Smoke and Mirrors | Red Teaming with Physical Penetration Testing and Social Engineering
https://threat.tevora.com/smoke-and-mirrors-red-teaming-with-physical-penetration-testing-and-social-engineering/
https://threat.tevora.com/smoke-and-mirrors-red-teaming-with-physical-penetration-testing-and-social-engineering/
Threat Blog
Smoke and Mirrors | Red Teaming with Physical Penetration Testing and Social Engineering
In this post, we will illustrate the roadmap of a physical penetration test and advise how to successfully infiltrate into a corporate environment. This post should be able to clarify areas of focus for a successful physical engagement with an emphasis on…
PEpper
An open source script to perform malware static analysis on Portable Executable
https://github.com/Th3Hurrican3/PEpper
An open source script to perform malware static analysis on Portable Executable
https://github.com/Th3Hurrican3/PEpper
GitHub
GitHub - 0x0be/PEpper: An open source script to perform malware static analysis on Portable Executable
An open source script to perform malware static analysis on Portable Executable - GitHub - 0x0be/PEpper: An open source script to perform malware static analysis on Portable Executable
Forwarded from Noise Security Bit (Aligner)
Уязвимость в Whatsapp (уязвимость в android-gif-drawable либе) c "exploit'ом" (без обхода ASLR)
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
Home
How a double-free bug in WhatsApp turns to RCE
In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…
Forwarded from r0 Crew (Channel)
[RU] OTUS (Курс по реверсу) #LEAKED
https://cloud.mail.ru/public/4aGL/3EFRUMvq6/
#re #course #Thatskriptkid
https://cloud.mail.ru/public/4aGL/3EFRUMvq6/
#re #course #Thatskriptkid
One XSS cheatsheet to rule them all
https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all
https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all
PortSwigger Research
One XSS cheatsheet to rule them all
PortSwigger are proud to launch our brand new XSS cheatsheet. Our objective was to build the most comprehensive bank of information on bypassing HTML filters and WAFs to achieve XSS, and to present th
Security Advisory: Active Directory Open to More NTLM Attacks
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Vulnerability on a series of D-Link routers allows remote code execution but will not be fixed !!!!
https://www.freetechways.xyz/2019/10/dlink-router-remote-execution.html
https://www.freetechways.xyz/2019/10/dlink-router-remote-execution.html
DrSemu
Malware Detection and Classification Tool Based on Dynamic Behavior [The tool is in the early development stage]
https://github.com/secrary/DrSemu
Malware Detection and Classification Tool Based on Dynamic Behavior [The tool is in the early development stage]
https://github.com/secrary/DrSemu
GitHub
GitHub - secrary/DrSemu: DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior
DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior - secrary/DrSemu
802.11p V2X Hunting
https://harrisonsand.com/802-11p-v2x-hunting/
https://harrisonsand.com/802-11p-v2x-hunting/
Harrisonsand
802.11p V2X hunting
Autonomous vehicles are becoming closer to reality, and the technologies developed to support them have already started hitting the market. I set out to see if I could find any real-world deployments of these systems.
Burpee
A python module that accepts an HTTP request file and returns a dictionary of headers and post data
https://github.com/xscorp/Burpee
A python module that accepts an HTTP request file and returns a dictionary of headers and post data
https://github.com/xscorp/Burpee
GitHub
GitHub - xscorp/Burpee: A python module that accepts an HTTP request file and returns a dictionary of headers and post data
A python module that accepts an HTTP request file and returns a dictionary of headers and post data - xscorp/Burpee
Avira Antivirus 2019 (4 Services) - DLL Preloading and Potential Abuses (CVE-2019-17449)
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449
Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence
https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html
https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html
Blogspot
Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence
Penetration testing
Web, Wireless, Network Security
Web, Wireless, Network Security
Utilizing Reverse Proxies to Inject Malicious Code & Extract Sensitive Information
https://versprite.com/blog/application-security/reverse-proxy-attack/
https://versprite.com/blog/application-security/reverse-proxy-attack/
VerSprite, Threat Modeling and Pentesting Services
Utilizing reverse proxies offers a more advanced approach to phishing
Reverse proxies are servers that sit between clients and web servers, often to increase security, performance, and reliability of web applications. From an attacker’s perspective, reverse proxies can be used to sit between victim users and services of interest…