Latest Infosec News and Articles
- Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock https://github.com/liamg/traitor
- Geowifi – Search WiFi Geolocation Data By BSSID And SSID On Different Public Databases https://www.kitploit.com/2022/03/geowifi-search-wifi-geolocation-data-by.html
- iOS Hacking – A Beginner’s Guide to Hacking iOS Apps [2022 Edition] https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
- EvilSelenium v1.1 releases: weaponizes Selenium to attack Chrome https://securityonline.info/evilselenium-weaponizes-selenium-to-attack-chrome/
- CVE-2022-0847 Vulnerability in Linux Kernel Can Be Used To Root Android https://securityonline.info/dirty-pipe-vulnerability-in-linux-kernel-can-be-used-to-root-android/
- Dome – Fast And Reliable Python Script That Makes Active And/Or Passive Scan To Obtain Subdomains And Search For Open Ports https://www.kitploit.com/2022/03/dome-fast-and-reliable-python-script.html
- How to write a simple script to automate finding bugs https://infosecwriteups.com/how-to-write-simple-script-to-automate-finding-bugs-438c121b61cf
- RCE exploit for dompdf https://github.com/positive-security/dompdf-rce
- Reversing Common Obfuscation Techniques https://ferib.dev/blog.php?l=post/Reversing_Common_Obfuscation_Techniques
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ) https://github.com/Yamato-Security/WELA
Latest Vulnerabilities, POCs, and Exploit
- Apache APISIX 2.12.1 – Remote Code Execution (RCE) https://www.exploit-db.com/exploits/50829
- Pluck CMS 4.7.16 – Remote Code Execution (RCE) (Authenticated) https://www.exploit-db.com/exploits/50826
- Moodle 3.11.5 – SQLi (Authenticated) https://www.exploit-db.com/exploits/50825
- Seowon SLR-120 Router – Remote Code Execution (Unauthenticated) https://www.exploit-db.com/exploits/50821
- Zabbix 5.0.17 – Remote Code Execution (RCE) (Authenticated) https://www.exploit-db.com/exploits/50816
