Wawa Security Links 324

Vendredi 29 Mars 2024


GoogleNCR / Twitter
Hacking tutos / Facebook


Windows Error Reporting Manager arbitrary file move Elevation of Privilege (CVE-2019-1315) - Almond Offensive Security Blog
GitHub - coolboy4me/cve-2019-0708_bluekeep_rce: it works on xp (all version sp2 sp3)
Simple Trick For Red Teams
https://medium.com/bugbountywriteup/information-disclosure-at-paypal-and-xoom-paypal-acquisition-via-simple-google-dork-1-000-usd-b726fe628a05
https://medium.com/bugbountywriteup/rootcon-2019s-ctf-writeups-for-web-category-753abe95fe15
https://medium.com/bugbountywriteup/hackthebox-ghoul-deb77ff43326
https://medium.com/bugbountywriteup/whatsapp-delete-for-everyone-doesnt-delete-media-files-in-android-f7912b520b39
https://medium.com/bugbountywriteup/domectf-writeup-the-matrix-9f863a9fe6b4
GitHub - pcouy/bird-whisperer: My little birds are everywhere. Even in the North. They whisper to me, the strangest stories
How to Fuzz Rust Code with Cargo-Fuzz (Continuously) - Fuzzit
GitHub - XCF-Babble/babble: 说都不会话了。
Project Zero: The story of Adobe Reader symbols
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/cybercriminal groups/TA505/04-10-2019/Malware Analysis 04-10-2019.md
Persistence – Shortcut Modification | Penetration Testing Lab
TwinCAT DoS Vulnerability Disclosure (CVE 2019-5637 & 2019-5636)
Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
GitHub - gcmartinelli/entroPy: Binary file entropy visualizer written in Python
WooCommerce 3.6.4 - CSRF Bypass to Stored XSS
SensePost | Mettle your ios with frida
https://blog.shiftleft.io/zero-day-snafus-hunting-memory-allocation-bugs-797e214fab6c

Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Multiple remote code execution bugs in NitroPDF
XS-Leak: Leaking IDs using focus | PortSwigger Research
FIDO2: Solving the Password Problem
Persistence – Screensaver | Penetration Testing Lab
Preempt Blog l DROP THE MIC 2: AD Open to More NTLM Attacks
https://medium.com/maverickNerd/recon-everything-48aafbb8987
https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971
https://blog.usejournal.com/sesame-street-volusion-customers-are-comprised-how-the-cookie-monster-is-stealing-cc-numbers-21eb51ec613b
How to Exfiltrate AWS EC2 Data — Nettitude Labs
https://medium.com/bugbountywriteup/pentesting-an-iot-based-biometric-attendance-device-10c0efd69392
FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops - TrendLabs Security Intelligence Blog
Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil | FireEye Inc
GitHub - salesforce/policy_sentry: IAM Least Privilege Policy Generator
https://medium.com/bugbountywriteup/stories-of-idor-4966369e6d82
Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit | Mozilla Security Blog
leah blogs: Ken Thompson's Unix password
Hack the Box (HTB) machines walkthrough series — SecNotes
CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings - TrendLabs Security Intelligence Blog
Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques | FireEye Inc
This is not a hot dog: an intuitive view on attacking machine learning models – NVISO Labs

HP Touchpoint Analytics - DLL Search-Order Hijacking - Potential Abuses (CVE-2019-6333)
Remote Desktop tunneling tips & tricks | @Mediaservice.net Technical Blog
Scraps of Notes on Exploiting Exim Vulnerabilities
ESET discovers Attor, a spy platform with curious GSM fingerprinting | WeLiveSecurity
Staying Hidden on the Endpoint: Evading Detection with Shellcode | FireEye Inc
Understanding the full potential of sqlmap during bug bounty hunting ~ Kamil Vavra
Vulnerability Root Cause Analysis With Time Travel Debugging
My-CTF-Challenges/BalsnCTF-2019/Donation at master · CykuTW/My-CTF-Challenges · GitHub
Step by step AWS Cloud Hacking - Speaker Deck
Custom Ghidra Version Tracking Correlator
GitHub - RUB-SysSec/grimoire
https://medium.com/metamask/introducing-the-next-evolution-of-the-web3-wallet-4abdf801a4ee
https://posts.specterops.io/security-descriptor-auditing-methodology-investigating-event-log-security-d64f4289965d
Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: New IDA Pro plugin provides TileGX support
Integrate Linux Commands into Windows with PowerShell and the Windows Subsystem for Linux | Windows Command Line
http://newosxbook.com/bonus/iBoot.pdf
CVE-2019-17059: Preauth-RCE in Sophos' Cyberoam Explained | TheBestVPN.com
Zombieland CTF – Reverse Engineering for Beginners – Analysis 101
https://blogs.akamai.com/2019/10/watermarking-a-content-owners-mark-to-prevent-piracy.html
Bypassing the WebARX Web Application Firewall (WAF) | 🔐Blog of Osanda

https://www.hackingarticles.in/lxd-privilege-escalation/
AWAE/OSWE PREP (Code analysis to gaining rce and automating everything with Python) | Sarthak Saini
Hack The Box - Writeup
Improving the Cryptography of the JavaScript Ecosystem - Paragon Initiative Enterprises Blog
Writeup (HACK THE BOX) | Sarthak Saini
A Ghidra loader for the Linear eXecutable format - oshogbo//vx
Writeup (HTB)
Hacking the PS2 with Yabasic
Hack The Box - Writeup | 0xRick
Bypass McAfee with McAfee | dmaasland.github.io
Hack The Box: Writeup – Khaotic Developments
https://medium.com/paktek123/write-your-own-dns-server-in-python-hosted-on-kubernetes-3febacf33b9b
Analyzing Keyboard Firmware Part 2 - mrexodia's blog
https://cure53.de/analysis-report_sgn.pdf
Protocol Layer Attack - HTTP Request Smuggling
Breach Scenario – Retail Industry | Pentest Laboratories
https://medium.com/frycos/finding-sql-injections-fast-with-white-box-analysis-a-recent-bug-example-ca449bce6c76
GitHub - facebookresearch/CrypTen: A framework for Privacy Preserving Machine Learning
Reversing JNBridge to Build an n-day Exploit for CVE-2019-7839 | NickstaDB
Potential bypass of Runas user restrictions


Translate / Map
Wikipedia [ENG] / GIT

Metasploit / ExploitDB
Converter / Project 0

Hotmail / Gmail / ODA
eprint.iacr / Youtube