Latest Infosec News and Articles
- Red Team Tactics: Utilizing Syscalls in C# – Prerequisite Knowledge https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
- Security Basics: XSS Explained https://medium.com/swlh/security-basics-xss-explained-3ade8071aaa1
- How To Attack Kerberos 101 https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
- Testing and exploiting Java Deserialization in 2021 https://afinepl.medium.com/testing-and-exploiting-java-deserialization-in-2021-e762f3e43ca2
- ScareCrow – Payload creation framework designed around EDR bypass. https://github.com/optiv/ScareCrow
- How Stack Canaries Work https://bananamafia.dev/post/binary-canary-bruteforce/
- STACK CANARY AND ASLR BYPASSING ON X86_32 https://bananamafia.dev/post/binary-canary-bruteforce/
- MemLabs: An Introduction To Memory Forensics https://bananamafia.dev/post/mem/
- Instrumenting Windows APIs with Frida https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/instrumenting-windows-apis-with-frida
- A collaborative, multi-platform, red teaming framework https://github.com/its-a-feature/Mythic
Latest Vulnerabilities, POCs, and Exploit
- Online Marriage Registration System (OMRS) 1.0 – Remote code execution (3) https://www.exploit-db.com/exploits/49557
- Openlitespeed WebServer 1.7.8 – Command Injection (Authenticated) (2) https://www.exploit-db.com/exploits/49556
- Node.JS – ‘node-serialize’ Remote Code Execution (2) https://www.exploit-db.com/exploits/49552
- Microsoft Internet Explorer 11 32-bit – Use-After-Free https://www.exploit-db.com/exploits/49541
- YetiShare File Hosting Script 5.1.0 – ‘url’ Server-Side Request Forgery https://www.exploit-db.com/exploits/49534