Latest Infosec News and Articles
- Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys https://infosecwriteups.com/evade-avs-edr-with-shellcode-injection-159dde4dba1a
- Heap-based AMSI bypass for MS Excel VBA and others https://codewhitesec.blogspot.com/2019/07/heap-based-amsi-bypass-in-vba.html
- VirtualBox E1000 Guest-to-Host Escape https://github.com/MorteNoir1/virtualbox_e1000_0day
- Azure AD Connect for Red Teamers https://blog.xpnsec.com/azuread-connect-for-redteam/
- Intro to Bug Bounty Automation (pt.2): Port Scanning with Slack https://infosecwriteups.com/intro-to-bug-bounty-automation-pt-2-8bf4b57f1881
- Exploring a New Detection Evasion Technique on Linux https://codemuch.tech/2021/02/25/exploring-linux-evasion/
- CVE-2021-3378 | FortiLogger – Unauthenticated Arbitrary File Upload (Metasploit) https://github.com/erberkan/fortilogger_arbitrary_fileupload
- A Journey Into the Beauty of DNSRebinding – Part 1 https://blog.mindedsecurity.com/2021/02/journey-into-beauty-of-dnsrebinding.html
- NTFS Case Sensitivity on Windows https://www.tiraniddo.dev/2019/02/ntfs-case-sensitivity-on-windows.html
- Hardening Your Azure Domain Front https://medium.com/@rvrsh3ll/hardening-your-azure-domain-front-7423b5ab4f64
Latest Vulnerabilities, POCs, and Exploit
- Textpattern 4.8.3 – Remote code execution (Authenticated) (2) https://www.exploit-db.com/exploits/49620
- Covid-19 Contact Tracing System 1.0 – Remote Code Execution (Unauthenticated) https://www.exploit-db.com/exploits/49604
- Online Catering Reservation System 1.0 – Remote Code Execution (Unauthenticated) https://www.exploit-db.com/exploits/49603
- Zen Cart 1.5.7b – Remote Code Execution (Authenticated) https://www.exploit-db.com/exploits/49608
- Tiny Tiny RSS – Remote Code Execution https://www.exploit-db.com/exploits/49606
- CatDV 9.2 – RMI Authentication Bypass https://www.exploit-db.com/exploits/49621
- AnyDesk 5.5.2 – Remote Code Execution https://www.exploit-db.com/exploits/49613