#tools
#Cloud_Security
1. Kubernetes exploitation tool
https://github.com/Rolix44/Kubestroyer
2. Azure Attack Paths Management
https://sofblocks.github.io/azure-attack-paths
#Cloud_Security
1. Kubernetes exploitation tool
https://github.com/Rolix44/Kubestroyer
2. Azure Attack Paths Management
https://sofblocks.github.io/azure-attack-paths
#exploit
1. CVE-2022-41033:
Type confusion in Windows COM+ Event System Service
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-41033.html
2. CVE-2022-34718:
Dissecting and Exploiting TCP/IP RCE Vulnerability "EvilESP"
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp
3. CVE-2023-0297:
Pre-auth RCE in pyLoad
https://github.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad
1. CVE-2022-41033:
Type confusion in Windows COM+ Event System Service
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-41033.html
2. CVE-2022-34718:
Dissecting and Exploiting TCP/IP RCE Vulnerability "EvilESP"
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp
3. CVE-2023-0297:
Pre-auth RCE in pyLoad
https://github.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad
#Threat_Research
Exploiting null-dereferences in the Linux kernel
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
Exploiting null-dereferences in the Linux kernel
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
#WebApp_Security
1. Hacking Salesforce-backed WebApps
https://www.hypn.za.net/blog/2022/11/12/Hacking-Salesforce-backed-WebApps
2. GUID: Attacking Password Reset Functionality
https://www.intruder.io/research/in-guid-we-trust
3. Prototype bugs explained
https://www.jerkeby.se/newsletter/posts/prototype-poisoning
1. Hacking Salesforce-backed WebApps
https://www.hypn.za.net/blog/2022/11/12/Hacking-Salesforce-backed-WebApps
2. GUID: Attacking Password Reset Functionality
https://www.intruder.io/research/in-guid-we-trust
3. Prototype bugs explained
https://www.jerkeby.se/newsletter/posts/prototype-poisoning
Best_Pract_MITRE_ATT_Mapping.pdf
890.8 KB
#Blue_Team_Techniques
"Best Practices for MITRE ATT&CK Mapping", January 2023.
"Best Practices for MITRE ATT&CK Mapping", January 2023.
Linux kernel stack buffer overflow in nftables(CVE-2023-0179)
The vulnerability consists of a stack BOF due to an integer underflow vulnerability inside the nft_payload_copy_vlan function, which is invoked with nft_payload expressions as long as a VLAN tag is present in the current skb.
⚠️The exploitation could allow the leakage of both stack and heap addresses and, potentially, a LPE to the root user via arbitrary code execution.
Exploit: https://system32.ink/news-feed/p/162/
The vulnerability consists of a stack BOF due to an integer underflow vulnerability inside the nft_payload_copy_vlan function, which is invoked with nft_payload expressions as long as a VLAN tag is present in the current skb.
⚠️The exploitation could allow the leakage of both stack and heap addresses and, potentially, a LPE to the root user via arbitrary code execution.
Exploit: https://system32.ink/news-feed/p/162/
🕵️♂️Руководство по поиску в твиттере(расширенный вариант)
🕵️♂️Twitter Search Guide (extended version)
#osint #twitter
Translation: ru-en
🕵️♂️Twitter Search Guide (Advanced)
🕵️♂️Twitter Search Guide (extended version)
#osint #twitter
🕵️♂️Twitter Search Guide (extended version)
#osint #twitter
Translation: ru-en
🕵️♂️Twitter Search Guide (Advanced)
🕵️♂️Twitter Search Guide (extended version)
#osint #twitter
👍1