Blog

Latest Infosec News and Articles Advanced MSSQL Injection Tricks https://swarm.ptsecurity.com/advanced-mssql-injection-tricks/ RCE via Server-Side Template Injection https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae XSS Scanner: detects Cross-Site Scripting vulnerabilities in website https://securityonline.info/xss-scanner/ Exploring the Exploitability of “Bad Neighbor”: The Recent

Latest Infosec News and Articles Powershell script for enumerating vulnerable DCOM Applications https://github.com/sud0woodo/DCOMrade Infection Monkey - An automated pentest tool https://github.com/guardicore/monkey Fuzzing for eBPF JIT bugs in the Linux kernel https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/ Attackers Exploiting

Latest Infosec News and Articles PowerShell Commands for Pentesters https://www.infosecmatter.com/powershell-commands-for-pentesters/ Identifying & Escalating HTTP Host Header Injection attacks https://medium.com/bugbountywriteup/identifying-escalating-http-host-header-injection-attacks-7586d0ff2c67Pass-the-hash attacks with mimikatz https://stealthbits.com/blog/passing-the-hash-with-mimikatz/ paradoxiaRAT: Native Windows Remote Access Tool https://securityonline.info/paradoxiarat-native-windows-remote-access-tool/ The Memory Process

Latest Infosec News and Articles Interactive Analysis with any.run  https://zero2auto.com/2020/10/14/interactive-analysis-any-run/ Azure Red Team tool for graphing Azure and Azure Active Directory objects https://github.com/Azure/Stormspotter Pass-the-hash WiFi https://sensepost.com/blog/2020/pass-the-hash-wifi/ Apache Struts 2 Remote Code Execution https://cxsecurity.com/issue/WLB-2020100134 Exploiting

Latest Infosec News and Articles Patrik’s Bug Bounty 🛠️Tools  https://blog.it-securityguard.com/patriks-bug-bounty-tools-%f0%9f%9b%a0%ef%b8%8f/Introducing MIDNIGHTTRAIN - A Covert Stage-3 Persistence Framework weaponizing UEFI variables https://slaeryan.github.io/posts/midnighttrain.html In-Memory shellcode decoding to evade AVs/EDRs https://shells.systems/in-memory-shellcode-decoding-to-evade-avs/  How I Hacked Facebook

Latest Infosec News and Articles Using Syscalls to Inject Shellcode on Windows https://www.solomonsklash.io/syscalls-for-shellcode-injection.html Sysmon Internals - From File Delete Event to Kernel Code Execution https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/ From Zero to main(): How to Write

Latest Infosec News and Articles PoC exploits for CVE-2020-17382  https://github.com/uf0o/CVE-2020-17382 A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. https://github.com/fatedier/frp I Like

Latest Infosec News and Articles ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow  http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/ The Current State of Exploit Development, Part 2 https://www.crowdstrike.com/blog/state-of-exploit-development-part-2/ Rampant Kitten –

Latest Infosec News and Articles CVE-2020-5902 BIG-IP RCE  https://github.com/jas502n/CVE-2020-5902/ From SSRF to Compromise: Case Study https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-to-compromise-case-study/ A Hands-On Introduction to Mandiant's Approach to OT Red Teaming https://www.fireeye.com/blog/threat-research/2020/08/hands-on-introduction-to-mandiant-approach-to-ot-red-teaming.htmlFrom Android Static Analysis to RCE