Forwarded from r0 Crew (Channel)
Ghidra Plugin Development for Vulnerability Research - Part-1 https://www.somersetrecon.com/blog/2019/ghidra-plugin-development-for-vulnerability-research-part-1 #ghidra #dukeBarman
Somerset Recon
Ghidra Plugin Development for Vulnerability Research - Part-1 — Somerset Recon
Overview On March 5th at the RSA security conference, the National Security Agency (NSA) released a reverse engineering tool called Ghidra. Similar to IDA Pro, Ghidra is a disassembler and decompiler with many powerful features (e.g., plugin support,…
A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password Spraying)
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/
Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/
Microsoft Security Blog
Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability | Microsoft Security Blog
A complex attack chain incorporating the CVE-2018-20250 exploit and multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines.
DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
got 0day?
DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
TL;DR This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file. Successful exploitation results in "Full Control" permissions for the low privileged user. Intro…
Dragonblood: A Security Analysis of WPA3’s SAE Handshake
https://papers.mathyvanhoef.com/dragonblood.pdf
https://papers.mathyvanhoef.com/dragonblood.pdf
Forwarded from r0 Crew (Channel)
Chrome 1-day RCE PoC (Array.prototype.map)
https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
#re #expdev #rce #1day #browser #darw1n
https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
#re #expdev #rce #1day #browser #darw1n
Exodus Intelligence
A window of opportunity: exploiting a Chrome 1day vulnerability
This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it into a stable Chrome release.
AV WARS: Fighting fire with fire [AV Bypass Technique]
https://www.komodosec.com/post/av-wars-fighting-fire-with-fire
https://www.komodosec.com/post/av-wars-fighting-fire-with-fire
Komodo Cyber
AV WARS: Fighting fire with fire [AV Bypass Technique]
Back when I started doing red team engagements for Komodo, bypassing AV solutions was quick and trivial, almost a ‘non-brainer.’ Just change some strings, recompile and you’re golden. However, over the last few years, things have changed. AV’s and other endpoint…
Simple AV Evasion Symantec and P4wnP1 USB
https://medium.com/@fbotes2/advance-av-evasion-symantec-and-p4wnp1-usb-c7899bcbc6af
https://medium.com/@fbotes2/advance-av-evasion-symantec-and-p4wnp1-usb-c7899bcbc6af
StealJob: New Android Malware Used by Donot APT Group
https://ti.360.net/blog/articles/stealjob-new-android-malware-used-by-donot-apt-group-en/
https://ti.360.net/blog/articles/stealjob-new-android-malware-used-by-donot-apt-group-en/
How does Tor really work?
https://skerritt.blog/how-does-tor-really-work/
https://skerritt.blog/how-does-tor-really-work/
Skerritt.blog
How Does Tor Really Work? The Definitive Visual Guide (2023)
Today, we’re going to do a technical deep-dive into how Tor really works.
No mention of how to access Tor, no mention of what might be on Tor. This is how Tor works.
Without speculation and without exaggeration of what Tor is. Just a deep dive into the…
No mention of how to access Tor, no mention of what might be on Tor. This is how Tor works.
Without speculation and without exaggeration of what Tor is. Just a deep dive into the…
Coerchck - PowerShell Script For Listing Local Admins
https://0x00sec.org/t/coerchck-powershell-script-for-listing-local-admins/12987
https://0x00sec.org/t/coerchck-powershell-script-for-listing-local-admins/12987
Forwarded from Br0wSec (Andrey Kovalev)
Появились слайды с Zer0con про устройство и уязвимости TurboFan - JavaScript компилятора в V8.
https://docs.google.com/presentation/d/1DJcWByz11jLoQyNhmOvkZSrkgcVhllIlCHmal1tGzaw
https://docs.google.com/presentation/d/1DJcWByz11jLoQyNhmOvkZSrkgcVhllIlCHmal1tGzaw
Google Docs
A guided tour through Chrome's javascript compiler
A guided tour through Chrome's javascript compiler [email protected] / @_tsuro
purple-team-attack-automation
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
https://github.com/praetorian-inc/purple-team-attack-automation
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
https://github.com/praetorian-inc/purple-team-attack-automation
GitHub
GitHub - praetorian-inc/purple-team-attack-automation: Praetorian's public release of our Metasploit automation of MITRE ATT&CK™…
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs - praetorian-inc/purple-team-attack-automation
Jailbreaking Subaru StarLink
subaru-starlink-research
https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md
subaru-starlink-research
https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md
GitHub
subaru-starlink-research/doc/README.md at master · sgayou/subaru-starlink-research
Subaru StarLink persistent root code execution. Contribute to sgayou/subaru-starlink-research development by creating an account on GitHub.