Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence
https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html
https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html
Blogspot
Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence
Penetration testing
Web, Wireless, Network Security
Web, Wireless, Network Security
Utilizing Reverse Proxies to Inject Malicious Code & Extract Sensitive Information
https://versprite.com/blog/application-security/reverse-proxy-attack/
https://versprite.com/blog/application-security/reverse-proxy-attack/
VerSprite, Threat Modeling and Pentesting Services
Utilizing reverse proxies offers a more advanced approach to phishing
Reverse proxies are servers that sit between clients and web servers, often to increase security, performance, and reliability of web applications. From an attacker’s perspective, reverse proxies can be used to sit between victim users and services of interest…
Forwarded from r0 Crew (Channel)
The Evolution of Advanced Threats: REsearchers Arms Race https://www.platformsecuritysummit.com/2019/speaker/matrosov/ #hardware #PSEC #videos #dukeBarman
Forwarded from r0 Crew (Channel)
Windows 10 (RS1-19H2+) UAC bypass using EditionUpgradeManager undocumented autoelevated COM interface. Works together with environment variables spoofing,
https://gist.github.com/hfiref0x/de9c83966623236f5ebf8d9ae2407611
#re #redteam #uac #darw1n
https://gist.github.com/hfiref0x/de9c83966623236f5ebf8d9ae2407611
#re #redteam #uac #darw1n
Gist
UAC bypass using EditionUpgradeManager COM interface
UAC bypass using EditionUpgradeManager COM interface - akagi_58a.c
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
https://gtfobins.github.io
https://gtfobins.github.io
Forwarded from r0 Crew (Channel)
Modern Binary Analysis with ILs:
An interesting talk on binary analysis problems and important aspects of an IL.
https://binary.ninja/presentations/Modern%20Binary%20Analysis%20with%20ILs.pdf
#re #binary #trietptm
An interesting talk on binary analysis problems and important aspects of an IL.
https://binary.ninja/presentations/Modern%20Binary%20Analysis%20with%20ILs.pdf
#re #binary #trietptm
Forwarded from r0 Crew (Channel)
KTRW: The journey to build a debuggable iPhone (performing single-step kernel debugging with LLDB and IDA Pro over USB)
Article: https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html
Source: https://github.com/googleprojectzero/ktrw #ios #debugger #dukeBarman
Article: https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html
Source: https://github.com/googleprojectzero/ktrw #ios #debugger #dukeBarman
Blogspot
KTRW: The journey to build a debuggable iPhone
Posted by Brandon Azad, Project Zero In my role here at Project Zero, I do not use some of the tooling used by some external iOS securit...
Forwarded from r0 Crew (Channel)
"Leveraging KVM as a debugging platform" https://drive.google.com/file/d/1nFoCM62BWKSz2TKhNkrOjVwD8gP51VGK/view #debugger #hacklu #dukeBarman
pythonfuzz
coverage guided fuzz testing for python https://fuzzit.dev
https://github.com/fuzzitdev/pythonfuzz
coverage guided fuzz testing for python https://fuzzit.dev
https://github.com/fuzzitdev/pythonfuzz
Gitlab
Security Compliance
GitLab application security testing for SAST, DAST, Dependency scanning, Container Scanning and more within the DevSecOps CI pipeline with vulnerability management and compliance.
Proof of Concept for "Wordpress <=5.2.3: viewing unauthenticated posts"
https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
0day.work
Proof of Concept for \
A couple of days Wordpress released 5.2.4 with a few security patches. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. caught my attention, but I couldn’t find a public Proof of Concept, so I set out to reverse engineer…
Let's Make Windows Defender Angry: Antivirus can be an oracle!
https://speakerdeck.com/icchy/lets-make-windows-defender-angry-antivirus-can-be-an-oracle
https://speakerdeck.com/icchy/lets-make-windows-defender-angry-antivirus-can-be-an-oracle
Speaker Deck
Let's Make Windows Defender Angry: Antivirus can be an oracle!
A presentation about AVOracle (AntiVirus Oracle) at CODE BLUE 2019 U25 track (https://codeblue.jp/2019/en/talks/?content=talks_23)
Japanese version: ht…
Japanese version: ht…
Forwarded from r0 Crew (Channel)
Solving iOS UnCrackable 1 Crackme Without Using an iOS Device https://serializethoughts.com/2019/10/28/solving-mstg-crackme-angr #ios #CTF #dukeBarman
serializethoughts
Solving iOS UnCrackable 1 Crackme Without Using an iOS Device
TL;DR: iOS UnCrackable Level 1 crackme application can be solved without using an iOS device using Angr’s dynamic execution engine.
Разбор и IOC'и Lazarus (Северная Корея) за октябрь 2019
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/North%20Korea/APT/Lazarus/23-10-19/analysis.md
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/North%20Korea/APT/Lazarus/23-10-19/analysis.md
GitHub
StrangerealIntel/CyberThreatIntel
Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups - StrangerealIntel/CyberThreatIntel
Описание устройства AppLocker
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-1.html
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-1.html
www.tiraniddo.dev
The Internals of AppLocker - Part 1 - Overview and Setup
This is part 1 in a short series on the internals of AppLocker (AL). Part 2 is here , part 3 here and part 4 here . AppLocker (AL) is...
Разбор LPE в Symantec Endpoint Protection
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6
Medium
CVE-2019–12757: Local Privilege Escalation in Symantec Endpoint Protection
Symantec Endpoint Protection Version: 14.2 RU1 Build 3335 (14.2.3335.1000) and below Operating System Tested On: Windows 10 1803 x64
Forwarded from r0 Crew (Channel)
A Collection of Chrome Sandbox Escape POCs/Exploits for learning https://github.com/allpaca/chrome-sbx-db #exploit #dukeBarman
GitHub
GitHub - allpaca/chrome-sbx-db: A Collection of Chrome Sandbox Escape POCs/Exploits for learning
A Collection of Chrome Sandbox Escape POCs/Exploits for learning - allpaca/chrome-sbx-db