Forwarded from r0 Crew (Channel)
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team https://github.com/knownsec/pocsuite3 #exploit #dukeBarman
GitHub
GitHub - knownsec/pocsuite3: pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404…
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team. - knownsec/pocsuite3
Forwarded from r0 Crew (Channel)
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Article: https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html
Another: https://blogs.technet.microsoft.com/srd/2019/03/14/local-privilege-escalation-via-the-windows-i-o-manager-a-variant-finding-collaboration/
#re #expdev #lpe #darw1n
Article: https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html
Another: https://blogs.technet.microsoft.com/srd/2019/03/14/local-privilege-escalation-via-the-windows-i-o-manager-a-variant-finding-collaboration/
#re #expdev #lpe #darw1n
Blogspot
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and wh...
#OSINT Email-Enum searches mainstream websites and tells you if an #email is registered! https://github.com/Frint0/email-enum
Forwarded from r0 Crew (Channel)
Ghidra Plugin Development for Vulnerability Research - Part-1 https://www.somersetrecon.com/blog/2019/ghidra-plugin-development-for-vulnerability-research-part-1 #ghidra #dukeBarman
Somerset Recon
Ghidra Plugin Development for Vulnerability Research - Part-1 — Somerset Recon
Overview On March 5th at the RSA security conference, the National Security Agency (NSA) released a reverse engineering tool called Ghidra. Similar to IDA Pro, Ghidra is a disassembler and decompiler with many powerful features (e.g., plugin support,…
A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password Spraying)
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/
Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/
Microsoft Security Blog
Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability | Microsoft Security Blog
A complex attack chain incorporating the CVE-2018-20250 exploit and multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines.
DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
got 0day?
DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
TL;DR This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file. Successful exploitation results in "Full Control" permissions for the low privileged user. Intro…
Dragonblood: A Security Analysis of WPA3’s SAE Handshake
https://papers.mathyvanhoef.com/dragonblood.pdf
https://papers.mathyvanhoef.com/dragonblood.pdf
Forwarded from r0 Crew (Channel)
Chrome 1-day RCE PoC (Array.prototype.map)
https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
#re #expdev #rce #1day #browser #darw1n
https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
#re #expdev #rce #1day #browser #darw1n
Exodus Intelligence
A window of opportunity: exploiting a Chrome 1day vulnerability
This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it into a stable Chrome release.