Latest Infosec News and Articles
- Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions. https://github.com/tokyoneon/Chimera
- DNS exfiltration of data: step-by-step simple guide https://hinty.io/devforth/dns-exfiltration-of-data-step-by-step-simple-guide/
- Swarm of Palo Alto PAN-OS vulnerabilities https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
- Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook’s GraphQL technology, to learn and practice GraphQL Security https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
- The Memory Process File System https://github.com/ufrisk/MemProcFS
- Bypass AV/EDR with Safe Mode? https://medium.com/@markmotig/bypass-av-edr-with-safe-mode-975aacecc809
- reconftw v1.0 releases: automated recon on a target domain https://securityonline.info/reconftw-v1-0-releases-automated-recon-on-a-target-domain/
- Offensive API Hooking https://ilankalendarov.github.io/posts/offensive-hooking/
- Confiant & Malwarebytes Uncover Steganography Based Ad Payload That Drops Shlayer Trojan On Mac Users https://blog.confiant.com/confiant-malwarebytes-uncover-steganography-based-ad-payload-that-drops-shlayer-trojan-on-mac-cd31e885c202
- MongoDB Joins (And How to Create Them Using SQL) https://medium.com/@studio3t/mongodb-joins-64d6eb90b62f
Latest Vulnerabilities, POCs, and Exploit
- Gitea 1.12.5 – Remote Code Execution (Authenticated) https://www.exploit-db.com/exploits/49571
- Batflat CMS 1.3.6 – Remote Code Execution (Authenticated) https://www.exploit-db.com/exploits/49573
- TestLink 1.9.20 – Unrestricted File Upload (Authenticated) https://www.exploit-db.com/exploits/49561
- PDFCOMPLETE Corporate Edition 4.1.45 – ‘pdfcDispatcher’ Unquoted Service Path https://www.exploit-db.com/exploits/49558
- Openlitespeed WebServer 1.7.8 – Command Injection (Authenticated) (2) https://www.exploit-db.com/exploits/49556
