130n@calvinlai.com
  • About Calvin Lai (fkclai)
  • My Work
  • Cyber Security
    • Cyber Security Centre (CSC)
      • Why we need a CSC
      • CSC Team Structure: Roles, Functions, and Tools
        • Key Function & Role
        • Tools & Platforms
        • People
        • Outsource Strategy
      • HRMC Executive Paper
  • Detection and Response
    • Playbook: Threat Prioritization & Automated Response Strategies
      • Scenario: Detecting and Mitigating a Ransomware Attack
      • Scenario: DC Sync Attack Detected and Mitigated
      • Scenario: Pass-the-Hash (PtH) Attack Detected and Contained
      • Scenario: Phishing Campaign with Malware / Credential Theft Detected and Mitigated
  • Application Architecture
    • Comparison of MVC , N-tier and Microservice Architecture
  • Application Security
    • OAuth, SAML, and OpenID Connect: Key Differences and Use Cases
    • Secure Coding Principles
    • HTTP Header Security Principles
    • Mitigating Broken Object Level Authorization (BOLA)
    • Spring Boot Validation
    • Output Encoding in JavaServer Faces (JSF)
    • Session Management Security Issues
    • Common API Security Problems
      • Broken Authentication
      • Excessive Data Exposure
      • Lack of Resources & Rate Limiting
      • Broken Function Level Authorization
      • Unsafe Consumption of APIs
    • JAVA Exception Handling
    • File Upload Validation
    • OAuth 2.0 Security
      • Insecure Storage of Access Tokens
    • Microservice Security
      • Sample Coding Demo
        • Service Implementation
        • Client Interaction
      • Security Solution for Microservices Architecture
    • Modifying and Protecting Java Class Files
      • Modify a Class File Inside a WAR File
      • Direct Bytecode Editing
        • Steps to Directly Edit a Java Class File
          • Update: Java Bytecode Editing Tools
      • Techniques to Protect Java Class Files
        • Runtime Decryption in WebLogic
    • JAVA Program
      • Secure, Concurrent Web Access Using Java and Tor
      • Creating a Maven Java project in Visual Studio Code
  • Exploit/CVE PoC
    • ZeroLogon Exploit
    • Remote Retrieved Chrome saved Encrypted Password
    • Twitter Control an RCE attack
  • Hacking Report (HTB)
    • Hits & Summary
      • Tools & Cheat Sheet
    • Windows Machine
      • Love 10.10.10.239
      • Blackfield 10.10.10.192
      • Remote 10.10.10.180
      • Sauna 10.10.10.175
      • Forest 10.10.10.161
      • Sniper
      • Json
      • Heist
      • Blue
      • Legacy
      • Resolute
      • Cascade
    • Linux Machine
      • Photobomb 10.10.11.182
      • Pandora 10.10.11.136
      • BountyHunter 10.10.11.100
      • CAP 10.10.10.245
      • Spectra 10.10.10.229
      • Ready 10.10.10.220
      • Doctor 10.10.10.209
      • Bucket 10.10.10.212
      • Blunder 10.10.10.191
      • Registry 10.10.10.159
      • Magic
      • Tabby
  • Penetration Testing
    • Web Application PenTest
    • Network/System PenTest
    • Mobile Penetration Test
      • Certificate Pinning
        • Certificate Pinning Bypass (Android)
          • Root a Android Device
          • Setup Proxy Tool - Burp Suite
      • Checklist
  • Threat Intelligence
    • Advanced Persistent Threat (APT) groups
      • North Korean APT Groups
      • Chinese APT Groups
      • Russian APT Groups
      • Other APT
  • Red Team (Windows)
    • 01 Reconnaissance
    • 02 Privileges Escalation
    • 03 Lateral Movement
    • 04 AD Attacks
      • DCSync
    • 05 Bypass-Evasion
    • 06 Kerberos Attack
    • 99 Basic Command
  • Exploitation Guide
    • 01 Reconnaissance
    • 02 Port Enumeration
    • 03 Web Enumeration
    • 04 Windows Enum & Exploit
      • Windows Credential Dumping
        • Credential Dumping: SAM
        • Credential Dumping: DCSync
      • Kerberos Attack
      • RDP
    • 05 File Enumeration
    • 06 Reverse Shell Cheat Sheet
      • Windows Reverse Shell
      • Linux Reverse Shell
    • 07 SQL Injection
    • 08 BruteForce
    • 09 XSS Bypass Checklist
    • 10 Spring Boot
    • 11 WPA
    • 12 Payload list
  • Vuln Hub (Writeup)
    • MrRobot
    • CYBERRY
    • MATRIX 1
    • Node-1
    • DPwwn-1
    • DC7
    • AiWeb-2
    • AiWeb-1
    • BrainPan
  • CTF (Writeup & Tips)
    • CTF Tools & Tips
    • Hacker One
    • CTF Learn
    • P.W.N. University - CTF 2018
    • HITCON
    • Pwnable
      • 01 Start
  • Useful Command/Tools
    • Kali
    • Windows
    • Linux
  • Offensive Security Lab & Exam
    • Lab
    • Tools for an Offensive Certification
      • Strategy for an Offensive Exam Certification
        • CVEs
        • Privilege Escalation
        • Commands
        • Impacket
  • ISO 27001
    • Disclaimer
    • What is ISO 27001
      • Implementation
    • Documentation
    • Common Mistake
    • Q&A
      • Can internal audit to replace the risk assessment
      • Is it sufficient for only the IT department head to support the ISO 27001 program
      • Does the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are the same?
    • ISO 27001 Controls and Domains
      • 1. Information Security Policies
      • 2. Organization of Information Security
      • 3. Human Resource Security
      • 4. Asset Management
      • 5. Access Control
      • 6. Cryptographic Controls
      • 7. Physical and Environmental Security
      • 8: Operational Security
      • 9. Communications Security
      • 10. System Acquisition, Development, and Maintenance
      • 11. Supplier Relationships
      • 12: Information Security Incident Management
      • 13. Information Security Aspects of Business Continuity Management
      • 14. Compliance
Powered by GitBook
On this page

