Blog

Latest Infosec News and Articles CVE-2020-5902 BIG-IP RCE  https://github.com/jas502n/CVE-2020-5902/ From SSRF to Compromise: Case Study https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-to-compromise-case-study/ A Hands-On Introduction to Mandiant's Approach to OT Red Teaming https://www.fireeye.com/blog/threat-research/2020/08/hands-on-introduction-to-mandiant-approach-to-ot-red-teaming.htmlFrom Android Static Analysis to RCE

Latest Infosec News and Articles The FLARE team's open-source tool to identify capabilities in executable files.  https://github.com/fireeye/capa/  Shadow Admins – The Stealthy Accounts That You Should Fear The Most https://www.cyberark.com/resources/threat-research-blog/shadow-admins-the-stealthy-accounts-that-you-should-fear-the-most PowerShell Remoting

Latest Infosec News and Articles PowerShell: In-Memory Injection Using CertUtil.exe  https://movaxbx.ru/2018/06/01/powershell-in-memory-injection-using-certutil-exe/  Defending Your Malware https://labs.jumpsec.com/2020/08/11/defending-your-malware/ CVE-2020-1571 Windows Setup Elevation of Privileges Bypass 0day https://github.com/klinix5/Windows-Setup-EoPApache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and

Latest Infosec News and Articles Pentest Tips and Tricks #2  https://jivoi.github.io/2015/08/21/pentest-tips-and-tricks-number-2/List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. https://github.com/toniblyx/my-arsenal-of-aws-security-tools#offensiveIntroducing Ninja C2 : the C2 built

Latest Infosec News and Articles Domain Penetration Testing: Using BloodHound, Crackmapexec, & Mimikatz to get Domain Admin https://hausec.com/2017/10/21/domain-penetration-testing-using-bloodhound-crackmapexec-mimikatz-to-get-domain-admin/multithreading module that connects to a remote TCP server, monitors active (opened) Microsoft

Latest Infosec News and Articles Building an Active Directory Lab  https://medium.com/@robertscocca/building-an-active-directory-lab-82170dd73fb4  Hacking the World with HTML  https://osandamalith.com/2020/07/19/hacking-the-world-with-html/Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in

Latest Infosec News and Articles Exploiting an Elevation of Privilege bug in Windows 10 (CVE-2020-1362)  https://github.com/Q4n/CVE-2020-1362The Basics of Exploit Development 1: Win32 Buffer Overflows  https://www.coalfire.com/The-Coalfire-Blog/January-2020/The-Basics-of-Exploit-Development-1Reverse Engineering Malware, Part 4: Windows

Latest Infosec News and Articles Reverse engineering of the Anubis malware  https://orangecyberdefense.com/uk/blog/uncategorized/reverse-engineering-of-the-anubis-malware/How x86_64 addresses memory https://blog.yossarian.net/2020/06/13/How-x86_64-addresses-memoryLeonidas - Automated Attack Simulation in the Cloud, complete with detection use cases https://github.com/fsecurelabs/leonidasUnderstanding how

Latest Infosec News and Articles Adventures in ATM Hacking  https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/adventures-in-atm-hacking/Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers  https://labs.bishopfox.com/tech-blog/breaking-https-in-the-iotDomain Penetration Testing: Using BloodHound, Crackmapexec, & Mimikatz to get Domain

Latest Infosec News and Articles Red Team Techniques - June 2020 https://www.reddit.com/r/purpleteamsec/comments/hbdvz4/red_team_techniques_june_2020/LethalHTA - A new lateral movement technique using DCOM and HTA  https://codewhitesec.blogspot.com/2018/07/lethalhta.htmlOSS-Fuzz - continuous fuzzing of open source software.