Blog

Latest Infosec News and Articles Learning Linux Kernel Exploitation - Part 2 https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/ Sudo Exploit Writeup  https://www.kalmarunionen.dk/writeups/sudo/ A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you

Latest Infosec News and Articles Learning Linux Kernel Exploitation - Part 1 https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/#Pentesting laravel debug rce CVE-2021-3129 https://github.com/SNCKER/CVE-2021-3129 How To Attack Kerberos 101 https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html A list of cyber-chef recipes and curated links https://github.com/mattnotmax/cyberchef-recipes Windows

Latest Infosec News and Articles  Weblogic Remote Code Execution Exploiting CVE-2019-2725  https://blog.cybercastle.io/weblogic-remote-code-execution-exploiting-cve-2019-2725/ Microsoft Teams and Skype Logging Privacy Issue  https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/microsoft-teams-and-skype-logging-privacy-issue/ Bypassing and exploiting Bucket Upload Policies and Signed URLs  https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/  Pentesting the ELK

Latest Infosec News and Articles Win32k System Call Filtering Deep Dive https://improsec.com/tech-blog/win32k-system-call-filtering-deep-dive Bypassing Windows protection mechanisms & Playing with OffensiveNim https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/ SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos

Latest Infosec News and Articles Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR  https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/ Building a custom Mimikatz binary https://s3cur3th1ssh1t.github.io/Building-a-custom-Mimikatz-binary/ Code Injection: Windows Taskbar https://x0r19x91.gitlab.io/post/code-injection-mstasklist/ Userland API Monitoring and

Latest Infosec News and Articles Analyzing Cobalt Strike for Fun and Profit https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/ Sub404: A Fast Tool To Check Subdomain Takeover Vulnerability https://securityonline.info/sub404-check-subdomain-takeover-vulnerability/ MouseJack: From Mouse to Shell – Part 1 https://www.wilbursecurity.com/2019/03/mousejack-from-mouse-to-shell-part-1/  CVE-2020-35489:

Latest Infosec News and Articles Finding Hidden Files and Folders on IIS using BigQuery  https://blog.assetnote.io/2020/09/18/finding-hidden-files-folders-iis-bigquery/  WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack  https://securityaffairs.co/wordpress/112218/hacking/easy-wp-smtp-wordpress-plugin-flaw.html  Buffer Overflows

Latest Infosec News and Articles 403Bypasser: bypass 403 restricted directory  https://securityonline.info/403bypasser-bypass-403-restricted-directory/  Windows Driver Signing Enforcement bypass https://github.com/theevilbit/workshops/blob/master/DSE%20Bypass%20Workshop/dc26%20-%20Csaba%20Fitzl%20-%20DSE%20Bypass%20Workshop%20-%20Presentation.pdf Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals

Latest Infosec News and Articles A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet a recon tool that allows searching on URLs that are exposed