Wawa Security Links 339

Vendredi 26 Avril 2024


GoogleNCR / Twitter
Hacking tutos / Facebook


At Home Among Strangers - Speaker Deck
Strategies to protect against JavaScript skimmers | xorl %eax, %eax
BFU Extraction: Forensic Analysis of Locked and Disabled iPhones | ElcomSoft blog
CPR-Zero: CVE-2019-1286
Red XOR Blue: No Shells Required - a Walkthrough on Using Impacket and Kerberos to Delegate Your Way to DA
malweisse's corruptions - Sanitized Emulation with QASan
PoC: Exfiltrating data on macOS with Folder Actions | HoldMyBeer
https://isc.sans.edu/forums/diary/Bypassing UAC to Install a Cryptominer/25644/
https://isc.sans.edu/forums/diary/Malspam with links to Word docs pushes IcedID Bokbot/25640/
https://medium.com/bugbountywriteup/tmhc-ctf-osint-challenge-e8bad2c9f144
https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a
https://medium.com/bugbountywriteup/crossing-the-borders-the-illegal-trade-of-http-requests-57da188520ca
PE Import Table hijacking as a way of achieving persistence - or exploiting DLL side loading
https://medium.com/woj_ciech/when-?amerka-meets-healthcare-research-on-exposed-medical-devices-ac62f2840da4
Hacking your keyboard with karabiner | Kaushik Gopal’s blog
Custom Proto Mutation
https://isc.sans.edu/forums/diary/Enumerating office365 users/25648/
GitHub - marin-m/vmlinux-to-elf: A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
https://saelo.github.io/presentations/36c3_messenger_hacking.pdf
Cross-Origin Resource Sharing (CORS) - Ghostlulz Hacks

Using radare2 to patch a binary
https://medium.com/s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104
Exploiting: Spiderman 2000 - Buffer overflow in file loading routine – krystalgamer's Lair
malware-analysis-writeups/bashar-bachir-analysis.pdf at master · itsKindred/malware-analysis-writeups · GitHub
GitHub - avishayil/caponeme: Repository demonstrating the Capital One breach on your AWS account
App Analysis: Bumble
The Great Escape of ESXi: Breaking Out of a Sandboxed Virtual Machine - Google Präsentationen
GitHub - xerub/acorn: untethered+unsandboxed code execution in iOS 11
GitHub - cseagle/blc: Integrate Ghidra's decompiler as an Ida plugin
Let’s play (again) with Predator the thief – Fumik0_'s box
Is OpenBSD secure?
A new take on the birthday problem
GitHub - FiloSottile/age: A simple, modern and secure encryption tool with small explicit keys, no config options, and UNIX-style composability.
bellingcat - Guide To Using Reverse Image Search For Investigations - bellingcat
HackerOne
https://isc.sans.edu/forums/diary/Corrupt Office Documents/25650/
Relive! – 36C3 Streaming
https://medium.com/bugbountywriteup/from-broken-link-to-sub-folder-takeover-on-bukalapak-3aa985e622c4
https://medium.com/brice.augras/yogosha-christmas-challenge-ba810f0c9ab1
https://medium.com/cyberverse/authentication-bypass-with-x-path-injection-and-sql-injection-cyberverse-c5d8dd34ac9a

Hack The Box – Wall Box Writeup By Nikhil Sahoo – The BlockSec
Windows Privilege Escalation Methods - CertCube Labs
Top 10 Pentesting Tools and Extensions in Burp Suite - PortSwigger
GitHub - esecuritylab/kostebek
Introducing BIOLOAD: FIN7 BOOSTWRITE’s Lost Twin
Wireshark Tutorial: Examining Ursnif Infections
Living off the land: Attackers leverage legitimate tools for malicious ends | Symantec Blogs
Gozi V3: tracked by their own stealth – Sophos News
TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking - Blueliv
Targeting Portugal: A new trojan 'Lampion' has spread using template emails from the Portuguese Government Finance & Tax
From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 — spaceraccoon.dev
https://medium.com/bugbountywriteup/reverse-engineering-beating-a-trial-on-a-net-crackme-d4ab6604f10b
Lesser-known Tools for Android Application PenTesting - Hack.Learn.Share
CPU Introspection: Intel Load Port Snooping | Gamozo Labs Blog
https://freddiebarrsmith.com/trix/trix.html
Abusing Signals with SIGROP Exploits :: [audible]blink's " r e s e a r c h "
https://anee.me/reversing-web-assembly-wasm-dd59eb2a52d4
36C3 CTF Writeups
GitHub - anestisb/vdexExtractor: Tool to decompile & extract Android Dex bytecode from Vdex files
Revised Homograph Attacks

Exploit module for CVE-2019-3567 - Osquery for Windows access right misconfiguration Elevation of Privilege (https://offsec.almond.consulting/osquery-windows-acl-misconfiguration-eop.html) · GitHub
Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps — spaceraccoon.dev
GitHub - Fire30/bad_hoist
Password Spraying Dell SonicWALL Virtual Office – n00py Blog
FreeBSD fd Privilege Escalation ≈ Packet Storm
Reverse Engineering Carrot Crazy - Part 1 - Passwords | Shanty Blog
https://blog.sucuri.net/2019/12/the-anatomy-of-website-malware-part-2-credit-card-stealers.html
Big Monitoring Fabric Application
https://medium.com/frycos/yet-another-net-deserialization-35f6ce048df7
Privacy Log: The Second SHA Collision
GitHub - bridgecrewio/checkov: Prevent cloud misconfigurations during build time
GitHub - SteveSyfuhs/Kerberos.NET: A Kerberos implementation built entirely in managed code.
The Best Amateur Radio Links of 2019
GitHub - imsnif/bandwhich: Terminal bandwidth utilization tool (formerly known as "what")
Get pwned by scanning QR Code"
NirBlog » Blog Archive » Delete history records of Chrome and Firefox with BrowsingHistoryView
GitHub - aas-n/leHACK19: Write-up for the Active Directory Lab I have created for Akerva exhibition stand @ leHACK19 (Paris)
https://www.hackingarticles.in/multiple-ways-to-create-image-file-for-forensics-investigation/
YARA “Ad Hoc Rules” | Didier Stevens
https://medium.com/mycrypto/2019-in-review-major-blockchain-crypto-security-incidents-adb0e87e0f25


Translate / Map
Wikipedia [ENG] / GIT

Metasploit / ExploitDB
Converter / Project 0

Hotmail / Gmail / ODA
eprint.iacr / Youtube