Latest Infosec News and Articles
- A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
- a recon tool that allows searching on URLs that are exposed via shortener services https://github.com/utkusen/urlhunter
- Unauthenticated Account Takeover Through HTTP Leak https://medium.com/bugbountywriteup/unauthenticated-account-takeover-through-http-leak-33386bb0ba0b
- Script to Create an Overview and Full Report of all Group Objects in a Domain http://www.jhouseconsulting.com/2015/01/02/script-to-create-an-overview-and-full-report-of-all-group-objects-in-a-domain-1455
- A deep look at some recon methodologies and web-application vulnerabilities with bug bounty hunting https://github.com/domssilva/vulnsearch
- Discovering, exploiting and shutting down a dangerous Windows print spooler vulnerability https://www.accenture.com/us-en/blogs/cyber-defense/discovering-exploiting-shutting-down-dangerous-windows-print-spooler-vulnerability
- CMS Vulnerability Scanners for WordPress, Joomla, Drupal, Moodle, Typo3 https://www.infosecmatter.com/cms-vulnerability-scanners-for-wordpress-joomla-drupal-moodle-typo3/
- Architecture of a ransomware (2/2) https://medium.com/bugbountywriteup/architecture-of-a-ransomware-2-2-e22d8eb11cee
- Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day https://community.disclose.io/t/how-i-found-a-tor-vulnerability-in-brave-browser-reported-it-watched-it-get-patched-got-a-cve-cve-2020-8276-and-a-small-bounty-all-in-one-working-day/65
- Cisco Password Cracking and Decrypting Guide https://www.infosecmatter.com/cisco-password-cracking-and-decrypting-guide/
Latest Vulnerabilities, POCs, and Exploit
- WonderCMS 3.1.3 – Authenticated Remote Code Execution https://www.exploit-db.com/exploits/49155Â
- WonderCMS 3.1.3 – Authenticated SSRF to Remote Remote Code Execution https://www.exploit-db.com/exploits/49154Â
- 10-Strike Network Inventory Explorer 8.65 – Buffer Overflow (SEH) https://www.exploit-db.com/exploits/49134Â
- Setelsa Conacwin 3.7.1.2 – Local File Inclusion https://www.exploit-db.com/exploits/49133Â
- Pharmacy/Medical Store & Sale Point 1.0 – ’email’ SQL Injection https://www.exploit-db.com/exploits/49132Â
- WordPress Plugin EventON Calendar 3.0.5 – Reflected Cross-Site Scripting https://www.exploit-db.com/exploits/49130Â
- Intelbras Router RF 301K 1.1.2 – Authentication Bypass https://www.exploit-db.com/exploits/49126