Latest Infosec News and Articles
- PowerShell Commands for Pentesters https://www.infosecmatter.com/powershell-commands-for-pentesters/
- Identifying & Escalating HTTP Host Header Injection attacks https://medium.com/bugbountywriteup/identifying-escalating-http-host-header-injection-attacks-7586d0ff2c67
- Pass-the-hash attacks with mimikatz https://stealthbits.com/blog/passing-the-hash-with-mimikatz/
- paradoxiaRAT: Native Windows Remote Access Tool https://securityonline.info/paradoxiarat-native-windows-remote-access-tool/
- The Memory Process File System https://github.com/ufrisk/MemProcFS
- Credentials Processes in Windows Authentication https://docs.microsoft.com/en-us/windows-server/security/windows-authentication/credentials-processes-in-windows-authentication
- Extracting passwd hashes from the Ntds dit file https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
- Discord Desktop app RCE https://mksben.l0.cm/2020/10/discord-desktop-rce.html
- Interception of Android implicit intents https://blog.oversecured.com/Interception-of-Android-implicit-intents/
- ARM-X Firmware Emulation Framework https://github.com/therealsaumil/armx
Latest Vulnerabilities, POCs, and Exploit
- Monitor 1.7.6m – Remote Code Execution (Unauthenticated) https://www.exploit-db.com/exploits/48980
- WordPress Plugin Simple File List 5.4 – Arbitrary File Upload https://www.exploit-db.com/exploits/48979
- Apache Flink 1.9.x – File Upload RCE (Unauthenticated) https://www.exploit-db.com/exploits/48978
- imple College Website 1.0 – ‘username’ SQL Injection / Remote Code Execution https://www.exploit-db.com/exploits/48977
- Citadel WebCit < 926 – Session Hijacking Exploit https://www.exploit-db.com/exploits/48975
- WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 – Unauthenticated RCE via GET request https://www.exploit-db.com/exploits/48971