Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Stored%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.
These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7



Security Impact Rating: Medium



CVE: CVE-2020-3340

Remote Code Execution in Citrix ADC
https://swarm.ptsecurity.com/remote-code-execution-in-citrix-adc/

📃 "Ofuscando ficheros con PowerShell" https://www.flu-project.com/2020/06/ofuscando-ficheros-con-powershell.html

Una vulnerabilidad permite hackear una app rastreadora en smartwatch

https://unaaldia.hispasec.com/2020/07/una-vulnerabilidad-permite-hackear-una-app-rastreadora-en-smartwatch.html

Certified Ethical Hacker v10 Videos* 🔥

https://mega.nz/folder/RpkU1CxJ#DpnntJGwXjT1AdBYFO7CFw

Enjoy 👍

Desarrollo W3b de 0 a 100 [MG]32.9 GB |50+ hs de clases | mega-curso | 12/2018 |Idioma: Español


https://mega.nz/#F!HNsUzAaB!0l1xH606IJcc6EXzzyQbrA

CVE-2020-11519/11520:
Winmagic SecureDoc 8.3, 8.5 -
Improper Privilege Management/
Privileged Code Execution (PoC Exploit)
https://github.com/patois/winmagic_sd#cve-2020-11519

Hola espero esten bien.

Vuelvo y les dejo el script corregido de dns-spoof habia olvidado colocar el codigo de iptables para redireccionar a la pagina falsa por si alguno ensayo en script y no le funciono ya esta corregido.

https://github.com/Anonimo501/dns-spoof

📃 "Fingerprints para detectar y evadir sandboxes conocidos" https://www.hackplayers.com/2020/06/fingerprints-para-detectar-y-evadir-sandboxes.html

The Basics of Exploit Development:
1. Win32 Buffer Overflows
https://www.coalfire.com/The-Coalfire-Blog/January-2020/The-Basics-of-Exploit-Development-1
2. SEH Overflows
https://www.coalfire.com/The-Coalfire-Blog/March-2020/The-Basics-of-Exploit-Development-2-SEH-Overflows
3. Egg Hunters
https://www.coalfire.com/The-Coalfire-Blog/May-2020/The-Basics-of-Exploit-Development-3-Egg-Hunters

Buenas noches.

Vengo a compartirles un script que termine hoy.

hack-wpa2 es una herramienta basada en bash de linux que utiliza la Suite de Aircrack para automatizar la configuracion y el ataque, tener en cuenta que el script no viene con diccionario.

Les dejo un saludo:
https://github.com/Anonimo501/hack-wpa2.git

Foto de A501

ULTIMATE HACKING PACKAGE

1. Cyber security analyst training

2. Cyber security advanced test detecting techniques

3. Cyber security Malicious software detector

4. Cyber security source code defender

5. Cyber security threat intelligence research

6. Cyber security web application defender

7. Cyber training 365 certified ethical Hacker

8. Cyber training 365 computer hacker and forensics

9. Cyber training 365 kali 101



Total size: 36.90 GB

https://mega.nz/folder/HGg2TCTA#CjyPNP3bktKV9w4_g2xUDg/folder/vfgiDK4T

SIGRed: vulnerabilidad crítica en el servidor DNS de Windows (CVE-2020-1350)

https://www.hackplayers.com/2020/07/sigred-vulnerabilidad-critica-en-dns-windows.html

Apache today released updated versions of Tomcat Server to patch two DoS vulnerabilities residing in the WebSocket (CVE-2020-13935) and HTTP/2 (CVE-2020-13934) implementations.

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E

📕 PDF Revista UnderDOCS - Diciembre 2019, Número 5
https://underc0de.org/foro/e-zines/t41366/msg137616/#msg137616

📕 PDF Revista UnderDOCS - Enero 2020, Número 6
https://underc0de.org/foro/e-zines/t41548/msg138108/#msg138108

📕 PDF Revista UnderDOCS - Febrero 2020, Número 7
https://underc0de.org/foro/e-zines/t41728/msg138492/#msg138492

📕 PDF Revista UnderDOCS - Marzo 2020, Número 8
https://underc0de.org/foro/e-zines/t41893/msg138943/#msg138943

📕 PDF Revista UnderDOCS - Abril 2020, Número 9
https://underc0de.org/foro/e-zines/underdocs-abril-2020-numero-9/msg139527/#msg139527

📕 PDF Revista UnderDOCS - Mayo 2020, Número 10
https://underc0de.org/foro/e-zines/underdocs-mayo-2020-numero-10/msg140117/#msg140117

📕 PDF Revista UnderDOCS - Junio 2020, Número 11
https://underc0de.org/foro/e-zines/underdocs-junio-2020-numero-11/msg140607/#msg140607

Red Team Tactics:
Bypassing LSA Protection
(aka Protected Process Light) without Mimikatz
on Windows 10 1903/1909/2004
https://www.redcursor.com.au/blog/bypassing-lsa-protection-aka-protected-process-light-without-mimikatz-on-windows-10
PoC:
https://github.com/RedCursorSecurityConsulting/PPLKiller