Wawa Security Links 333

Vendredi 19 Avril 2024


GoogleNCR / Twitter
Hacking tutos / Facebook


https://www.hackingarticles.in/multiple-methods-to-bypass-restricted-shell/
Practical Guide to Passing Kerberos Tickets From Linux | 0xeb_bp
VNC vulnerability research | Kaspersky ICS CERT
https://medium.com/bugbountywriteup/stories-of-idor-part-2-29d313a39e55
Ginp - A malware patchwork borrowing from Anubis | Blogs | ThreatFabric
This Week In Security: More WhatsApp, Nextcry, Hover To Crash, And Android Permissions Bypass | Hackaday
GitHub - gamozolabs/fzero_fuzzer: A fast Rust-based safe and thead-friendly grammar-based fuzz generator
GitHub - AbsoZed/DockerPwn.py: Python automation of Docker.sock abuse
Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps - TrendLabs Security Intelligence Blog
Anti-virus Exploitation: Local Privilege Escalation in K7 Security (CVE-2019-16897) - Exploit Development - 0x00sec - The Home of the Hacker
Weak encryption cipher and hardcoded cryptographic keys in Fortinet products – SEC Consult
How to make LLDB a real debugger
TA505 Get2 Analysis | GoggleHeadedHacker
GitHub - victorqribeiro/bruteforcetv: Let's brute force this hotel's tv.
The De-anonymization of the Technion Confessions Admin – m417z / blog – A Blog About Stuff
https://www.exploit-db.com/exploits/47708
FIDL: FLARE’s IDA Decompiler Library | FireEye Inc
Push notifications | Securelist
https://isc.sans.edu/forums/diary/My Little DoH Setup/25548/
https://posts.specterops.io/attacking-freeipa-part-i-authentication-77e73d837d6a

https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a
Hack The Box - Chainsaw | 0xRick
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/
Report: We Tested 5 Popular Web Hosting Companies & All Were Easily Hacked
Exploiting padding oracles with fixed IVs | Teddy Katz’s Blog
iBoot heap internals
GitHub - cloudflare/flan: A pretty sweet vulnerability scanner
Anonymized DNS · DNSCrypt/dnscrypt-proxy Wiki · GitHub
Zsh prompt with asynchronous Git status | Vincent Bernat
https://github.com/ernw/Windows-Insight/blob/master/articles/Device Guard/WDAC/dg_ci_skci_signed.pdf
https://medium.com/swlh/hacking-saml-bce30483d020
Using and Abusing Aliases with PowerShell
https://medium.com/cyb3rops/the-problems-with-todays-red-teaming-7b8ed1e735c9
debugging-with-armx
Hunting For Attackers’ Tactics And Techniques With Prefetch Files | Forensic Focus - Articles
GitHub - allpaca/chrome-sbx-db: A Collection of Chrome Sandbox Escape POCs/Exploits for learning
MENASEC - Applied Security Research: Hunting for suspicious use of TeamViewer - Part 1/2
https://medium.com/dimitrismargaritis/prevent-legitimate-windows-executables-to-be-used-to-gain-initial-foothold-in-your-infrastructure-39771cd6ec90
GitHub - phpstan/phpstan: PHP Static Analysis Tool - discover bugs in your code without running it!
Apache Solr Vulnerable to Remote Code Execution Zero-Day Vulnerability - Blog | Tenable®

GitHub - securisec/chepy
https://medium.com/drakkars/hacking-an-android-tv-in-2-minutes-7b6f29518ff3
https://medium.com/cu-cyber/impersonating-ja3-fingerprints-b9f555880e42
GitHub - PLSysSec/haybale: Symbolic execution of LLVM IR with an engine written in Rust
macOS Red Team: Spoofing Privileged Helpers (and Others) to Gain Root | SentinelOne | Autonomous AI Platform
https://medium.com/klockw3rk/privilege-escalation-leveraging-misconfigured-systemctl-permissions-bc62b0b28d49
[Redhat2019] Kaleidoscope | Mid Station
Tearing down a Costco remote ceiling light | My Not-So-Boring Life
Insights from one year of tracking a polymorphic threat - Microsoft Security
learn reversing by solving MalwareTech vm using cutter – DaringJoker
HackerOne
MITRE ATT&CK vulnerability spotlight: Credentials in registry
https://www.thezdi.com/blog/2019/11/25/diving-deep-into-a-pwn2own-winning-webkit-bug
What's Changed in Recon-ng 5.x - Black Hills Information Security
HackerOne
Timestamp recognition of dates with two-digit years fails beginning January 1, 2020 - Splunk Documentation
A Glimpse Into Tencent's Legu Packer
https://medium.com/adam.toscher/new-hot-spot-2-0-wifi-evil-twin-attack-2d63b1dd61eb
Forget Homomorphic Encryption, Here Comes Functional Encryption
https://astrix.co.uk/news/2019/11/26/nessus-professional-tips-and-tricks

https://blog.appsecco.com/getting-started-with-version-2-of-aws-ec2-instance-metadata-service-imdsv2-2ad03a1f3650
HackerOne
GitHub - DNSCrypt/dnscrypt-proxy: dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
Google Cloud Armor adds WAF, telemetry features | Google Cloud Blog
Bugtraq: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products
CrackMapExec module to set as "owned" on BloodHound every target owned by the attacker · GitHub
GitHub - s0md3v/Corsy: CORS Misconfiguration Scanner
GitHub - AidanGamzer/ReRa1n: ReRa1n source code
GitHub - jaredestroud/r2elk: Radare2 Metadata Extraction to Elasticsearch
https://medium.com/bugbountywriteup/bug-bounty-broken-api-authorization-d30c940ccb42
https://medium.com/bugbountywriteup/chainsaw-hackthebox-6b882d6ef5d1
Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + 'prototype' pollution
Reflected XSS in graph.facebook.com leads to account takeover in IE/Edge – Bug bounty write-ups
https://medium.com/bugbountywriteup/breaking-down-sha-256-algorithm-2ce61d86f7a3
RevengeHotels: cybercrime targeting hotel front desks worldwide | Securelist
Public SSH keys can leak your private infrastructure | Artem Golubin
Post | Network Defense Blog
https://www3.cs.stonybrook.edu/~mikepo/papers/dataencr.acsac19.pdf
A History of HTML Parsing at Cloudflare: Part 1
GitHub - arch4ngel/peasant


Translate / Map
Wikipedia [ENG] / GIT

Metasploit / ExploitDB
Converter / Project 0

Hotmail / Gmail / ODA
eprint.iacr / Youtube