Latest Infosec News and Articles
- Remote Code Execution in pfSense <= 2.5.2 https://t.co/BkeOJyQd1j
- Azure Privilege Escalation via Cloud Shell https://www.netspi.com/blog/technical/cloud-penetration-testing/attacking-azure-cloud-shell/
- Running Cobalt Strike BOFs from Python https://www.naksyn.com/injection/2022/02/16/running-cobalt-strike-bofs-from-python.html
- vortex: VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit https://securityonline.info/vortex-vpn-exploitation-toolkit/
- Voltron – A Hacky Debugger UI For Hackers https://www.kitploit.com/2022/02/voltron-hacky-debugger-ui-for-hackers.html
- Linux kernel Use-After-Free (CVE-2021-23134) PoC. https://ruia-ruia.github.io/NFC-UAF/
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365 https://github.com/darkquasar/AzureHunter
- Forensic Analysis Of Xiaomi IoT Ecosystem https://www.forensicfocus.com/webinars/forensic-analysis-of-xiaomi-iot-ecosystem/
- Automating bug bounties https://www.benteveo.kiwi/blog/automating-bug-bounties
- Chasing the silver petit potam to domain admin https://blog.zsec.uk/chasing-the-silver-petit-potam/
Latest Vulnerabilities, POCs, and Exploit
- Microweber CMS 1.2.10 – Local File Inclusion (Authenticated) (Metasploit) https://www.exploit-db.com/exploits/50786
- WebHMI 4.1.1 – Remote Code Execution (RCE) (Authenticated) https://www.exploit-db.com/exploits/50784
- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 – Remote File CRUD https://www.exploit-db.com/exploits/50783
- WordPress Plugin WP User Frontend 3.5.25 – SQLi (Authenticated) https://www.exploit-db.com/exploits/50772
