Latest Infosec News and Articles
- CVE-2020-5902 BIG-IP RCE https://github.com/jas502n/CVE-2020-5902/
- From SSRF to Compromise: Case Study https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-to-compromise-case-study/
- A Hands-On Introduction to Mandiant’s Approach to OT Red Teaming https://www.fireeye.com/blog/threat-research/2020/08/hands-on-introduction-to-mandiant-approach-to-ot-red-teaming.html
- From Android Static Analysis to RCE on Prod https://blog.dixitaditya.com/from-android-app-to-rce/
- Malware sample library https://github.com/mstfknn/malware-sample-library
- AST Injection, Prototype Pollution to RCE https://blog.p6.is/AST-Injection/
- Prototype pollution – and bypassing client-side HTML sanitizers https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/
- Fuzzing the Linux kernel (x86) entry code, Part 1 of 3 https://blogs.oracle.com/linux/fuzzing-the-linux-kernel-x86-entry-code%2c-part-1-of-3
- One Click Forensics Lab in the Cloud: Deploy a DFIR forensics lab with one script on Google Cloud Platform https://0xbanana.com/blog/one-click-forensics-lab-in-the-cloud/
- How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
Latest Vulnerabilities, POCs, and Exploit
- Internet Explorer 11 – Use-After-Free https://www.exploit-db.com/exploits/48806
- VTENEXT 19 CE – Remote Code Execution https://www.exploit-db.com/exploits/48804
- ZTE Router F602W – Captcha Bypass https://www.exploit-db.com/exploits/48801
- CuteNews 2.1.2 – Remote Code Execution https://www.exploit-db.com/exploits/48800
- Tiandy IPC and NVR 9.12.7 – Credential Disclosure https://www.exploit-db.com/exploits/48799
- Audio Playback Recorder 3.2.2 – Local Buffer Overflow (SEH) https://www.exploit-db.com/exploits/48796
- ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated) https://www.exploit-db.com/exploits/48793