Latest Infosec News and Articles
- Introduction to Reverse Engineering with Ghidra: A Four Session Course https://wrongbaud.github.io/posts/ghidra-training/
- A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
- ImageMagick – Shell injection via PDF password https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
- SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software https://medium.com/bugbountywriteup/soap-based-unauthenticated-out-of-band-xml-external-entity-oob-xxe-in-a-help-desk-software-c27a6abf182a
- Introduction to Simulated AWS Attacks https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/
- Obfuscator: obfuscate the shellcode https://t.co/U6kXunhuGJ
- Path Traversal on Citrix XenMobile Server https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
- Attacking JSON Web Tokens (JWTs) https://medium.com/bugbountywriteup/attacking-json-web-tokens-jwts-d1d51a1e17cb
- Dynamic Invocation in .NET to bypass hooks https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/
- Extract stored credentials from Internet Explorer and Edge https://github.com/HanseSecure/credgrap_ie_edge
Latest Vulnerabilities, POCs, and Exploit
- SyncBreeze 10.0.28 – ‘password’ Remote Buffer Overflow https://www.exploit-db.com/exploits/49100
- ZeroShell 3.9.0 – ‘cgi-bin/kerbynet’ Remote Root Command Injection (Metasploit) https://www.exploit-db.com/exploits/49096
- Boxoft Audio Converter 2.3.0 – ‘.wav’ Buffer Overflow (SEH) https://www.exploit-db.com/exploits/49089
- Free MP3 CD Ripper 2.8 – Multiple File Buffer Overflow (Metasploit) https://www.exploit-db.com/exploits/49087
- IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 – id’ Field Stack Based Buffer Overflow https://www.exploit-db.com/exploits/49086
- docPrint Pro 8.0 – ‘Add URL’ Buffer Overflow (SEH Egghunter) https://www.exploit-db.com/exploits/49100