IT Security News Bulletin #47

Date
November 30, 2020 Posted By
Gianni Gnesa

Categories

IT Security News Bulletin

Latest Infosec News and Articles

Introduction to Reverse Engineering with Ghidra: A Four Session Course https://wrongbaud.github.io/posts/ghidra-training/
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
ImageMagick – Shell injection via PDF password https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software https://medium.com/bugbountywriteup/soap-based-unauthenticated-out-of-band-xml-external-entity-oob-xxe-in-a-help-desk-software-c27a6abf182a
Introduction to Simulated AWS Attacks https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/
Obfuscator: obfuscate the shellcode https://t.co/U6kXunhuGJ
Path Traversal on Citrix XenMobile Server https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
Attacking JSON Web Tokens (JWTs) https://medium.com/bugbountywriteup/attacking-json-web-tokens-jwts-d1d51a1e17cb
Dynamic Invocation in .NET to bypass hooks https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/
Extract stored credentials from Internet Explorer and Edge https://github.com/HanseSecure/credgrap_ie_edge

Latest Vulnerabilities, POCs, and Exploit

SyncBreeze 10.0.28 – ‘password’ Remote Buffer Overflow https://www.exploit-db.com/exploits/49100
ZeroShell 3.9.0 – ‘cgi-bin/kerbynet’ Remote Root Command Injection (Metasploit) https://www.exploit-db.com/exploits/49096
Boxoft Audio Converter 2.3.0 – ‘.wav’ Buffer Overflow (SEH) https://www.exploit-db.com/exploits/49089
Free MP3 CD Ripper 2.8 – Multiple File Buffer Overflow (Metasploit) https://www.exploit-db.com/exploits/49087
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 – id’ Field Stack Based Buffer Overflow https://www.exploit-db.com/exploits/49086
docPrint Pro 8.0 – ‘Add URL’ Buffer Overflow (SEH Egghunter) https://www.exploit-db.com/exploits/49100

IT Security News Bulletin #59

February 15, 2021

Latest Infosec News and Articles Red Team

IT Security News Bulletin #58

February 8, 2021

Latest Infosec News and Articles Learning Linux

IT Security News Bulletin #57

February 1, 2021

Latest Infosec News and Articles Learning Linux

IT Security News Bulletin #56

January 25, 2021

Latest Infosec News and Articles Weblogic Remote

IT Security News Bulletin #55

January 18, 2021

Latest Infosec News and Articles Win32k System

IT Security News Bulletin #54

January 11, 2021

Latest Infosec News and Articles Red Team

Getting Started with WinDbg

January 5, 2021

https://www.youtube.com/watch?v=c492-BMacZ0 The Windows Debugger, also known as

IT Security News Bulletin #52

January 4, 2021

Latest Infosec News and Articles Analyzing Cobalt

IT Security News Bulletin #50

December 21, 2020

Latest Infosec News and Articles Finding Hidden

IT Security News Bulletin #49

December 14, 2020

Latest Infosec News and Articles 403Bypasser: bypass

Copyright © 2019 - Ptrace Security GmbH