Dos graves fallos de seguridad afectan a la herramienta de administración remota Apache Guacamole

https://unaaldia.hispasec.com/2020/07/dos-graves-fallos-de-seguridad-afectan-a-la-herramienta-de-administracion-remota-apache-guacamole.html

Un poco de marujeo

📃 "Desenmascaran al hacktivista que realizó casi 5.000 defacements" https://unaaldia.hispasec.com/2020/05/desenmascaran-al-hacktivista-que-realizo-casi-5-000-defacements.html

📃 "Así es Dark Basin, uno de los grupos de 'hackers de alquiler' a los que recurren grandes multinacionales, según Citizen Lab" https://www.genbeta.com/seguridad/asi-dark-basin-uno-grupos-hackers-alquiler-a-que-recurren-grandes-multinacionales-citizen-lab

📃 "¿Por qué la CIA no puede detener el robo de sus herramientas de hacking y documentos de inteligencia?" https://noticiasseguridad.com/seguridad-informatica/por-que-la-cia-no-puede-detener-el-robo-de-sus-herramientas-de-hacking-y-documentos-de-inteligencia/

CVE-2020-12861/12862:
An out-of-bounds read in SANE Backends (before 1.0.30) may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program (PoC)
https://securitylab.github.com/research/last-orders-at-the-house-of-force

HACKING COURSES

https://drive.google.com/drive/u/0/mobile/folders/1xx9QV_2f8eOtjG5RxPVFN5IMAPGhz-1O

Búsqueda de información OSINT, en la red social TikTok

http://feedproxy.google.com/~r/GuruDeLaInformtica/~3/PvuS7AQ_qnA/busqueda-de-informacion-osint-en-la-red-social-tiktok

📃 "¿Qué es un proxy y en qué se diferencia de un VPN?" https://www.genbeta.com/seguridad/que-proxy-que-se-diferencia-vpn

📃 "TOP 10 Servidores proxy gratuitos" https://noticiasseguridad.com/videos-noticias/top-10-servidores-proxy-gratuitos/

1️⃣ ProxySite https://www.proxysite.com/
2️⃣ HideMe https://hide.me/es/proxy
3️⃣ FilterBypass https://www.filterbypass.me/
4️⃣ Hidester https://hidester.com/proxy/
5️⃣ Croxy Proxy https://www.croxyproxy.com/
6️⃣ Whoer https://whoer.net/
7️⃣ Weboproxy https://weboproxy.com/
8️⃣ HideMyAss https://www.hidemyass.com/es-es/index
9️⃣ ProxFree https://www.proxfree.com/
🔟 4Everproxy https://www.4everproxy.com/

Critical Unauthorized RCE Vulnerability (CVE-2020-5902 with CVSS Score 10/10) Affects F5's BIG-IP Application Security Servers Used in large Enterprises, Data Centers, and Cloud Computing Environments.

Details — https://thehackernews.com/2020/07/f5-big-ip-application-security.html

Apply Newly Released Patch Updates ASAP!

1: Administración de sistemas operativos
https://mega.nz/#F!26Y3hA4D!86JS5eszvWE6F34DX4lQxw

2: Administración de sistemas operativos

https://mega.nz/#F!uyYT0KJK!2mvfFsKqH7IDKmlpFYtqAA

3: Ampliación de computadores

https://mega.nz/#F!jvRxEarK!cZi26Xhrca3FdQB2kna0tA

4: Análisis Forense

https://mega.nz/#F!HjRXgAjL!ADw4t9QsMeErdmHNdM_CJw

5: AnalisisForense

https://mega.nz/#F!H3QlXagI!gJW6iPlFHvjNC2nanj9mPA

6: Anatomía ataque informático

https://mega.nz/#F!K6Bh1aqY!dOca1Xe9zRoCoLp4FjRv4Q

7: Android

https://mega.nz/#F!SnJxFA7K!gKhDBseT5EuT5-xZsvUYjA

8: Anon99

https://mega.nz/#F!urBTTIpR!URlCCGnOzHvmfikTZWyVog

9: Arduino

https://mega.nz/#F!PzBjiAQS!2R9zkN_iQtRx8azCkaNlKQ

10: Arquitectura informática

https://mega.nz/#F!CzR2HArB!R1VoTMM5OWMfxS3ozjUf…

Curso de ciberseguridad práctica REDES y WEB

442.25 MB

https://mega.nz/folder/KZ53hIqK#rN74KwU-EnaJDgvMFvctKw

Windows Telemetry service elevation of privilege
https://secret.club/2020/07/01/diagtrack.html
PoC:
https://github.com/thesecretclub/diagtrack/blob/master/example.cpp

