Forwarded from Deadly malware xp
#Red_Team_Tactics
How To Attack Admin Panels Successfully
Part 1: https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
Part 2: https://medium.com/geekculture/how-to-attack-admin-panels-successfully-part-2-9316c3caad3a
How To Attack Admin Panels Successfully
Part 1: https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
Part 2: https://medium.com/geekculture/how-to-attack-admin-panels-successfully-part-2-9316c3caad3a
Medium
How To Attack Admin Panels Successfully
Attacking Web Apps Admin Panels The Right Way
Forwarded from Deadly malware xp
#Malware_analysis
1. Unpack Brute Ratel (BRC4) stager and extract config
https://github.com/matthw/malware_analysis/tree/main/brc4
2. Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
3. A Deep Dive Into poweRAT: Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
1. Unpack Brute Ratel (BRC4) stager and extract config
https://github.com/matthw/malware_analysis/tree/main/brc4
2. Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
3. A Deep Dive Into poweRAT: Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
GitHub
malware_analysis/brc4 at main · matthw/malware_analysis
Contribute to matthw/malware_analysis development by creating an account on GitHub.
Forwarded from Deadly malware xp
GitLab
Vesselin Bontchev / bpfdscan · GitLab
A BPFDoor scanner
Forwarded from Deadly malware xp
#Threat_Research
1. Exploit Party: Bring Your Own Vulnerable Driver Attacks
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
2. Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)
https://archcloudlabs.com/projects/cve-2022-46330
1. Exploit Party: Bring Your Own Vulnerable Driver Attacks
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
2. Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)
https://archcloudlabs.com/projects/cve-2022-46330
FourCore
Exploit Party: Bring Your Own Vulnerable Driver Attacks
BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious actions on the system. In a BYOVD attack, the attacker can use the vulnerabilities in the driver to execute…
Forwarded from Deadly malware xp
Supply_Chains_Taxonomy.pdf
896.7 KB
#Research
"Taxonomy of Attacks on Open-Source Software Supply Chains", 2022.
]-> https://riskexplorer.endorlabs.com/#/attack-tree
"Taxonomy of Attacks on Open-Source Software Supply Chains", 2022.
]-> https://riskexplorer.endorlabs.com/#/attack-tree
Forwarded from Deadly malware xp
GLeeFuzz.pdf
6 MB
#Fuzzing
"GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation", 2022.
]-> Repo: https://github.com/HexHive/GLeeFuzz
"GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation", 2022.
]-> Repo: https://github.com/HexHive/GLeeFuzz
Forwarded from Deadly malware xp
#exploit
SSRF attack on MySQL Server with password using php-curl
https://github.com/wupco/rwctf2023-ASTLIBRA
SSRF attack on MySQL Server with password using php-curl
https://github.com/wupco/rwctf2023-ASTLIBRA
GitHub
GitHub - wupco/rwctf2023-ASTLIBRA
Contribute to wupco/rwctf2023-ASTLIBRA development by creating an account on GitHub.
Forwarded from Deadly malware xp
PhiAttack.pdf
179 KB
#Red_Team_Tactics
"PhiAttack: Rewriting the Java Card Class Hierarchy", 2021.
"PhiAttack: Rewriting the Java Card Class Hierarchy", 2021.
Forwarded from Deadly malware xp
Java_Card_Security.pdf
1.3 MB
#Threat_Research
"Good, Bad and Ugly Design of Java Card Security" (Master’s Thesis).
// This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well...
"Good, Bad and Ugly Design of Java Card Security" (Master’s Thesis).
// This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well...
Forwarded from Deadly malware xp
Text_to_SQL_Models.pdf
7.4 MB
Forwarded from Deadly malware xp
#tools
#Blue_Team_Techniques
1. Python script that will help in finding Path Traversal/RCE vulnerability in Apache 2.4.50 (CVE-2021-42013)
https://github.com/walnutsecurity/cve-2021-42013
2. Tool to check for dependency confusion vulnerabilities in multiple package management systems
https://github.com/visma-prodsec/confused
#Blue_Team_Techniques
1. Python script that will help in finding Path Traversal/RCE vulnerability in Apache 2.4.50 (CVE-2021-42013)
https://github.com/walnutsecurity/cve-2021-42013
2. Tool to check for dependency confusion vulnerabilities in multiple package management systems
https://github.com/visma-prodsec/confused
GitHub
GitHub - walnutsecurity/cve-2021-42013: cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote…
cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50 - walnutsecurity/cve-2021-42013
Forwarded from Deadly malware xp
Python_for_Cybersecurity.pdf
8.9 MB
#Tech_book
"Python for Cybersecurity: Using Python for Cyber Offense and Defense", 2022.
"Python for Cybersecurity: Using Python for Cyber Offense and Defense", 2022.
Geolocation Spy (GeoSpy) - is an OSINT analysis and research tool that is used to track and execute intelligent social engineering attacks in real time.
▫️https://github.com/askmetoo/geospy
▫️https://github.com/askmetoo/geospy
2023-01-10 02-44-46.mkv
18.7 MB
⚙️ New Update On AlienFox Ultimate 🦊
Forwarded from Hackershop
Программируемая Карточка NFC RFID
4 930 рублей
#Оборудование
Translation: ru-en
Programmable NFC RFID Card
4 930 rubles
http://ali.pub/2zecs8
4 930 рублей
#Оборудование
Translation: ru-en
Programmable NFC RFID Card
4 930 rubles
http://ali.pub/2zecs8
❤1
Forwarded from Alex $tore
Media is too big
VIEW IN TELEGRAM
My old video 5 years back tracing ip address
👍1🍾1
Forwarded from 卩ro 爪Cracker
ImageMagick Security Policy Evaluator
https://ift.tt/QNghDT3
Submitted January 10, 2023 at 04:52PM by nibblesec
via reddit https://ift.tt/zgW85DB
https://ift.tt/QNghDT3
Submitted January 10, 2023 at 04:52PM by nibblesec
via reddit https://ift.tt/zgW85DB
Doyensec
ImageMagick Security Policy Evaluator
During our audits we occasionally stumble across ImageMagick security policy configuration files (policy.xml), useful for limiting the default behavior and the resources consumed by the library. In the wild, these files often contain a plethora of recommendations…
Forwarded from 卩ro 爪Cracker
An electromagnetic-wave side-channel issue on ARMv8 AES instructions
https://ift.tt/IhmuJPT
Submitted January 10, 2023 at 05:21PM by Gallus
via reddit https://ift.tt/KTE31Sx
https://ift.tt/IhmuJPT
Submitted January 10, 2023 at 05:21PM by Gallus
via reddit https://ift.tt/KTE31Sx