Remote Code Execution in Citrix ADC
https://swarm.ptsecurity.com/remote-code-execution-in-citrix-adc/
https://swarm.ptsecurity.com/remote-code-execution-in-citrix-adc/
PT SWARM
Remote Code Execution in Citrix ADC
Many of you have probably heard of the CVE-2019-19781 vulnerability that I discovered at the end of last year. It is a critical vulnerability in Citrix ADC that allows unauthorized users to execute arbitrary operating system commands. It caused quite a stir…
📃 "Ofuscando ficheros con PowerShell" https://www.flu-project.com/2020/06/ofuscando-ficheros-con-powershell.html
Flu Project | Zerolynx Cybersecurity Blog
Ofuscando ficheros con PowerShell
El otro día, tras una pequeña investigación por Internet, descubrimos una herramienta que nos llamó la atención y que os traemos hoy en este post.
Una vulnerabilidad permite hackear una app rastreadora en smartwatch
https://unaaldia.hispasec.com/2020/07/una-vulnerabilidad-permite-hackear-una-app-rastreadora-en-smartwatch.html
https://unaaldia.hispasec.com/2020/07/una-vulnerabilidad-permite-hackear-una-app-rastreadora-en-smartwatch.html
Una al Día
Una vulnerabilidad permite hackear una app rastreadora en smartwatch — Una al Día
Cada vez son más las personas que sustituyen el reloj de toda la vida por un smartwatch que les permita hacer uso de funcionalidades que van bastante más allá del mero hecho de consultar la hora. E…
Desarrollo W3b de 0 a 100 [MG]32.9 GB |50+ hs de clases | mega-curso | 12/2018 |Idioma: Español
https://mega.nz/#F!HNsUzAaB!0l1xH606IJcc6EXzzyQbrA
https://mega.nz/#F!HNsUzAaB!0l1xH606IJcc6EXzzyQbrA
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
CVE-2020-11519/11520:
Winmagic SecureDoc 8.3, 8.5 -
Improper Privilege Management/
Privileged Code Execution (PoC Exploit)
https://github.com/patois/winmagic_sd#cve-2020-11519
Winmagic SecureDoc 8.3, 8.5 -
Improper Privilege Management/
Privileged Code Execution (PoC Exploit)
https://github.com/patois/winmagic_sd#cve-2020-11519
GitHub
GitHub - patois/winmagic_sd: Technical Write-Up on and PoC Exploit for CVE-2020-11519 and CVE-2020-11520
Technical Write-Up on and PoC Exploit for CVE-2020-11519 and CVE-2020-11520 - patois/winmagic_sd
Hola espero esten bien.
Vuelvo y les dejo el script corregido de dns-spoof habia olvidado colocar el codigo de iptables para redireccionar a la pagina falsa por si alguno ensayo en script y no le funciono ya esta corregido.
https://github.com/Anonimo501/dns-spoof
Vuelvo y les dejo el script corregido de dns-spoof habia olvidado colocar el codigo de iptables para redireccionar a la pagina falsa por si alguno ensayo en script y no le funciono ya esta corregido.
https://github.com/Anonimo501/dns-spoof
GitHub
GitHub - Anonimo501/dns-spoof
Contribute to Anonimo501/dns-spoof development by creating an account on GitHub.
📃 "Fingerprints para detectar y evadir sandboxes conocidos" https://www.hackplayers.com/2020/06/fingerprints-para-detectar-y-evadir-sandboxes.html
Hackplayers
Fingerprints para detectar y evadir sandboxes conocidos
Hoy en día detonar malware en una sandbox es uno de los métodos más usados a la hora de analizar malware, sobretodo cuando tenemos un mo...
