Latest Infosec News and Articles
- Finding Hidden Files and Folders on IIS using BigQuery https://blog.assetnote.io/2020/09/18/finding-hidden-files-folders-iis-bigquery/
- WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack https://securityaffairs.co/wordpress/112218/hacking/easy-wp-smtp-wordpress-plugin-flaw.html
- Buffer Overflows for Dummies https://www.sans.org/reading-room/whitepapers/threats/paper/481
- Attacking SCADA Part III: Hardcoded Salt in Schneider Electric EcoStruxure Machine Expert (CVE-2020-28214) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/attacking-scada-part-iii-hardcoded-salt-in-schneider-electric-ecostruxure-machine-expert-cve-2020-28214/
- Windows Lock Screen Security Feature Bypass Vulnerability (Important, CVE-2020-17099, CVSSv3 6.8/5.9) https://dirteam.com/sander/2020/12/09/windows-lock-screen-security-feature-bypass-vulnerability-important-cve-2020-17099-cvssv3-6-8-5-9/
- HackTheBox University CTF Writeups https://www.goggleheadedhacker.com/blog/post/20
- Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools
- CVE-2020-17140 Windows SMB Information Disclousure Analysis https://blogs.360.cn/post/CVE-2020-17140-Analysis.html
- How I hacked Facebook: Part One https://alaa0x2.medium.com/how-i-hacked-facebook-part-one-282bbb125a5d
- Automation for internal Windows Penetrationtest / AD-Security
Latest Vulnerabilities, POCs, and Exploit
- Gitlab 11.4.7 – Remote Code Execution https://www.exploit-db.com/exploits/49257
- Macally WIFISD2-2A82 2.000.010 – Guest to Root Privilege Escalation https://www.exploit-db.com/exploits/49256
- Magic Home Pro 1.5.1 – Authentication Bypass https://www.exploit-db.com/exploits/49266
- GitLab 11.4.7 – Remote Code Execution (Authenticated) https://www.exploit-db.com/exploits/49263
- Cisco ASA 9.14.1.10 and FTD 6.6.0.1 – Path Traversal (2) https://www.exploit-db.com/exploits/49262
- Solaris SunSSH 11.0 x86 – libpam Remote Root https://www.exploit-db.com/exploits/49261
- Online Marriage Registration System (OMRS) 1.0 – Remote Code Execution (Authenticated) https://www.exploit-db.com/exploits/49260
- libbabl 0.1.62 – Broken Double Free Detection (PoC) https://www.exploit-db.com/exploits/49259