IT Security News Bulletin #47

Date
November 30, 2020 Posted By
Gianni Gnesa

Categories

IT Security News Bulletin

Latest Infosec News and Articles

Introduction to Reverse Engineering with Ghidra: A Four Session Course https://wrongbaud.github.io/posts/ghidra-training/
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
ImageMagick – Shell injection via PDF password https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software https://medium.com/bugbountywriteup/soap-based-unauthenticated-out-of-band-xml-external-entity-oob-xxe-in-a-help-desk-software-c27a6abf182a
Introduction to Simulated AWS Attacks https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/
Obfuscator: obfuscate the shellcode https://t.co/U6kXunhuGJ
Path Traversal on Citrix XenMobile Server https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
Attacking JSON Web Tokens (JWTs) https://medium.com/bugbountywriteup/attacking-json-web-tokens-jwts-d1d51a1e17cb
Dynamic Invocation in .NET to bypass hooks https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/
Extract stored credentials from Internet Explorer and Edge https://github.com/HanseSecure/credgrap_ie_edge

Latest Vulnerabilities, POCs, and Exploit

SyncBreeze 10.0.28 – ‘password’ Remote Buffer Overflow https://www.exploit-db.com/exploits/49100
ZeroShell 3.9.0 – ‘cgi-bin/kerbynet’ Remote Root Command Injection (Metasploit) https://www.exploit-db.com/exploits/49096
Boxoft Audio Converter 2.3.0 – ‘.wav’ Buffer Overflow (SEH) https://www.exploit-db.com/exploits/49089
Free MP3 CD Ripper 2.8 – Multiple File Buffer Overflow (Metasploit) https://www.exploit-db.com/exploits/49087
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 – id’ Field Stack Based Buffer Overflow https://www.exploit-db.com/exploits/49086
docPrint Pro 8.0 – ‘Add URL’ Buffer Overflow (SEH Egghunter) https://www.exploit-db.com/exploits/49100

IT Security News Bulletin #88

September 6, 2021

Latest Infosec News and Articles plution: Prototype

IT Security News Bulletin #87

August 30, 2021

Latest Infosec News and Articles Solving CTF

IT Security News Bulletin #86

August 23, 2021

Latest Infosec News and Articles Android security

IT Security News Bulletin #85

August 16, 2021

Latest Infosec News and Articles Active Directory

IT Security News Bulletin #84

August 11, 2021

Latest Infosec News and Articles Fuzzing Windows

IT Security News Bulletin #83

August 2, 2021

IT Security News Bulletin #83 Latest Infosec

IT Security News Bulletin #82

July 26, 2021

Latest Infosec News and Articles Tools to

IT Security News Bulletin #81

July 19, 2021

Latest Infosec News and Articles meterpeter: C2

IT Security News Bulletin #80

July 12, 2021

Latest Infosec News and Articles Remote Desktop

IT Security News Bulletin #79

July 5, 2021

Latest Infosec News and Articles IDOR (Insecure

Copyright © 2021 - Ptrace Security GmbH