CVE-2020-1493.pdf
75.9 KB
#Whitepaper
1. MS Outlook 2019 16.0.13231 - RCE (CVE-2020-16947);
2. MS Outlook 2019 16.0.12624 - Out-Of-Bounds Read (CVE-2020-1493);
3. MS Outlook 2019 16.0.12624 - RCE (CVE-2020-1349).
1. MS Outlook 2019 16.0.13231 - RCE (CVE-2020-16947);
2. MS Outlook 2019 16.0.12624 - Out-Of-Bounds Read (CVE-2020-1493);
3. MS Outlook 2019 16.0.12624 - RCE (CVE-2020-1349).
WebView_sec.pdf
740.3 KB
#Threat_Research
"Identity Confusion in WebView-based Mobile App-in-app Ecosystems", 2022.
"Identity Confusion in WebView-based Mobile App-in-app Ecosystems", 2022.
RTFM_v2.epub
247.4 KB
#Tech_book
"Red Team Field Manual, Version 2.0", 2022.
"Red Team Field Manual, Version 2.0", 2022.
#tools
#Offensive_security
1. OFRAK (Open Firmware Reverse Analysis Konsole) - binary analysis and modification platform
https://github.com/redballoonsecurity/ofrak#getting-started
2. Wireguard-initramfs - dropbear over wireguard
https://github.com/r-pufky/wireguard-initramfs
3. A Python rewriting of PowerSploit's PowerView
https://github.com/the-useless-one/pywerview
#Offensive_security
1. OFRAK (Open Firmware Reverse Analysis Konsole) - binary analysis and modification platform
https://github.com/redballoonsecurity/ofrak#getting-started
2. Wireguard-initramfs - dropbear over wireguard
https://github.com/r-pufky/wireguard-initramfs
3. A Python rewriting of PowerSploit's PowerView
https://github.com/the-useless-one/pywerview
Translation: ru-en
Working in Spain #OSINT resources:
- https://librebor.me
- https://abctelefonos.com
- https://infocif.es
- https://infobel.com/es/spain
- https://paginasamarillas.es
- https://oscaro.es
- http://aire.org/rnac
- https://numeracionyoperadores.cnmc.es
- https://sedeapl.dgt.gob.es/WEB_TTRA_CONSULTA/Todos.faces
Working in Spain #OSINT resources:
- https://librebor.me
- https://abctelefonos.com
- https://infocif.es
- https://infobel.com/es/spain
- https://paginasamarillas.es
- https://oscaro.es
- http://aire.org/rnac
- https://numeracionyoperadores.cnmc.es
- https://sedeapl.dgt.gob.es/WEB_TTRA_CONSULTA/Todos.faces
Abctelefonos
AbcTelefonos.com - La guía que hace la gente
Información completa sobre personas, comercios, opiniones, personas vinculadas, datos comerciales y mucho más.
shootCutMe-main.zip
3.2 KB
ShootCutMe an .LNK file creator tool for redteamerShootCutMe an .LNK file creator tool for redteamer
👻1
Forwarded from 卩ro 爪Cracker
CVE-2022-38374.py
2.9 KB
💥CVE-2022-38374(XSS in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4) PoC exploit.
It allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews
It allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews
Forwarded from 卩ro 爪Cracker
shodanidb.zip
7.2 KB
⚙️shodanIDB is a command-line tool to fetch data (open ports, CVEs, CPEs, ...) from Shodan internetDB API.
⚠️NO API key required!
⚠️NO API key required!
Regex_ReDoS.pdf
449.7 KB
#Research
"Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonbacktracking Matchers", 2022.
]-> Tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS:
https://github.com/NicolaasWeideman/RegexStaticAnalysis
"Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonbacktracking Matchers", 2022.
]-> Tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS:
https://github.com/NicolaasWeideman/RegexStaticAnalysis
#exploit
1. Workaround for CVE-2022-41923: Privilege Management Vulnerability
https://github.com/grails/GSSC-CVE-2022-41923
2. CVE-2022-32060:
Snipe-IT v.6.0.2 - arbitrary file upload
https://github.com/bypazs/CVE-2022-32060
3. CVE-2022-45472:
DOM Based XSS
https://github.com/nicbrinkley/CVE-2022-45472
1. Workaround for CVE-2022-41923: Privilege Management Vulnerability
https://github.com/grails/GSSC-CVE-2022-41923
2. CVE-2022-32060:
Snipe-IT v.6.0.2 - arbitrary file upload
https://github.com/bypazs/CVE-2022-32060
3. CVE-2022-45472:
DOM Based XSS
https://github.com/nicbrinkley/CVE-2022-45472
GitHub
GitHub - grails/GSSC-CVE-2022-41923
Contribute to grails/GSSC-CVE-2022-41923 development by creating an account on GitHub.
OpenDoc.pdf
1.1 MB
#Threat_Research
"Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures", 2022.
"Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures", 2022.
#Offensive_security
1. Linux Password Mining
https://medium.com/@tinopreter/linux-password-mining-58e341635f1c
2. Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942)
https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-cve-2022-33942
1. Linux Password Mining
https://medium.com/@tinopreter/linux-password-mining-58e341635f1c
2. Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942)
https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-cve-2022-33942
Medium
Linux Password Mining
Linux encrypts and stores user passwords locally; following a first penetration, user…