Was this helpful?

  1. Offensive Security Lab & Exam
  2. Tools for an Offensive Certification
  3. Strategy for an Offensive Exam Certification

CVEs

Some common CVEs "May" be useful in the exam

CVE
Descritpion
URL

CVE-2014-6271

Shellshock PoC

CVE-2016-5195

Dirty COW

CVE-2017-0199

RTF Dynamite

CVE-2018-10933

libSSH Authentication Bypass

CVE-2018-16509

Ghostscript

CVE-2019-18634

sudo

CVE-2019-5736

Exploiting RunC

CVE-2019-6447

ES File Explorer Open Port Vulnerability

CVE-2019-7304

dirty_sock

CVE-2020-1472

ZeroLogon Testing Script

CVE-2020-1472

ZeroLogon Exploitation Script

CVE-2021-1675,CVE-2021-34527

PrintNightmare

CVE-2021-1675

PrintNightmare LPE (PowerShell)

CVE-2021-21972

vCenter RCE

CVE-2021-22204

GitLab Exiftool RCE

CVE-2021-22204

GitLab Exiftool RCE Python Implementation

CVE-2021-26085

Confluence Server RCE

CVE-2021-27928

MariaDB/MySQL-'wsrep provider'

CVE-2021-3129

Laravel Framework RCE

CVE-2021-3156

Sudo 1.8.31 Root Exploit

CVE-2021-3560

PwnKit C Implementation

CVE-2021-3560

polkit Privilege Escalation

CVE-2021-3560

polkit Privilege Esclation PoC

CVE-2021-36934

HiveNightmare

CVE-2021-4034

Pkexec Self-contained Exploit

CVE-2021-4034

PoC for PwnKit (1)

CVE-2021-4034

PoC for PwnKit (2)

CVE-2021-4034

PoC for PwnKit (3)

CVE-2021-40444

MSHTML builders

CVE-2021-40444

MSHTML Exploit

CVE-2021-40444

MSHTML PoC

CVE-2021-41379

InstallerFileTakeOver

CVE-2021-41773,CVE-2021-42013, CVE-2020-17519

SimplesApachePathTraversal

CVE-2021-42278,CVE-2021-42287

sam-the-admin

CVE-2021-42278

sam-the-admin Python Implementation

CVE-2021-42287,CVE-2021-42278

noPac (1)

CVE-2021-42287,CVE-2021-42278

noPac (2)