Banner grabbing

-Ncat:

nc -v <IP> 21
nc -v <IP> 22
nc -v <IP> 80
HEAD / HTTP/1.0
HEAD / HTTP/1.1

-Telnet

telnet <IP> 22

-Curl

curl -I <IP> | grep -e “Server: ”

-Nmap

nmap -sV --script=banner <IP>

-Echo + ncat

echo "" | nc -v -n -w1 <IP> 80

Consiguiendo Acceso Premium en una Aplicación Android

https://medium.com/@testica/consiguiendo-acceso-premium-en-aplicaci%C3%B3n-android-ingenier%C3%ADa-inversa-692c330a768b

Falla en Wireshark causa uso excesivo del CPU (ataque DOS) al inyectar un paquete malicioso en la red



https://noticiasseguridad.com/vulnerabilidades/falla-en-wireshark-causa-uso-excesivo-del-cpu-ataque-dos-al-inyectar-un-paquete-malicioso-en-la-red/

F5 BigIP TMUI Critical RCE (CVE-2020-5902/5903):
https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/
PoC:
https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4
Security Advisory:
https://support.f5.com/csp/article/K52145254

AirPods Pro: Unas pruebas en casa de Safety & Security (II de III): Micrófonos espía

http://feedproxy.google.com/~r/ElLadoDelMal/~3/gEMXqWTsRHQ/airpods-pro-unas-pruebas-en-casa-de.html

https://t.me/Pen7es7ing

Link del chat de grupo Anonimo501.

🔰Information security courses 🔰

🔝 Bug Bounty Hunting: Guide to an Advanced Earning Method
https://drive.google.com/drive/folders/1t-hTqg0-02t0cnc5SypHnb8t3CfE3bXU

🔝 Bug Bounty: Android Hacking
https://mega.nz/#F!h4hHGIYa!2ta4n94iQNnVzpJToVPLVw

🔝 Bug Bounty : Web Hacking
https://drive.google.com/file/d/1Z6vX133ZA5DGIhrBJAuJfMJ2Gu7Y4C21/edit

🔝 Burp Suite Bug Bounty Web Hacking from Scratch
https://drive.google.com/file/d/1eWy5HVLw3tvw4lfsT7kYb5dnD1l0RsoW/view

🔝 Bug Bounty Hunting - Offensive Approach to Hunt Bugs
https://mega.nz/#F!Ge4gmSIL!lW-7XC2DnEKryjXie35APw!mGw30bCI

Todo lo que debes saber sobre XSS – Guía para novatos
https://hackwise.mx/todo-lo-que-debes-saber-sobre-xss-guia-para-novatos/

Vulnerabilidad crítica en TMUI de F5

https://unaaldia.hispasec.com/2020/07/vulnerabilidad-critica-en-tmui-de-f5.html

Privilege Escalation Scripts General:

https://github.com/swisskyrepo/PayloadsAllTheThings (A bunch of tools and payloads for every stage of pentesting)

Linux:

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ (a bit old but still worth looking at)

https://github.com/rebootuser/LinEnum( One of the most popular priv esc scripts)

https://github.com/diego-treitos/linux-smart-enumeration/blob/master/lse.sh (Another popular script)

https://github.com/mzet-/linux-exploit-suggester (A Script that's dedicated to searching for kernel exploits)

https://gtfobins.github.io (I can not overstate the usefulness of this for priv esc, if a common binary has special permissions, you can use this site to see how to get root perms with it.)

Windows:

https://www.fuzzysecurity.com/tutorials/16.html (Dictates some very useful commands and methods to enumerate the host and gain intel)

https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp (A bit old but still an incredibly useful script)

https://github.com/411Hall/JAWS (A general enumeration script "If you know any other scripts then comment"