IT Security News Bulletin #64

Date
March 22, 2021 Posted By
Gianni Gnesa

Categories

IT Security News Bulletin

Latest Infosec News and Articles

Using Syscalls to Inject Shellcode on Windows https://www.solomonsklash.io/syscalls-for-shellcode-injection.html
Implementing Direct Syscalls Using Hell’s Gate https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/
VM Detection Tricks, Part 1: Physical memory resource maps https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/
Hacking IIS https://drive.google.com/file/d/1O0IARjqP4Pwa-ae1nAP8Nr9qb0ai2XPu/view
CVE-2021-27927: CSRF to RCE Chain in Zabbix https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce
CVE-2020-5377: Dell OpenManage Server Administrator File Read https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/
TryHackMe: DNS Manipulation Walkthrough https://infosecwriteups.com/tryhackme-dns-manipulation-walkthrough-5944bf60f10f
CVE-2020-24581 D-Link DSL-2888A Remote Command Execution https://reconshell.com/cve-2020-24581-d-link-dsl-2888a-remote-command-execution/
Gitls – Enumerate Git Repository URL From List Of URL / User / Org https://www.kitploit.com/2021/03/gitls-enumerate-git-repository-url-from.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29
How to discover up to 10,000 subdomains with your own tool https://infosecwriteups.com/this-time-you-will-learn-how-to-create-your-own-tool-with-which-you-will-be-able-to-discover-2e813495907e

Latest Vulnerabilities, POCs, and Exploit

Sonlogger 4.2.3.3 – SuperAdmin Account Creation / Information Disclosure https://www.exploit-db.com/exploits/49650
Microsoft Exchange 2019 – SSRF to Arbitrary File Write (Proxylogon) https://www.exploit-db.com/exploits/49663
FastStone Image Viewer 7.5 – .cur BITMAPINFOHEADER ‘BitCount’ Stack Based Buffer Overflow (ASLR & DEP Bypass) https://www.exploit-db.com/exploits/49660
VestaCP 0.9.8 – File Upload CSRF https://www.exploit-db.com/exploits/49659
Alphaware E-Commerce System 1.0 – Unauthenicated Remote Code Execution (File Upload + SQL injection) https://www.exploit-db.com/exploits/49652

IT Security News Bulletin #70

May 3, 2021

Latest Infosec News and Articles MeterPwrShell: Bypass

IT Security News Bulletin #69

April 26, 2021

Latest Infosec News and Articles Windows &

IT Security News Bulletin #68

April 19, 2021

Latest Infosec News and Articles PENTESTING-BIBLE: Explore

IT Security News Bulletin #67

April 12, 2021

Latest Infosec News and Articles How I

IT Security News Bulletin #66

April 5, 2021

Latest Infosec News and Articles Bug Bounty

IT Security News Bulletin #65

March 29, 2021

Latest Infosec News and Articles How APTs

IT Security News Bulletin #64

March 22, 2021

Latest Infosec News and Articles Using Syscalls

IT Security News Bulletin #63

March 15, 2021

Latest Infosec News and Articles OffensivePipeline v0.8.2

IT Security News Bulletin #62

March 8, 2021

Latest Infosec News and Articles Evade EDR

IT Security News Bulletin #61

March 1, 2021

Latest Infosec News and Articles Retrieve LAPS

Copyright © 2021 - Ptrace Security GmbH