Wawa Security Links 323

Vendredi 19 Avril 2024


GoogleNCR / Twitter
Hacking tutos / Facebook


2019-A New Memory Type Against Speculative Side Channel Attacks v1.42 | Central Processing Unit | Computer Science
https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
Attacking AWS: the full cyber kill chain
How a double-free bug in WhatsApp turns to RCE - Home
Tutorial - reHonored - Restoring the developer console in Dishonored 2 | Guided Hacking
HackerOne
https://blog.sucuri.net/2019/10/a-new-wave-of-buggy-wordpress-infections.html
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us | McAfee Blogs
Open-Source Command and Control of the DOUBLEPULSAR Implant
HQWar: the higher it flies, the harder it drops | Securelist
DFChallenge – Incident Response Track 1-4 – DFIR
Reconstructing Command-Line Activity on MacOS | CrowdStrike
Hack Patch!: Nonce-based CSP + Service Worker = CSP bypass?
Minerva
Fixing getrandom() [LWN.net]
How Not To Suck At r2wars
https://isc.sans.edu/forums/diary/LostFiles Ransomware/25382/
https://medium.com/_graphx/if-httponly-you-could-still-csrf-of-cors-you-can-5d7ee2c7443
https://medium.com/SofianeHamlaoui/lockdoor-framework-a-penetration-testing-framework-with-cyber-security-resources-sofiane-22fbb7942378
App Analysis: Bird

Exploring Execution Trace Analysis
What Is SAML? A Deep Dive into SAML SSO | Rapid7
COMpfun successor Reductor infects files on the fly to compromise TLS traffic | Securelist
HTTP Desync Attacks: what happened next | PortSwigger Research
Oleg's gists - Do you have a problem? Write a compiler!
https://www.vdalabs.com/2019/09/25/windows-credential-theft-rdp-internet-explorer-11/
TLS version enforcement capabilities now available per certificate binding on Windows Server 2019 - Security documentation | Microsoft Docs
https://blog.sucuri.net/2019/10/down-the-malware-rabbit-hole-part-1.html
IDA, I Think It’s Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software | FireEye Inc
https://www.thezdi.com/blog/2019/10/3/cve-2019-8697-macos-system-escalation-via-disk-management
Coalfire - Coalfire Blog
exploits/php7-gc-bypass at master · mm0r1/exploits · GitHub
GitHub - vitalysim/totalrecon: TotalRecon installs all the recon tools you need
https://www.pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdf
https://medium.com/ethereum-grid/exploring-ethereum-with-geth-graphql-and-grid-6df38f2a86c
GitHub - ohjeongwook/PowerShellRunBox: Dynamic PowerShell analysis framework
Universe
https://medium.com/bugbountywriteup/sql-injection-to-lfi-to-rce-536bed29a862
https://5alt.me/2019/10/HackMD Stored XSS and HackMD Desktop RCE/
Follow the Link: Exploiting Symbolic Links with Ease | CyberArk

GitHub - w0lfschild/macOS_headers: A consistently maintained dump of most macOS Headers
SSRF & Open Redirect Cheat Sheet - HAHWUL :: 하훌
The sLoad Threat: Ten Months Later – Yoroi Blog
GitHub - ss23/entrust-identityguard-tools: Tools for playing with Entrust IdentityGuard soft tokens, such as decrypting QR codes and deriving OTP secrets
Hack The Box - Ghoul | 0xRick
frida_nn2019.pdf - Google Drive
https://towardsdatascience.com/coding-ml-tools-like-you-code-ml-models-ddba3357eace
https://posts.specterops.io/antimalware-scan-interface-detection-optics-analysis-methodology-858c37c38383
GitHub - zodiacon/ObjectExplorer: Windows Kernel Object Explorer
http://intx0x80.blogspot.com/2019/10/JWT.html
blog.redteam.pl: Internal domain name collision
CTF/machbook_exploit.py at master · hOwD4yS/CTF · GitHub
GitHub - idealo/imagededup: 😎 Finding duplicate images made easy!
LKML: Roman Gushchin: [PATCH RFC 00/14] The new slab memory controller
Automated Frida hook generation with JEB | Hamza’s random blogposts
https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html
Hack the Box (HTB) machines walkthrough series — Luke
https://medium.com/sensorfu/how-my-application-ran-away-and-called-home-from-redmond-de7af081100d
GitHub - jacobsoo/amtracker: Android Malware Tracker
my-ctf-challenges/balsnctf-2019/machbook at master · how2hack/my-ctf-challenges · GitHub

Sodium-Plus: A Positive Cryptography Experience for JavaScript Developers - DEV Community 👩‍💻👨‍💻
Persistence – New Service | Penetration Testing Lab
GitHub - nccgroup/GTFOBLookup: Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)
AAPG | [A]ndroid [A]pplication [P]entest [G]uide
https://medium.com/philiptsukerman/bypassing-the-microsoft-windows-threat-intelligence-kernel-apc-injection-sensor-92266433e0b0
A run-time approach for pen-testing iOS applications Part-II (Objection in Action) - SecureLayer7
A run-time approach for penetration testing of iOS apps Part-I - SecureLayer7
Variables
Advisories 1-2: Azure AD and Common WS-Trust MFA Bypass explained | SecureCloudBlog
Pair Locking your iPhone with Configurator 2
Improper Input Validation on dbell Smart Doorbell Can Lead To Attackers Remotely Unlocking Door – Noah Clements
MSRC-Security-Research/EKO19_Quest_Memory_Safety_PL.pdf at master · microsoft/MSRC-Security-Research · GitHub
How Bash completion works - tuzz.tech
Adding Bash completion to my tool - tuzz.tech
https://crypto.stanford.edu/timings/pingreject.pdf
GitHub - eyalr0/AES-Cryptoanalysis
https://www.webyeti.ninja/blog/building-a-pwnagotchi-pwning-wifi-with-ai
https://medium.com/threat-hunters-forge/threat-hunting-with-etw-events-and-helk-part-2-shipping-etw-events-to-helk-16837116d2f5
https://ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection
Pulling Back the Curtain On: Zip File Overwrites


Translate / Map
Wikipedia [ENG] / GIT

Metasploit / ExploitDB
Converter / Project 0

Hotmail / Gmail / ODA
eprint.iacr / Youtube