Latest Infosec News and Articles
- Using Syscalls to Inject Shellcode on Windows https://www.solomonsklash.io/syscalls-for-shellcode-injection.html
- Implementing Direct Syscalls Using Hell’s Gate https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/
- VM Detection Tricks, Part 1: Physical memory resource maps https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/
- Hacking IIS https://drive.google.com/file/d/1O0IARjqP4Pwa-ae1nAP8Nr9qb0ai2XPu/view
- CVE-2021-27927: CSRF to RCE Chain in Zabbix https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce
- CVE-2020-5377: Dell OpenManage Server Administrator File Read https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/
- TryHackMe: DNS Manipulation Walkthrough https://infosecwriteups.com/tryhackme-dns-manipulation-walkthrough-5944bf60f10f
- CVE-2020-24581 D-Link DSL-2888A Remote Command Execution https://reconshell.com/cve-2020-24581-d-link-dsl-2888a-remote-command-execution/
- Gitls – Enumerate Git Repository URL From List Of URL / User / Org https://www.kitploit.com/2021/03/gitls-enumerate-git-repository-url-from.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29
- How to discover up to 10,000 subdomains with your own tool https://infosecwriteups.com/this-time-you-will-learn-how-to-create-your-own-tool-with-which-you-will-be-able-to-discover-2e813495907e
Latest Vulnerabilities, POCs, and Exploit
- Sonlogger 4.2.3.3 – SuperAdmin Account Creation / Information Disclosure https://www.exploit-db.com/exploits/49650
- Microsoft Exchange 2019 – SSRF to Arbitrary File Write (Proxylogon) https://www.exploit-db.com/exploits/49663
- FastStone Image Viewer 7.5 – .cur BITMAPINFOHEADER ‘BitCount’ Stack Based Buffer Overflow (ASLR & DEP Bypass) https://www.exploit-db.com/exploits/49660
- VestaCP 0.9.8 – File Upload CSRF https://www.exploit-db.com/exploits/49659
- Alphaware E-Commerce System 1.0 – Unauthenicated Remote Code Execution (File Upload + SQL injection) https://www.exploit-db.com/exploits/49652