Wawa Security Links 354

Jeudi 25 Avril 2024


GoogleNCR / Twitter
Hacking tutos / Facebook


Serverless (in)security | securing
https://isc.sans.edu/forums/diary/A Safe Excel Sheet Not So Safe/25868/
Professional / Community 2020.2 | Releases
A Survey of Istio's Network Security Features – NCC Group Research
Repl.it - CLUI: Building a Graphical Command Line
Hacking up your own shell completion | Computing with Jeremy
CLAMBLING - A New Backdoor Base On Dropbox (EN) | 詮睿科技
Malware fight back the tale of agent tesla
https://www.mail-archive.com/bind-announcelists.isc.org/msg00567.html
OffensiveCSharp/Program.cs at master · matterpreter/OffensiveCSharp · GitHub
Everything You Ever Wanted To Ask About Checkm8 And Checkra1n | Forensic Focus - Articles
https://mlq.me/download/takeaway.pdf
Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited | Volexity
https://posts.specterops.io/engineering-process-injection-detections-part-1-research-951e96ad3c85
Remote Code Execution Vulnerability | ManageEngine Desktop Central
GitHub - Y4er/CVE-2020-2555: Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
0.9.8.2 beta · checkra1n
GitHub - guidovranken/vfuzz: vfuzz
AFLplusplus/custom_mutators.md at master · vanhauser-thc/AFLplusplus · GitHub
Update: oledump.py Version 0.0.47 | Didier Stevens

Contextual Grepping: Proxmark3 Key Scan Example | Didier Stevens
Metasploit Wrap-Up
Abusing File System functions in web applications - steal NTLMv2 hash | Start With Linux | Mannu Linux
Root Cause
Offensive Development with GitHub Actions – MDSec
ida/idapython_tools/695_to_7 at master · you0708/ida · GitHub
GitHub - firstlookmedia/dangerzone: Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF
https://www.cattius.com/images/undocumented-cpu-behavior.pdf
The History of the URL
https://www-users.cs.umn.edu/~kjlu/papers/fifuzz.pdf
GitHub - pd0wm/flexray-interceptor: FPGA project to man-in-the-middle attack Flexray
DuckDuckGo Tracker Radar Exposes Hidden Tracking
GitHub - 3xpl01tc0d3r/Callidus
Trustonic’s Kinibi TEE Implementation | Azeria Labs
https://isc.sans.edu/forums/diary/Excel Maldocs Hidden Sheets/25876/
https://isc.sans.edu/forums/diary/Chain Reactor Simulate Adversary Behaviors on Linux/25872/
Dissecting Emotet - Part 2 | Deutsche Telekom
GitHub - its-a-feature/Apfell: A collaborative, multi-platform, red teaming framework
GitHub - mnrkbys/vss_carver: Carves and recreates VSS catalog and store from Windows disk image.
https://www.exploit-db.com/exploits/48186

GitHub - BC-SECURITY/Starkiller: Starkiller is a Frontend for PowerShell Empire.
macOS Malware Researchers | How To Bypass XProtect on Catalina | SentinelOne
https://medium.com/secureITmania/how-i-exploit-the-json-csrf-with-method-override-technique-71c0a9a7f3b0
Crescendo: Real Time Event Viewer for macOS | FireEye Inc
https://blog.talosintelligence.com/2020/03/wago-vulnerability-spotlight-march-2020.html
Basic Protocols in Networking
Security advisory 2020-03-03 | Yubico
bugs.xdavidhu.me - xdavidhu's bug bounty writeups.
An Introduction to Starkiller
Multiple vulnerabilities found in Zyxel CNM SecuManager - IT Security Research by Pierre
https://www.synacktiv.com/ressources/modern_php_security_sec4dev.pdf
The Art Of Malware - Bringing the dead back to life - Malware - 0x00sec - The Home of the Hacker
GitHub - six2dez/wahh_extras: The Web Application Hacker's Handbook - Extra Content
Ferib: Reversing the McDonalds Mobile Application to get free food
https://medium.com/nishanmaharjan17/reversing-golang-binaries-part-3-how-to-run-a-golang-ransomware-613f5369cbaa
GitHub - villawang/Neuro-AI-Interface: Use deep neural networks to synthesize the Neuroscore for evaluating Generative Adversarial Networks
Presentations/Nullcon2020_COM-promise_-_Attacking_Windows_development_environments.pdf at master · outflanknl/Presentations · GitHub
Pass-the-Hash is still a threat – Windows & Cloud Security
GitHub - zznop/ich: Linux crash harness with runtime process instrumentation
GitHub - taviso/avscript: Avast JavaScript Interactive Shell

GitHub - zeropointdynamics/zelos: A comprehensive binary emulation platform.
Not So Secret Messages - The Hacker Factor Blog
https://medium.com/adam.toscher/wireless-penetration-tips-c0ed0a6665fe
https://medium.com/anderson_pablo/iptv-smarters-exploit-cve-2020-9380-22d4b21f5da7
https://medium.com/schirrmacher/device-authentication-on-ios-and-android-80e681471622
Cryptographic Signatures, Surprising Pitfalls, and LetsEncrypt
GitHub - preempt/ntlm-scanner: A simple python tool based on Impacket that tests servers for various known NTLM vulnerabilities
An unexpected logic bug on Win32k - Blah Cats
https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf
Analysis of Malicious Excel Spreadsheet | By Monnappa K A - eForensics
TRRespass - VUSec
Differential Fault Injection Against AES on Atmega328 | Rot256. Cryptography & Other Random Bits.
Reversing and Exploiting with Free Tools: Part 4 | Core Security
https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61
Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487) - TrendLabs Security Intelligence Blog
https://kb.cert.org/vuls/id/872016/
CLSIDs in OLE Files | Didier Stevens
https://www.thezdi.com/blog/2020/3/10/the-march-2020-security-update-review
https://blog.talosintelligence.com/2020/03/vuln-spotlight-windows-10-kernel-information-disclosure.html
Rocket Loader skimmer impersonates CloudFlare library in clever scheme - Malwarebytes Labs | Malwarebytes Labs


Translate / Map
Wikipedia [ENG] / GIT

Metasploit / ExploitDB
Converter / Project 0

Hotmail / Gmail / ODA
eprint.iacr / Youtube