Latest Infosec News and Articles A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet a recon tool that allows searching on URLs that are exposed
IT Security News Bulletin #47
Latest Infosec News and Articles Introduction to Reverse Engineering with Ghidra: A Four Session Course https://wrongbaud.github.io/posts/ghidra-training/ A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet ImageMagick
IT Security News Bulletin #46
Latest Infosec News and Articles Advanced MSSQL Injection Tricks https://swarm.ptsecurity.com/advanced-mssql-injection-tricks/ RCE via Server-Side Template Injection https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae XSS Scanner: detects Cross-Site Scripting vulnerabilities in website https://securityonline.info/xss-scanner/ Exploring the Exploitability of “Bad Neighbor”: The Recent
IT Security News Bulletin #45
Latest Infosec News and Articles Powershell script for enumerating vulnerable DCOM Applications https://github.com/sud0woodo/DCOMrade Infection Monkey - An automated pentest tool https://github.com/guardicore/monkey Fuzzing for eBPF JIT bugs in the Linux kernel https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/ Attackers Exploiting
IT Security News Bulletin #44
Latest Infosec News and Articles PowerShell Commands for Pentesters https://www.infosecmatter.com/powershell-commands-for-pentesters/ Identifying & Escalating HTTP Host Header Injection attacks https://medium.com/bugbountywriteup/identifying-escalating-http-host-header-injection-attacks-7586d0ff2c67Pass-the-hash attacks with mimikatz https://stealthbits.com/blog/passing-the-hash-with-mimikatz/ paradoxiaRAT: Native Windows Remote Access Tool https://securityonline.info/paradoxiarat-native-windows-remote-access-tool/ The Memory Process
IT Security News Bulletin #43
Latest Infosec News and Articles Interactive Analysis with any.run https://zero2auto.com/2020/10/14/interactive-analysis-any-run/ Azure Red Team tool for graphing Azure and Azure Active Directory objects https://github.com/Azure/Stormspotter Pass-the-hash WiFi https://sensepost.com/blog/2020/pass-the-hash-wifi/ Apache Struts 2 Remote Code Execution https://cxsecurity.com/issue/WLB-2020100134 Exploiting
Weekly IT Security News Bulletin #42
Latest Infosec News and Articles Patrik’s Bug Bounty 🛠️Tools https://blog.it-securityguard.com/patriks-bug-bounty-tools-%f0%9f%9b%a0%ef%b8%8f/Introducing MIDNIGHTTRAIN - A Covert Stage-3 Persistence Framework weaponizing UEFI variables https://slaeryan.github.io/posts/midnighttrain.html In-Memory shellcode decoding to evade AVs/EDRs https://shells.systems/in-memory-shellcode-decoding-to-evade-avs/ How I Hacked Facebook
IT Security News Bulletin #40
Latest Infosec News and Articles Using Syscalls to Inject Shellcode on Windows https://www.solomonsklash.io/syscalls-for-shellcode-injection.html Sysmon Internals - From File Delete Event to Kernel Code Execution https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/ From Zero to main(): How to Write
IT Security News Bulletin #39
Latest Infosec News and Articles PoC exploits for CVE-2020-17382 https://github.com/uf0o/CVE-2020-17382 A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. https://github.com/fatedier/frp I Like
IT Security News Bulletin #38
Latest Infosec News and Articles ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/ The Current State of Exploit Development, Part 2 https://www.crowdstrike.com/blog/state-of-exploit-development-part-2/ Rampant Kitten –