Latest Infosec News and Articles
- Patrik’s Bug Bounty 🛠️Tools https://blog.it-securityguard.com/patriks-bug-bounty-tools-%f0%9f%9b%a0%ef%b8%8f/
- Introducing MIDNIGHTTRAIN – A Covert Stage-3 Persistence Framework weaponizing UEFI variables https://slaeryan.github.io/posts/midnighttrain.html
- In-Memory shellcode decoding to evade AVs/EDRs https://shells.systems/in-memory-shellcode-decoding-to-evade-avs/
- How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
- Building an Obfuscator to Evade Windows Defender https://www.xanthus.io/post/building-an-obfuscator-to-evade-windows-defender
- #Instagram_RCE : Code Execution Vulnerability in Instagram App for Android and iOS https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
- Ryuk in 5 Hours https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/
- Analyzing Python Malware https://www.ringzerolabs.com/2020/09/analyzing-python-malware.html
- CVE-2020-16898: “Bad Neighbor” https://github.com/advanced-threat-research/CVE-2020-16898
- Espressif ESP32: Bypassing Secure Boot using EMFI https://raelize.com/posts/espressif-systems-esp32-bypassing-sb-using-emfi/
Latest Vulnerabilities, POCs, and Exploit
- Comtrend AR-5387un router – Persistent XSS (Authenticated) https://www.exploit-db.com/exploits/48908
- Typesetter CMS 5.1 – Arbitrary Code Execution (Authenticated) https://www.exploit-db.com/exploits/48906
- Hotel Management System 1.0 – Remote Code Execution (Authenticated) https://www.exploit-db.com/exploits/48888
Seat Reservation System 1.0 – Remote Code Execution (Unauthenticated) https://www.exploit-db.com/exploits/48887