Latest Infosec News and Articles
- Bootkit sample for firmware attack https://github.com/hardenedvault/bootkit-samples
- Attacks on JSON Web Token (JWT) https://infosecwriteups.com/attacks-on-json-web-token-jwt-278a49a1ad2e
- TREVORproxy: randomizes your source IP address to avoid Smart Lockout https://securityonline.info/trevorproxy-randomizes-your-source-ip-address-to-avoid-smart-lockout/
- Analyzing and Detecting a VMTools Persistence Technique https://bohops.com/2021/10/08/analyzing-and-detecting-a-vmtools-persistence-technique/
- Http2Smugl – Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion https://www.kitploit.com/2022/01/http2smugl-tool-to-detect-and-exploit.html
- I Like to Move It: Windows Lateral Movement Part 2 – DCOM https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/
- A tale of EDR bypass methods https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/
- VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution https://cxsecurity.com/issue/WLB-2022010103
- hobbits: multi-platform GUI for bit-based analysis, processing, and visualization https://securityonline.info/hobbits-multi-platform-gui-for-bits-based-analysis-processing-and-visualization/
- Responder and IPv6 attacks https://g-laurent.blogspot.com/2021/12/responder-and-ipv6-attacks.html
Latest Vulnerabilities, POCs, and Exploit
- WordPress Plugin Modern Events Calendar V 6.1 – SQL Injection (Unauthenticated) https://www.exploit-db.com/exploits/50687
- WordPress Plugin RegistrationMagic V 5.0.1.5 – SQL Injection (Authenticated) https://www.exploit-db.com/exploits/50686
- PHPIPAM 1.4.4 – SQLi (Authenticated) https://www.exploit-db.com/exploits/50684
