What I Learned from Reverse Engineering Windows Containers
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
Unit 42
What I Learned from Reverse Engineering Windows Containers
Our researcher provides an overview on containers - starting with their Linux history - and shows the different implementations of containers in Windows, how they work and the security pitfalls that may occur.
From iPhone to NT AUTHORITY\SYSTEM
https://decoder.cloud/2019/12/12/from-iphone-to-nt-authoritysystem/
https://decoder.cloud/2019/12/12/from-iphone-to-nt-authoritysystem/
Decoder's Blog
From iPhone to NT AUTHORITY\SYSTEM
As promised in my previous post , I will show you how to exploit the “Printconfig” dll with a real world example. But what does Apple’s iPhone have to do with it?? Well, keep on r…
Persistence – Office Application Startup
https://pentestlab.blog/2019/12/11/persistence-office-application-startup/
https://pentestlab.blog/2019/12/11/persistence-office-application-startup/
Penetration Testing Lab
Persistence – Office Application Startup
Microsoft Office is the most popular product in Windows operating systems since it allows users to write and edit documents, create and present slides, gather notes, sent emails and perform calcula…
Hacking GitHub with Unicode's dotless 'i'.
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
Operation Wocao: Shining a light on one of China’s hidden hacking groups
https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
POPPOPRET-nullbyte-DLL-bypass
A method to bypass a null byte in a POP-POP-RETN address for exploiting local SEH overflows via DLL injection
https://github.com/FULLSHADE/POPPOPRET-nullbyte-DLL-bypass
A method to bypass a null byte in a POP-POP-RETN address for exploiting local SEH overflows via DLL injection
https://github.com/FULLSHADE/POPPOPRET-nullbyte-DLL-bypass
From dropbox(updater) to NT AUTHORITY\SYSTEM
https://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/
https://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/
Decoder's Blog
From dropbox(updater) to NT AUTHORITY\SYSTEM
Hardlinks again! Yes, there are plenty of opportunities to raise your privileges due to incorrect permissions settings when combined with hardlinks in many softwares (MS included) ;-) In this post…
Using WebRTC ICE Servers for Port Scanning in Chrome
https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474
https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474
Medium
Using WebRTC ICE Servers for Port Scanning in Chrome
To everything (TURN! TURN! TURN!)
Powershell for exploitation and post exploitation
https://www.peerlyst.com/posts/powershell-for-exploitation-and-post-exploitation-david-dunmore
https://www.peerlyst.com/posts/powershell-for-exploitation-and-post-exploitation-david-dunmore
Forwarded from r0 Crew (Channel)
fn_fuzzy.py - IDAPython script for fast multiple binary diffing triage https://github.com/TakahiroHaruyama/ida_haru/tree/master/fn_fuzzy #reverse #ida #dukeBarman
GitHub
ida_haru/fn_fuzzy at master · TakahiroHaruyama/ida_haru
scripts/plugins for IDA Pro. Contribute to TakahiroHaruyama/ida_haru development by creating an account on GitHub.
Active Directory Visualization for Blue Teams and Threat Hunters
https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters
https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters
Praetorian
Active Directory Visualization for Blue Teams and Threat Hunters | Praetorian
As a network defender, it can be easy to attribute a certain degree of omnipotence to attackers. Advanced threats have an uncanny knack for figuring out how to move through an environment without regards for passwords, roles, permissions, or what “should”…
Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers & so on can be tedious
https://github.com/jymcheong/AutoTTP/blob/master/README.md
https://github.com/jymcheong/AutoTTP/blob/master/README.md
GitHub
jymcheong/AutoTTP
Automated Tactics Techniques & Procedures. Contribute to jymcheong/AutoTTP development by creating an account on GitHub.
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html
https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html
Blogspot
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
Posted by Samuel Groß, Project Zero Introduction This is the first blog post in a three-part series that will detail how a vulnerability...