Latest Infosec News and Articles
- Software Defined Radio, Part 6: Building a Cellphone IMSI Catcher (Stingray) https://www-hackers–arise-com.cdn.ampproject.org/c/s/www.hackers-arise.com/amp/software-defined-radio-part-6-building-a-imsi-catcher-stingray
- SIM Hijacking https://sensepost.com/blog/2022/sim-hijacking/
- SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718) https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81
- Espionage – A Network Packet And Traffic Interceptor For Linux. Spoof ARP And Wiretap A Network https://www.kitploit.com/2022/02/espionage-network-packet-and-traffic.html
- From Stored XSS to RCE using BeEF and elFinder CVE-2021-45919 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-stored-xss-to-rce-using-beef-and-elfinder-cve-2021-45919/
- EDRSandblast: bypass EDR detections and LSASS protections https://securityonline.info/edrsandblast-bypass-edr-detections-and-lsass-protections/
- [DiceCTF 2022] – memory hole https://blog.kylebot.net/2022/02/06/DiceCTF-2022-memory-hole/
- SSRF (Server Side Request Forgery) testing resources https://github.com/cujanovic/SSRF-Testing
- C# code to Sandbox Defender (and most probably other AV/EDRs) https://github.com/plackyhacker/SandboxDefender
- Cisco Anyconnect VPN unauth RCE (rwx stack) https://github.com/Audiobahn/CVE-2022-20699
Latest Vulnerabilities, POCs, and Exploit
- WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 – SQL-Injection (Unauthenticated) https://www.exploit-db.com/exploits/50733
- WordPress Plugin Simple Job Board 2.9.3 – Local File Inclusion https://www.exploit-db.com/exploits/50721
- Wing FTP Server 4.3.8 – Remote Code Execution (RCE) (Authenticated) https://www.exploit-db.com/exploits/50720
- Strapi CMS 3.0.0-beta.17.4 – Set Password (Unauthenticated) (Metasploit) https://www.exploit-db.com/exploits/50716
