Title: Shellcode.Blog – Personal Computer Security Blog.
Description: Personal Computer Security Blog.
Open Graph Description: Personal Computer Security Blog.
Domain: shellcode.blog
| None | IE=edge |
| author | Shellcode.Blog |
Links:
| Shellcode.Blog | https://shellcode.blog/ |
| Home | https://shellcode.blog/ |
| Github | https://github.com/M507 |
| Posts | https://shellcode.blog/posts |
| About | https://shellcode.blog/about |
| @Mohadsec | https://twitter.com/mohadsec |
| CVE-2025-59287: WSUS SoapFormatter RCE Investigation & Honeypot Analysis | https://shellcode.blog/wsus-cve-2025-59287-investigation/ |
| AI SOC agent & MCP server for automated security investigation, alert triage, and incident response Blackhat MEA 2025 | https://github.com/M507/ai-soc-agent/blob/main/demo/BHMEA25_AI_Agents.pdf |
| RamiGPT: Autonomous Privilege Escalation AI agent | https://github.com/M507/RamiGPT |
| Deployment and testing platform for Velociraptor’s client artifacts | https://github.com/M507/VeloTheHelo |
| Velociraptor artifact for automated Thor YARA scanning | https://github.com/M507/Custom.DFIR.Yara.AllRules |
| CyRC Advisory: CVE-2024-5185 - AI Web Application Data Poisoning Vulnerability | https://www.synopsys.com/blogs/software-security/cyrc-advisory-data-poisoning-embedai.html |
| CyRC Advisories: CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483 - Remote Code Execution Vulnerabilities in Different Mouse and Keyboard Applications | https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/ |
| Nmap Detection Scripts for CVE-2022-45477, CVE-2022-45479, CVE-2022-45482, CVE-2022-45481 | https://github.com/M507/nmap-vulnerability-scan-scripts/ |
| Quick and Dirty Reconnaissance and Vulnerability Scanning Tool | https://github.com/M507/Quick-and-Dirty-Recon |
| Multiple RCEs in Different Mouse and Keyboard Applications | https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/ |
| Nginx 0.6.18 < 1.20.1 Memory Overwrite Vulnerability Proof of Concept CVE-2021-23017 | https://github.com/M507/CVE-2021-23017-PoC |
| Automating the build of a Vulnerable AD environment (IaC) | https://github.com/M507/Vulnerable-AD-Lab |
| CVE-2021-43459 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43459 |
| CVE-2021-43461 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43461 |
| CVE-2021-43462 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43462 |
| Presentation | https://shellcode.blog/drone/ |
| Hacking From the Sky - Building a Penetration Testing UAV prototype | https://shellcode.blog/drone/ |
| @Miner | https://github.com/M507/Miner |
| Automated Vulnerability Discovery in Windows Applications - 12 CVEs | https://shellcode.blog/Miner00/ |
| Applied Purple Teaming Series ( Attack, Detect, & Defend ) Part 3 | https://shellcode.blog/Applied-Purple-Teaming-Series-P3/ |
| Applied Purple Teaming Series ( Weaponize Windows ) Part 2 | https://shellcode.blog/Applied-Purple-Teaming-Series-P2/ |
| Applied Purple Teaming Series ( The Virtual Environment ) Part 1 | https://shellcode.blog/Applied-Purple-Teaming-Series-P1/ |
| Microsoft security researcher acknowledgment May 31, 2021 | https://msrc.microsoft.com/update-guide/en-us/acknowledgement/online |
| Git Scanner: Detect Sensitive Data in Organization Repositories | https://github.com/M507/Scan-git-organizations-for-leaks/ |
| Windows Memory-Injected Malware Detection Freeware Comparison | https://www.researchgate.net/publication/354323005_Windows_Memory-Injected_Malware_Detection_Freeware_Comparison |
| Resource Efficient Internal Network Honeypots | https://shellcode.blog/Resource-Efficient-Internal-Network-Honeypots/ |
| Studying Sysmon’s Ability to Detect Process Injections Using Different Configuration Schemas | https://shellcode.blog/Studying_Sysmon_Ability_to_Detect_Process_Injections/ |
| Ansible playbook designed to configure and deploy rsyslog, Wazuh, Kolide Fleet launcher, OSquery, and Winlogbeat for Windows and Linux (Blue-Team) | https://github.com/M507/SOS-Agents-Installation-On-Clients |
| “It's ours now” is a C# tool that collects unpacked/downloaded files using Windows event handlers (Malware-analysis) | https://github.com/M507/Its-ours-now |
| Playbook that randomly selects malware and deploys it to add a layer of difficulty when practicing IR & Threat Hunting (Blue-Team) | https://github.com/M507/RandMalware |
| Traccar GPS Tracking System service path vulnerability CVE-2021-21292 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21292 |
| Unquoted service path on Veyon Microsoft Windows LPE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15261 |
| Machine Learning Approach to Guess Passwords via Microphones Write-up & PoC | https://shellcode.blog/ML2/ |
