One XSS cheatsheet to rule them all
https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all
https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all
PortSwigger Research
One XSS cheatsheet to rule them all
PortSwigger are proud to launch our brand new XSS cheatsheet. Our objective was to build the most comprehensive bank of information on bypassing HTML filters and WAFs to achieve XSS, and to present th
Security Advisory: Active Directory Open to More NTLM Attacks
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Vulnerability on a series of D-Link routers allows remote code execution but will not be fixed !!!!
https://www.freetechways.xyz/2019/10/dlink-router-remote-execution.html
https://www.freetechways.xyz/2019/10/dlink-router-remote-execution.html
DrSemu
Malware Detection and Classification Tool Based on Dynamic Behavior [The tool is in the early development stage]
https://github.com/secrary/DrSemu
Malware Detection and Classification Tool Based on Dynamic Behavior [The tool is in the early development stage]
https://github.com/secrary/DrSemu
GitHub
GitHub - secrary/DrSemu: DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior
DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior - secrary/DrSemu
802.11p V2X Hunting
https://harrisonsand.com/802-11p-v2x-hunting/
https://harrisonsand.com/802-11p-v2x-hunting/
Harrisonsand
802.11p V2X hunting
Autonomous vehicles are becoming closer to reality, and the technologies developed to support them have already started hitting the market. I set out to see if I could find any real-world deployments of these systems.
Burpee
A python module that accepts an HTTP request file and returns a dictionary of headers and post data
https://github.com/xscorp/Burpee
A python module that accepts an HTTP request file and returns a dictionary of headers and post data
https://github.com/xscorp/Burpee
GitHub
GitHub - xscorp/Burpee: A python module that accepts an HTTP request file and returns a dictionary of headers and post data
A python module that accepts an HTTP request file and returns a dictionary of headers and post data - xscorp/Burpee
Avira Antivirus 2019 (4 Services) - DLL Preloading and Potential Abuses (CVE-2019-17449)
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449
Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence
https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html
https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html
Blogspot
Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence
Penetration testing
Web, Wireless, Network Security
Web, Wireless, Network Security
Utilizing Reverse Proxies to Inject Malicious Code & Extract Sensitive Information
https://versprite.com/blog/application-security/reverse-proxy-attack/
https://versprite.com/blog/application-security/reverse-proxy-attack/
VerSprite, Threat Modeling and Pentesting Services
Utilizing reverse proxies offers a more advanced approach to phishing
Reverse proxies are servers that sit between clients and web servers, often to increase security, performance, and reliability of web applications. From an attacker’s perspective, reverse proxies can be used to sit between victim users and services of interest…
Forwarded from r0 Crew (Channel)
The Evolution of Advanced Threats: REsearchers Arms Race https://www.platformsecuritysummit.com/2019/speaker/matrosov/ #hardware #PSEC #videos #dukeBarman
Forwarded from r0 Crew (Channel)
Windows 10 (RS1-19H2+) UAC bypass using EditionUpgradeManager undocumented autoelevated COM interface. Works together with environment variables spoofing,
https://gist.github.com/hfiref0x/de9c83966623236f5ebf8d9ae2407611
#re #redteam #uac #darw1n
https://gist.github.com/hfiref0x/de9c83966623236f5ebf8d9ae2407611
#re #redteam #uac #darw1n
Gist
UAC bypass using EditionUpgradeManager COM interface
UAC bypass using EditionUpgradeManager COM interface - akagi_58a.c
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
https://gtfobins.github.io
https://gtfobins.github.io
Forwarded from r0 Crew (Channel)
Modern Binary Analysis with ILs:
An interesting talk on binary analysis problems and important aspects of an IL.
https://binary.ninja/presentations/Modern%20Binary%20Analysis%20with%20ILs.pdf
#re #binary #trietptm
An interesting talk on binary analysis problems and important aspects of an IL.
https://binary.ninja/presentations/Modern%20Binary%20Analysis%20with%20ILs.pdf
#re #binary #trietptm
Forwarded from r0 Crew (Channel)
KTRW: The journey to build a debuggable iPhone (performing single-step kernel debugging with LLDB and IDA Pro over USB)
Article: https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html
Source: https://github.com/googleprojectzero/ktrw #ios #debugger #dukeBarman
Article: https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html
Source: https://github.com/googleprojectzero/ktrw #ios #debugger #dukeBarman
Blogspot
KTRW: The journey to build a debuggable iPhone
Posted by Brandon Azad, Project Zero In my role here at Project Zero, I do not use some of the tooling used by some external iOS securit...