Latest Infosec News and Articles Learning Linux Kernel Exploitation - Part 2 https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/ Sudo Exploit Writeup https://www.kalmarunionen.dk/writeups/sudo/ A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you
Blog | Page 2 of 9 | Ptrace Security GmbH
Blog
IT Security News Bulletin #57
Latest Infosec News and Articles Learning Linux Kernel Exploitation - Part 1 https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/#Pentesting laravel debug rce CVE-2021-3129 https://github.com/SNCKER/CVE-2021-3129 How To Attack Kerberos 101 https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html A list of cyber-chef recipes and curated links https://github.com/mattnotmax/cyberchef-recipes Windows
IT Security News Bulletin #56
Latest Infosec News and Articles Weblogic Remote Code Execution Exploiting CVE-2019-2725 https://blog.cybercastle.io/weblogic-remote-code-execution-exploiting-cve-2019-2725/ Microsoft Teams and Skype Logging Privacy Issue https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/microsoft-teams-and-skype-logging-privacy-issue/ Bypassing and exploiting Bucket Upload Policies and Signed URLs https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/ Pentesting the ELK
IT Security News Bulletin #55
Latest Infosec News and Articles Win32k System Call Filtering Deep Dive https://improsec.com/tech-blog/win32k-system-call-filtering-deep-dive Bypassing Windows protection mechanisms & Playing with OffensiveNim https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/ SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos
IT Security News Bulletin #54
Latest Infosec News and Articles Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/ Building a custom Mimikatz binary https://s3cur3th1ssh1t.github.io/Building-a-custom-Mimikatz-binary/ Code Injection: Windows Taskbar https://x0r19x91.gitlab.io/post/code-injection-mstasklist/ Userland API Monitoring and
Getting Started with WinDbg
https://www.youtube.com/watch?v=c492-BMacZ0 The Windows Debugger, also known as Win-Dee-Bee-Gee is one, if not THE, most popular tool used by reverse engineers and exploit developers to understand how an application works. It
IT Security News Bulletin #52
Latest Infosec News and Articles Analyzing Cobalt Strike for Fun and Profit https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/ Sub404: A Fast Tool To Check Subdomain Takeover Vulnerability https://securityonline.info/sub404-check-subdomain-takeover-vulnerability/ MouseJack: From Mouse to Shell – Part 1 https://www.wilbursecurity.com/2019/03/mousejack-from-mouse-to-shell-part-1/ CVE-2020-35489:
IT Security News Bulletin #50
Latest Infosec News and Articles Finding Hidden Files and Folders on IIS using BigQuery https://blog.assetnote.io/2020/09/18/finding-hidden-files-folders-iis-bigquery/ WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack https://securityaffairs.co/wordpress/112218/hacking/easy-wp-smtp-wordpress-plugin-flaw.html Buffer Overflows
IT Security News Bulletin #49
Latest Infosec News and Articles 403Bypasser: bypass 403 restricted directory https://securityonline.info/403bypasser-bypass-403-restricted-directory/ Windows Driver Signing Enforcement bypass https://github.com/theevilbit/workshops/blob/master/DSE%20Bypass%20Workshop/dc26%20-%20Csaba%20Fitzl%20-%20DSE%20Bypass%20Workshop%20-%20Presentation.pdf Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals
IT Security News Bulletin #48
Latest Infosec News and Articles A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet a recon tool that allows searching on URLs that are exposed