Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
☆533Jul 30, 2021Updated 4 years ago
Alternatives and similar repositories for gcp-dhcp-takeover-code-exec
Users that are interested in gcp-dhcp-takeover-code-exec are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- CVE-2020-15368, aka "How to exploit a vulnerable driver"☆511Apr 14, 2022Updated 4 years ago
- This repo gives an overview of some GCP metadata API attack and defend patterns☆78Mar 23, 2020Updated 6 years ago
- MIDI tunneling through BGP, for times when you want to broadcast your music instead of your IP packets.☆15May 2, 2026Updated last week
- Reverse proxies cheatsheet☆1,875Nov 4, 2023Updated 2 years ago
- Automated GKE Kubelet Impersonation and Cluster Secret Stealer via kube-env☆102Sep 10, 2019Updated 6 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- This is a PoC exploit for CVE-2020-8559 Kubernetes Vulnerability☆54Jul 23, 2020Updated 5 years ago
- ☆2,514Jan 2, 2023Updated 3 years ago
- Collections of Orange Tsai's public presentation slides.☆752Jan 1, 2025Updated last year
- Kubernetes POC for utilizing write mount to /var/log for getting a root on the host☆100Nov 18, 2020Updated 5 years ago
- Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.☆829Jun 12, 2021Updated 4 years ago
- A container analysis and exploitation tool for pentesters and engineers.☆679Sep 27, 2023Updated 2 years ago
- ☆171May 20, 2021Updated 4 years ago
- NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewa…☆1,977Jan 14, 2023Updated 3 years ago
- Client-Side Prototype Pollution Tools☆88Sep 21, 2021Updated 4 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A DNS rebinding attack framework.☆1,287Apr 26, 2026Updated last week
- Catalog Red Team techniques that cause popups in various macOS versions☆15Nov 18, 2024Updated last year
- Prototype Pollution and useful Script Gadgets☆1,617Jan 27, 2024Updated 2 years ago
- Electron Research☆73Feb 9, 2022Updated 4 years ago
- CVE-2021-1675 Detection Info☆215May 20, 2023Updated 2 years ago
- ☆1,202Sep 2, 2022Updated 3 years ago
- This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-…☆4,452Apr 22, 2026Updated 2 weeks ago
- [DEPRECATED] A theoretically-infinitely-scalable Skyblock plugin.☆17May 10, 2021Updated 5 years ago
- Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock☆7,134Mar 12, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆697Jul 4, 2022Updated 3 years ago
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requests☆392Aug 15, 2024Updated last year
- ☆451Oct 3, 2024Updated last year
- Simple patcher tool to turn off TLS handshake validation in golang binaries☆12Apr 23, 2022Updated 4 years ago
- Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys☆660Feb 1, 2025Updated last year
- C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527☆1,980Jul 20, 2021Updated 4 years ago
- Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.☆625Jun 13, 2020Updated 5 years ago
- Exploit for CVE-2020-3952 in vCenter 6.7☆277Apr 16, 2020Updated 6 years ago
- WinDbg script to spoof origin and url of a renderer process in Chrome☆25Dec 2, 2020Updated 5 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆651Nov 21, 2019Updated 6 years ago
- This repo has been replaced by https://www.cloudvulndb.org☆727Jun 29, 2022Updated 3 years ago
- These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok☆174Feb 6, 2025Updated last year
- Minecraft Classic server written in Elixir.☆13Apr 4, 2021Updated 5 years ago
- Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.☆44Updated this week
- RCE 0-day for GhostScript 9.50 - Payload generator☆543Sep 8, 2021Updated 4 years ago
- Proof of concept code for Datadog Security Labs referenced exploits.☆448Updated this week