Latest Infosec News and Articles
- [PowerShell Commands] https://themayor.notion.site/53512dc072c241589fc45c577ccea2ee?v=7b908e7e76a9416f98f40d9d3843d3cb
- CVE-2021-34866 Writeup https://blog.hexrabbit.io/2021/11/03/CVE-2021-34866-writeup/
- Skrull: run malware on the victim using the Process Ghosting technique https://securityonline.info/skrull-run-malware-on-the-victim-using-the-process-ghosting-technique/
- toutatis: extract information from instagrams accounts such as e-mails, phone numbers https://securityonline.info/toutatis-extract-information-from-instagrams-accounts/
- ADenum: find misconfiguration through the protocol LDAP https://securityonline.info/adenum-find-misconfiguration-through-the-protocol-ldap/
- The Invisible JavaScript Backdoor https://certitude.consulting/blog/en/invisible-backdoor/
- AzureHunter – A Cloud Forensics Powershell Module To Run Threat Hunting Playbooks On Data From Azure And O365 https://www.kitploit.com/2021/11/azurehunter-cloud-forensics-powershell.html
- Simple S3 Bucket Testing Software https://github.com/halencarjunior/sss3
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools https://github.com/xforcered/InvisibilityCloak
- RSA attack tool (mainly for ctf) – retreive private key from weak public key and/or uncipher data https://github.com/Ganapati/RsaCtfTool
Latest Vulnerabilities, POCs, and Exploit
- WordPress Plugin Smart Product Review 1.0.4 – Arbitrary File Upload https://www.exploit-db.com/exploits/50533
- SuiteCRM 7.11.18 – Remote Code Execution (RCE) (Authenticated) (Metasploit) https://www.exploit-db.com/exploits/50531
- Online Learning System 2.0 – Remote Code Execution (RCE) https://www.exploit-db.com/exploits/50526