
                
    #!/usr/bin/env python3
    
              
    
              
    
                2
                
    """
    
              
    
              
    
                3
                
    # Decrypt original cookie
    
              
    
              
    
                4
                
      python ticket_tool.py decrypt 0612BC595BE85DA14751A4494CDACC202C5D62E2F601C2B3096053B941D32B2141A53D7F4AE73004F48EB62FDD68CAEBE0E930D54935C1D23368347BE090DB64ACFFF63C108EE44B8B83D8C5045CF27F4DD48C3D7E54A05DBE1F8D914E7D283E54AAAE1323C92ACFEDBE21EF749A3119A02856A21309148EF3C33E6B2215C2DDC735A21E5B6BEFCC3846812BB7FCD3F8A424567F78A432D2299388F0979EC799
    
              
    
              
    
                5
                
    
              
    
          
    
    
    
  
    

    5.