| Developing Use Cases That Nefariously Utilize Twitter’s API For The Purpose of Building Covert Communications Talk & Paper | https://www.researchgate.net/publication/354323224_Hidden_in_Plain_Sight_Developing_Use_Cases_That_Nefariously_Utilize_Twitter's_API_For_The_Purpose_of_Building_Covert_Communications |
| Malicious patch for Pfsense router to perform Red Team activities Bfsense | https://github.com/M507/Bfsense |
| RosarioSIS 6.7.2 Reflected Cross-Site Scripting | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15718 |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15718 | |
| CVE-2020-15717 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15717 |
| CVE-2020-15716 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15716 |
| CVE-2020-15721 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15721 |
| RosarioSIS < 6.5.1 Reflected Cross-Site Scripting | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13278 |
| Scalable infrastructures for Red/Blue/Gray-Team themed competitions Stateless | https://github.com/SI-RBG |
| Google Chrome Extension Automates Testing Fundamental Web Problems | https://github.com/M507/AutomatedHunter |
| In-memory implant that uses C# techniques to bypasses Windows Firewall and Defender C2 | https://github.com/M507/Restless |
| Processes To Watch For Unwanted & Unexpected Blue Team Actions Windows Persistence | https://shellcode.blog/SharpWatchdogs/ |
| rConfig Network Device Configuration Management 3.9.5 RCE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15715 |
| rConfig Network Device Configuration Management 3.9.5 SQLi | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15714 |
| CVE-2020-15713 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15713 |
| rConfig Network Device Configuration Management 3.9.5 LFI | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15712 |
| Integrated Windows rootkit projects and persistence techniques Nemo | https://github.com/M507/Nemo |
| Post-exploitation C2 that targets browsers Write-up & tool | https://shellcode.blog/6-Eyed-Spider/ |
| Malicious process monitors and infects specific kinds of files | https://github.com/RITRedteam/WindowsPlague |
| Admidio version 3.3.13 Unauthenticated SQLi | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11004 |
| C2 project controls a self-propagating MS17-010 worm M-Botnet | https://github.com/M507/M-Botnet |
| CellTower is credentials, events, and any data logging tool QSearchSploit | https://github.com/M507/CellTower |
| Leantime management system < 2.0.15 BSQL Injection | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5292 |
| Customizing Searchsploit outputs from Kali Linux QSearchSploit | https://github.com/M507/QSearchSploit |
| Preparation material to prepare for AWAE course | https://github.com/M507/AWAE-Preparation |
| Hidden in Plain Sight: Developing Use Cases That Nefariously Utilize Twitter’s API For The Purpose of Building Covert Communications | https://www.researchgate.net/publication/354323224_Hidden_in_Plain_Sight_Developing_Use_Cases_That_Nefariously_Utilize_Twitter's_API_For_The_Purpose_of_Building_Covert_Communications |
| Information theft through covert channel by exploiting HTTP Post method | https://github.com/M507/Covert-Channel-by-Exploiting-HTTP-Post |
| PWNDashboard, Engagements and competitions dashboard | https://github.com/M507/PWNDashboard |
| Ansible playbook to customize Kali Linux Kai-TX | https://github.com/M507/Kali-TX |
| Clearview, Web Application Challenge | https://github.com/M507/Clearview |
| BlueDucky, Creates a list of USB-Rubber-Ducky instructions | https://github.com/M507/BlueDucky |
| DHCP Starvation & DHCP Spoofing attacks On Cisco Network Switches (Infrastructure Security) | https://shellcode.blog/DHCP_Infrastructure_Security_DHCP_Starvation_DHCP_Spoofing/ |
| Integrating C3 With Cobalt Strike via ExternalC2 And Studying Their Behavior | https://shellcode.blog/Integrating-C3-With-Cobalt-Strike/ |
| Windows Exploit Development: Egg Hunting | https://shellcode.blog/Windows-Exploitation-Egg-hunting/ |
| Windows Exploit Development: Unicode and Venetian shellcode techniques | https://shellcode.blog/Writing_Unicode_Payloads/ |
| Detecting Bugs Using Network Protocol Fuzzing | https://shellcode.blog/Detecting_Bugs_Using_Network_Protocol_Fuzzing_Boofuzz/ |
| Exploit Development: Utilizing imported functions | https://shellcode.blog/Utilizing_imported_functions_WinExec/ |
| Exploit Development: Manually Encode Bytes & Shellcode Carving | https://shellcode.blog/Shellcode-Encoding/ |
| TorMultiplier creates multiple Tor sockets PoC | https://github.com/M507/TorMultiplier |
| Simple CLI web Intruder that uses Netcat | https://github.com/M507/Web-Intruder |
| https://shellcode.blog/cdn-cgi/l/email-protection#2b4644434a4f181848586b4c464a424705484446 | |
| https://github.com/M507/ | |
| https://www.linkedin.com/in/mohad33/ | |
| https://www.twitter.com/mohadsec |
Viewport: width=device-width, initial-scale=1.0, maximum-scale=1.0