Post-Exploitation | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Injecting Java In-memory Payloads For Post-exploitation	Post-Exploitation	Undisclosed	Clément Amic (@Loadlow) Hugo Vincent (@Hugow_vincent)
Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes	Lateral Movement Persistence Post-Exploitation	Microsoft (Entra ID / Azure AD)	Dirk-Jan Mollema (@_Dirkjan)
From ChatBot To SpyBot: ChatGPT Post Exploitation	AI LLM XSS Data Exfiltration Post-Exploitation	OpenAI (ChatGPT)	Ron Masas (@RonMasas)
Entra ID Connect Arbitrary Password Overwrite	Post-Exploitation Active Directory Azure AD Cloud	Microsoft	Anthony Larcher-Gore (@Nullg0re)
Technical Advisory – Multiple Vulnerabilities in Nagios XI	RCE Missing Authentication OS Command Injection Local Privilege Escalation Stored XSS Plaintext Storage of a Password Weak Credentials Privilege Escalation Post-Exploitation	Nagios	Oliver Brooks
Unauthenticated Access to GCP Dataproc Can Lead to Data Leak	Cloud Data Leak Post-Exploitation	Google (GCP)	Roi Nisimi (@Roinisimi)
Okta For Red Teamers	Post-Exploitation	Undisclosed	Adam Chester (@_Xpn_)
Hijacking Someone Else’s DCSync	Post-Exploitation Active Directory Azure AD Cloud	Microsoft	Anthony Larcher-Gore (@Nullg0re)
My secret to API privesc: Tapping compromised web servers	Persistence Post-Exploitation	Undisclosed	Dana Epp (@DanaEpp)
From Self-Hosted GitHub Runner to Self-Hosted Backdoor	CI/CD Lateral Movement Post-Exploitation	GitHub	Adnan Khan (@Adnanthekhan) Mason Davis Matt Jackoski

Page 1 of 1