Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
Medium
Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins
This is a detailed overview of the bugs found while reviewing the source code of WordPress plugins. I cover 3 reported vulnerabilities…
PowerSharpPack. Many usefull offensive CSharp Projects wraped into Powershell
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
GitHub
GitHub - S3cur3Th1sSh1t/PowerSharpPack
Contribute to S3cur3Th1sSh1t/PowerSharpPack development by creating an account on GitHub.
FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking
https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/
https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/
MDSec
FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking - MDSec
Introduction During red team engagements, it is not uncommon to encounter Endpoint Defence & Response (EDR) / Prevention (EDP) products that implement user-land hooks to gain insight in to a...
👍1
Death from Above: Lateral Movement from Azure to On-Prem AD
https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d
https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d
Medium
Death from Above: Lateral Movement from Azure to On-Prem AD
I’ve been looking into Azure attack primitives over the past couple of months to gain a better understanding of how the system works, what…
Introduction to Windows tokens for security practitioners
https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners
https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners
Elastic Blog
Introduction to Windows tokens for security practitioners
Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals. In this blog post, we demystify h...
Malware Development Pt. 1: Dynamic Module Loading in Go
https://posts.specterops.io/malware-development-pt-1-dynamic-module-loading-in-go-1121f07f3a5a
https://posts.specterops.io/malware-development-pt-1-dynamic-module-loading-in-go-1121f07f3a5a
Medium
Malware Development Pt. 1: Dynamic Module Loading in Go
Loading and managing shared libraries in memory.
A Voyage to Uncovering Telemetry: Identifying RPC Telemetry for Detection Engineers
https://ipc-research.readthedocs.io/en/latest/subpages/RPC.html
https://ipc-research.readthedocs.io/en/latest/subpages/RPC.html
DRAKVUF™ is a virtualization based agentless black-box binary analysis system. DRAKVUF™ allows for in-depth execution tracing of arbitrary binaries (including operating systems), all without having to install any special software within the virtual machine used for analysis.
https://drakvuf.com
https://drakvuf.com
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption
https://www.microsoft.com/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption/
https://www.microsoft.com/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption/
Microsoft News
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption
Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
Unauthenticated RCE on MobileIron MDM
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html?m=1
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html?m=1
Orange Tsai
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
[ 繁體中文版本 | English Version ] Hi, it’s a long time since my last article. This new post is about my research this March, which talks about how I found vulnerabilities on a leading Mobile Device Mana
Zerologon: unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)
https://www.secura.com/pathtoimg.php?id=2055
https://www.secura.com/pathtoimg.php?id=2055
I Like to Move It: Windows Lateral Movement Part 2 – DCOM
https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/
https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/
MDSec
I Like to Move It: Windows Lateral Movement Part 2 - DCOM - MDSec
Overview In part 1 of this series, we discussed lateral movement using WMI event subscriptions. During this post we will discuss another of my “go to” techniques for lateral movement,...
A different way of abusing Zerologon (CVE-2020-1472)
https://dirkjanm.io/a-different-way-of-abusing-zerologon/
https://dirkjanm.io/a-different-way-of-abusing-zerologon/
dirkjanm.io
A different way of abusing Zerologon (CVE-2020-1472)
In August 2020, Microsoft patched CVE-2020-1472 aka Zerologon. This is in my opinion one of the most critical Active Directory vulnerabilities of the past few years, since it allows for instant escalation to Domain Admin without credentials. The most straightforward…