IT Security News Bulletin #47

Date
November 30, 2020 Posted By
Gianni Gnesa

Categories

IT Security News Bulletin

Latest Infosec News and Articles

Introduction to Reverse Engineering with Ghidra: A Four Session Course https://wrongbaud.github.io/posts/ghidra-training/
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
ImageMagick – Shell injection via PDF password https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software https://medium.com/bugbountywriteup/soap-based-unauthenticated-out-of-band-xml-external-entity-oob-xxe-in-a-help-desk-software-c27a6abf182a
Introduction to Simulated AWS Attacks https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/
Obfuscator: obfuscate the shellcode https://t.co/U6kXunhuGJ
Path Traversal on Citrix XenMobile Server https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
Attacking JSON Web Tokens (JWTs) https://medium.com/bugbountywriteup/attacking-json-web-tokens-jwts-d1d51a1e17cb
Dynamic Invocation in .NET to bypass hooks https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/
Extract stored credentials from Internet Explorer and Edge https://github.com/HanseSecure/credgrap_ie_edge

Latest Vulnerabilities, POCs, and Exploit

SyncBreeze 10.0.28 – ‘password’ Remote Buffer Overflow https://www.exploit-db.com/exploits/49100
ZeroShell 3.9.0 – ‘cgi-bin/kerbynet’ Remote Root Command Injection (Metasploit) https://www.exploit-db.com/exploits/49096
Boxoft Audio Converter 2.3.0 – ‘.wav’ Buffer Overflow (SEH) https://www.exploit-db.com/exploits/49089
Free MP3 CD Ripper 2.8 – Multiple File Buffer Overflow (Metasploit) https://www.exploit-db.com/exploits/49087
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 – id’ Field Stack Based Buffer Overflow https://www.exploit-db.com/exploits/49086
docPrint Pro 8.0 – ‘Add URL’ Buffer Overflow (SEH Egghunter) https://www.exploit-db.com/exploits/49100

IT Security News Bulletin #70

May 3, 2021

Latest Infosec News and Articles MeterPwrShell: Bypass

IT Security News Bulletin #69

April 26, 2021

Latest Infosec News and Articles Windows &

IT Security News Bulletin #68

April 19, 2021

Latest Infosec News and Articles PENTESTING-BIBLE: Explore

IT Security News Bulletin #67

April 12, 2021

Latest Infosec News and Articles How I

IT Security News Bulletin #66

April 5, 2021

Latest Infosec News and Articles Bug Bounty

IT Security News Bulletin #65

March 29, 2021

Latest Infosec News and Articles How APTs

IT Security News Bulletin #64

March 22, 2021

Latest Infosec News and Articles Using Syscalls

IT Security News Bulletin #63

March 15, 2021

Latest Infosec News and Articles OffensivePipeline v0.8.2

IT Security News Bulletin #62

March 8, 2021

Latest Infosec News and Articles Evade EDR

IT Security News Bulletin #61

March 1, 2021

Latest Infosec News and Articles Retrieve LAPS

Copyright © 2021 - Ptrace Security GmbH