CVE-2021-42321

Microsoft Exchange Server RCE

CVE-2021-44228

Log4Shell

CVE-2021-44228

LogMePwn

CVE-2022-0847

DirtyPipe-Exploits

CVE-2022-21999

SpoolFool

CVE-2022-22963

Spring4Shell

CVE-2022-23119,CVE-2022-23120

Trend Micro Deep Security Agent for Linux Arbitrary File Read

CVE-2022-26134

ConfluentPwn

CVE-2022-30190

MS-MSDT Follina Attach Vector

CVE-2022-30190

MS-MSDT Follina Exploit PoC

CVE-2022-30190

MS-MSDT Follina Exploit Python Implementation

CVE-2022-34918

LPE Netfilter Kernel Exploit

n/a

SeBackupPrivilege

n/a

RoguePotato

n/a

RottenPotatoNG

n/a

GenericPotato

n/a

JuicyPotato

n/a

JuicyPotatoNG

n/a

MultiPotato

n/a

PrintSpoofer (1)

n/a

PrintSpoofer (2)

n/a

Shocker (1)

n/a

Shocker (2)

n/a

SystemNightmare

n/a

PetitPotam

n/a

DFSCoerce MS-DFSNM Exploit

n/a

Windows Exploits

n/a

Pre-compiled Windows Exploits

PreviousStrategy for an Offensive Exam CertificationNextPrivilege Escalation

Last updated 2 years ago

Was this helpful?

https://github.com/zalalov/CVE-2014-6271
https://github.com/firefart/dirtycow
https://github.com/bhdresh/CVE-2017-0199
https://github.com/blacknbunny/CVE-2018-10933
https://github.com/farisv/PIL-RCE-Ghostscript-CVE-2018-16509
https://github.com/saleemrashid/sudo-cve-2019-18634
https://github.com/Frichetten/CVE-2019-5736-PoC
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
https://github.com/initstring/dirty_sock
https://github.com/SecuraBV/CVE-2020-1472
https://github.com/risksense/zerologon
https://github.com/nemo-wq/PrintNightmare-CVE-2021-34527
https://github.com/calebstewart/CVE-2021-1675
https://github.com/horizon3ai/CVE-2021-21972
https://github.com/CsEnox/Gitlab-Exiftool-RCE
https://github.com/convisolabs/CVE-2021-22204-exiftool
https://github.com/Phuong39/CVE-2021-26085
https://github.com/Al1ex/CVE-2021-27928
https://github.com/nth347/CVE-2021-3129_exploit
https://github.com/mohinparamasivam/Sudo-1.8.31-Root-Exploit
https://github.com/hakivvi/CVE-2021-3560
https://github.com/Almorabea/Polkit-exploit
https://github.com/secnigma/CVE-2021-3560-Polkit-Privilege-Esclation
https://github.com/GossiTheDog/HiveNightmare
https://github.com/ly4k/PwnKit
https://github.com/dzonerzy/poc-cve-2021-4034
https://github.com/arthepsy/CVE-2021-4034
https://github.com/nikaiw/CVE-2021-4034
https://github.com/aslitsecurity/CVE-2021-40444_builders
https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/
https://github.com/lockedbyte/CVE-2021-40444
https://github.com/klinix5/InstallerFileTakeOver
https://github.com/MrCl0wnLab/SimplesApachePathTraversal
https://github.com/WazeHell/sam-the-admin
https://github.com/ly4k/Pachine
https://github.com/cube0x0/noPac
https://github.com/Ridter/noPac
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
https://github.com/kozmer/log4j-shell-poc
https://github.com/0xInfection/LogMePwn
https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
https://github.com/ly4k/SpoolFool
https://github.com/tweedge/springcore-0day-en
https://github.com/modzero/MZ-21-02-Trendmicro
https://github.com/redhuntlabs/ConfluentPwn
https://github.com/JohnHammond/msdt-follina
https://github.com/onecloudemoji/CVE-2022-30190
https://github.com/chvancooten/follina.py
https://github.com/randorisec/CVE-2022-34918-LPE-PoC
https://github.com/giuliano108/SeBackupPrivilege/tree/master/SeBackupPrivilegeCmdLets/bin/Debug
https://github.com/antonioCoco/RoguePotato
https://github.com/breenmachine/RottenPotatoNG
https://github.com/micahvandeusen/GenericPotato
https://github.com/ohpe/juicy-potato
https://github.com/antonioCoco/JuicyPotatoNG
https://github.com/S3cur3Th1sSh1t/MultiPotato
https://github.com/dievus/printspoofer
https://github.com/itm4n/PrintSpoofer
https://github.com/gabrtv/shocker
https://github.com/nccgroup/shocker
https://github.com/GossiTheDog/SystemNightmare
https://github.com/topotam/PetitPotam
https://github.com/Wh04m1001/DFSCoerce
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/abatchy17/WindowsExploits