Latest Infosec News and Articles
- Apache HTTP Server 2.4.50 Remote Code Execution https://cxsecurity.com/issue/WLB-2021100131
- RedTeam Toolkit: the useful offensive tools https://securityonline.info/redteam-toolkit-the-useful-offensive-tools/
- This is how I bypassed almost every EDR! https://medium.com/@omribaso/this-is-how-i-bypassed-almost-every-edr-6e9792cf6c44
- DLLHijackingScanner: bypassing UAC using DLL hijacking and abusing the “Trusted Directories” verification https://securityonline.info/dllhijackingscanner-bypassing-uac-using-dll-hijacking/
- PeTeReport – An Open-Source Application Vulnerability Reporting Tool https://www.kitploit.com/2021/10/petereport-open-source-application.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29
- Container Breakouts – Part 2: Privileged Container https://blog.nody.cc/posts/container-breakouts-part2/
- forbidden: Bypass 4xx HTTP response status codes https://securityonline.info/forbidden-bypass-4xx-http-response-status-codes/
- Persistence – AMSI https://pentestlab.blog/2021/05/17/persistence-amsi/
- From Zero to Domain Admin https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/
- Fuzzing101 with LibAFL – Part I https://epi052.gitlab.io/notes-to-self/blog/2021-11-01-fuzzing-101-with-libafl/
Latest Vulnerabilities, POCs, and Exploit
- Xlight FTP 3.9.3.1 – Buffer Overflow (PoC) https://www.exploit-db.com/exploits/50516
- FormaLMS 2.4.4 – Authentication Bypass https://www.exploit-db.com/exploits/50513
- Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3) https://www.exploit-db.com/exploits/50512
- AbsoluteTelnet 11.24 – ‘Phone’ Denial of Service (PoC) https://www.exploit-db.com/exploits/50511
- AbsoluteTelnet 11.24 – ‘Username’ Denial of Service (PoC) https://www.exploit-db.com/exploits/50510