CVE-2022-0185 Container Escape PoC:
https://github.com/Crusaders-of-Rust/CVE-2022-0185
CVE-2021-4034 Privilege Escalation polkit pkexec PoC:
https://github.com/berdav/CVE-2021-4034
#git #exploit
https://github.com/Crusaders-of-Rust/CVE-2022-0185
CVE-2021-4034 Privilege Escalation polkit pkexec PoC:
https://github.com/berdav/CVE-2021-4034
#git #exploit
GitHub
GitHub - Crusaders-of-Rust/CVE-2022-0185: CVE-2022-0185
CVE-2022-0185. Contribute to Crusaders-of-Rust/CVE-2022-0185 development by creating an account on GitHub.
Improving GDB: gdbinit
GDB dashboard is a standalone .gdbinit file written using the Python API that enables a modular interface showing relevant information about the program being debugged. Its main goal is to reduce the number of GDB commands needed to inspect the status of current program thus allowing the developer to primarily focus on the control flow.
https://github.com/cyrus-and/gdb-dashboard
https://github.com/gdbinit/Gdbinit
#Tools
#Reverse_Engineering
#tools
#debug
#gdb
GDB dashboard is a standalone .gdbinit file written using the Python API that enables a modular interface showing relevant information about the program being debugged. Its main goal is to reduce the number of GDB commands needed to inspect the status of current program thus allowing the developer to primarily focus on the control flow.
https://github.com/cyrus-and/gdb-dashboard
https://github.com/gdbinit/Gdbinit
#Tools
#Reverse_Engineering
#tools
#debug
#gdb
IDOR explained – OWASP Top 10 vulnerabilities
https://thehackerish.com/idor-explained-owasp-top-10-vulnerabilities/
https://thehackerish.com/idor-explained-owasp-top-10-vulnerabilities/
thehackerish
IDOR explained - OWASP Top 10 vulnerabilities - thehackerish
In this blog post, you will learn all aspects of the IDOR vulnerability. You will start with the basics and gradually build your knowledge.
Exploiting XSS with Javascript/JPEG Polyglot
https://medium.com/@Medusa0xf/exploiting-xss-with-javascript-jpeg-polyglot-4cff06f8201a
https://medium.com/@Medusa0xf/exploiting-xss-with-javascript-jpeg-polyglot-4cff06f8201a
Medium
Exploiting XSS with Javascript/JPEG Polyglot
What is a polyglot?
intelligence officers names.xlsx
5.9 KB
latest names of officers, in combination of other files about intelligence, you can find where they are stationed. their phone numbers in asiaCell and ZainTelecom and so on.
World Password Day was created to emphasize the importance of safe password habits, an ever-increasing need.
Today is the ninth World Password Day, so take the time to be safer online with these tips:
✔️ Use two-factor authentication
✔️ Avoid reusing passwords
✔️ Avoid common passwords
✔️ Protect your password list
✔️ Use a mix of lower case and upper-case letters, numbers and at least one special character in your password
✔️ Change your passwords frequently
✔️ Use passphrases instead of passwords
✔️ Don’t mix the business email account with personal
✔️ Use a VPN when using public Wi-Fi to avoid interception
✔️ Update your antivirus
Today is the ninth World Password Day, so take the time to be safer online with these tips:
✔️ Use two-factor authentication
✔️ Avoid reusing passwords
✔️ Avoid common passwords
✔️ Protect your password list
✔️ Use a mix of lower case and upper-case letters, numbers and at least one special character in your password
✔️ Change your passwords frequently
✔️ Use passphrases instead of passwords
✔️ Don’t mix the business email account with personal
✔️ Use a VPN when using public Wi-Fi to avoid interception
✔️ Update your antivirus
#Offensive_security
PPID Spoofing & BlockDLLs with NtCreateUserProcess
https://offensivedefence.co.uk/posts/ntcreateuserprocess
PPID Spoofing & BlockDLLs with NtCreateUserProcess
https://offensivedefence.co.uk/posts/ntcreateuserprocess
offensivedefence.co.uk
PPID Spoofing & BlockDLLs with NtCreateUserProcess
This week, Capt. Meelo released a great blog post on how to call the NtCreateUserProcess API as a substitue for the typical Win32 CreateProcess API. This post will build upon Meelo’s, so I highly encourage you to read it first.
TL;DR, this code (not counting…
TL;DR, this code (not counting…
#Threat_Research
Set of EVTX samples mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases
https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack
Set of EVTX samples mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases
https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack
GitHub
GitHub - mdecrevoisier/EVTX-to-MITRE-Attack: Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure…
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases. - mdecrevoisier/EVTX-to-MITRE-Attack
Media is too big
VIEW IN TELEGRAM
1.3 Using Burp Suite Repeater To Discover Vulnerabilities
Media is too big
VIEW IN TELEGRAM
1.4 Analysing JavaScript with Burp to Discover an Open Redirect Vulnerability
Media is too big
VIEW IN TELEGRAM
1.5 Analysing JavaScript with Burp to Discover an XSS Vulnerability
Media is too big
VIEW IN TELEGRAM
1.6 Discovering a HTML Injection Vulnerability.mp4