Latest Infosec News and Articles Bug Bounty Roadmaps https://github.com/1ndianl33t/Bug-Bounty-Roadmaps  A tool for generating fake code signing certificates or signing real ones  https://github.com/Tylous/Limelighter Dumping LSASS in memory undetected using MirrorDump https://www.pentestpartners.com/security-blog/dumping-lsass-in-memory-undetected-using-mirrordump/ vulnx 🕷️ is

Latest Infosec News and Articles How APTs Use Reverse Proxies to Nmap Internal Networks  https://www.varonis.com/blog/nmap-reverse-proxies/?utm_content=158497201&utm_medium=social&utm_source=twitter&hss_channel=tw-21672993 FuzzingTool: web penetration testing tool https://securityonline.info/fuzzingtool-web-penetration-testing-tool/ RCE Exploit in BIG IP https://github.com/h4x0r-dz/RCE-Exploit-in-BIG-IP JWTweak: Detects the algorithm of input

Latest Infosec News and Articles Using Syscalls to Inject Shellcode on Windows https://www.solomonsklash.io/syscalls-for-shellcode-injection.html Implementing Direct Syscalls Using Hell’s Gate https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/ VM Detection Tricks, Part 1: Physical memory resource maps  https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/ Hacking IIS https://drive.google.com/file/d/1O0IARjqP4Pwa-ae1nAP8Nr9qb0ai2XPu/view CVE-2021-27927:

Latest Infosec News and Articles OffensivePipeline v0.8.2 releases: download, compile and obfuscate C# tools for Red Team exercises  https://securityonline.info/offensivepipeline-download-compile-and-obfuscate-c-tools-for-red-team-exercises/  Scanning APK file for URIs, endpoints & secrets. https://github.com/dwisiswant0/apkleaks CVE-2021-27927: CSRF to RCE

Latest Infosec News and Articles Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys https://infosecwriteups.com/evade-avs-edr-with-shellcode-injection-159dde4dba1a Heap-based AMSI bypass for MS Excel VBA and others  https://codewhitesec.blogspot.com/2019/07/heap-based-amsi-bypass-in-vba.html VirtualBox E1000 Guest-to-Host Escape 

Latest Infosec News and Articles Retrieve LAPS password from the LDAP  https://github.com/swisskyrepo/SharpLAPS http-request-smuggling: HTTP Request Smuggling Detection Tool  https://securityonline.info/http-request-smuggling-detection/ Reverse Engineering Clubhouse: My Observations https://www.klmlabs.co/blog/club-house-observations-th5x8 Offensive Windows IPC Internals 2: RPC https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html Domain Password

Latest Infosec News and Articles Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.  https://github.com/tokyoneon/Chimera  DNS exfiltration of data: step-by-step simple guide

Latest Infosec News and Articles Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge https://jhalon.github.io/utilizing-syscalls-in-csharp-1/ Security Basics: XSS Explained https://medium.com/swlh/security-basics-xss-explained-3ade8071aaa1 How To Attack Kerberos 101 https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html Testing and exploiting Java Deserialization in

Latest Infosec News and Articles Learning Linux Kernel Exploitation - Part 2 https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/ Sudo Exploit Writeup  https://www.kalmarunionen.dk/writeups/sudo/ A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you

Latest Infosec News and Articles Learning Linux Kernel Exploitation - Part 1 https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/#Pentesting laravel debug rce CVE-2021-3129 https://github.com/SNCKER/CVE-2021-3129 How To Attack Kerberos 101 https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html A list of cyber-chef recipes and curated links https://github.com/mattnotmax/cyberchef-recipes Windows