The Basics of Exploit Development:
1. Win32 Buffer Overflows
https://www.coalfire.com/The-Coalfire-Blog/January-2020/The-Basics-of-Exploit-Development-1
2. SEH Overflows
https://www.coalfire.com/The-Coalfire-Blog/March-2020/The-Basics-of-Exploit-Development-2-SEH-Overflows
3. Egg Hunters
https://www.coalfire.com/The-Coalfire-Blog/May-2020/The-Basics-of-Exploit-Development-3-Egg-Hunters
1. Win32 Buffer Overflows
https://www.coalfire.com/The-Coalfire-Blog/January-2020/The-Basics-of-Exploit-Development-1
2. SEH Overflows
https://www.coalfire.com/The-Coalfire-Blog/March-2020/The-Basics-of-Exploit-Development-2-SEH-Overflows
3. Egg Hunters
https://www.coalfire.com/The-Coalfire-Blog/May-2020/The-Basics-of-Exploit-Development-3-Egg-Hunters
Coalfire
Coalfire Blog
Resource covering the most important issues in IT security and compliance as well as insights on IT GRC issues that impact the industries that we serve.
Buenas noches.
Vengo a compartirles un script que termine hoy.
hack-wpa2 es una herramienta basada en bash de linux que utiliza la Suite de Aircrack para automatizar la configuracion y el ataque, tener en cuenta que el script no viene con diccionario.
Les dejo un saludo:
https://github.com/Anonimo501/hack-wpa2.git
Vengo a compartirles un script que termine hoy.
hack-wpa2 es una herramienta basada en bash de linux que utiliza la Suite de Aircrack para automatizar la configuracion y el ataque, tener en cuenta que el script no viene con diccionario.
Les dejo un saludo:
https://github.com/Anonimo501/hack-wpa2.git
GitHub
GitHub - Anonimo501/hack-wpa2
Contribute to Anonimo501/hack-wpa2 development by creating an account on GitHub.
ULTIMATE HACKING PACKAGE
1. Cyber security analyst training
2. Cyber security advanced test detecting techniques
3. Cyber security Malicious software detector
4. Cyber security source code defender
5. Cyber security threat intelligence research
6. Cyber security web application defender
7. Cyber training 365 certified ethical Hacker
8. Cyber training 365 computer hacker and forensics
9. Cyber training 365 kali 101
Total size: 36.90 GB
https://mega.nz/folder/HGg2TCTA#CjyPNP3bktKV9w4_g2xUDg/folder/vfgiDK4T
1. Cyber security analyst training
2. Cyber security advanced test detecting techniques
3. Cyber security Malicious software detector
4. Cyber security source code defender
5. Cyber security threat intelligence research
6. Cyber security web application defender
7. Cyber training 365 certified ethical Hacker
8. Cyber training 365 computer hacker and forensics
9. Cyber training 365 kali 101
Total size: 36.90 GB
https://mega.nz/folder/HGg2TCTA#CjyPNP3bktKV9w4_g2xUDg/folder/vfgiDK4T
mega.nz
File folder on MEGA
SIGRed: vulnerabilidad crítica en el servidor DNS de Windows (CVE-2020-1350)
https://www.hackplayers.com/2020/07/sigred-vulnerabilidad-critica-en-dns-windows.html
https://www.hackplayers.com/2020/07/sigred-vulnerabilidad-critica-en-dns-windows.html
Hackplayers
SIGRed: vulnerabilidad crítica en el servidor DNS de Windows (CVE-2020-1350)
Los investigadores de Checkpoint se propusieron encontrar una vulnerabilidad mediante la cual comprometer un dominio de Windows, preferib...
Apache today released updated versions of Tomcat Server to patch two DoS vulnerabilities residing in the WebSocket (CVE-2020-13935) and HTTP/2 (CVE-2020-13934) implementations.
http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E
http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E
http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E
http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E
📕 PDF Revista UnderDOCS - Diciembre 2019, Número 5
https://underc0de.org/foro/e-zines/t41366/msg137616/#msg137616
📕 PDF Revista UnderDOCS - Enero 2020, Número 6
https://underc0de.org/foro/e-zines/t41548/msg138108/#msg138108
📕 PDF Revista UnderDOCS - Febrero 2020, Número 7
https://underc0de.org/foro/e-zines/t41728/msg138492/#msg138492
📕 PDF Revista UnderDOCS - Marzo 2020, Número 8
https://underc0de.org/foro/e-zines/t41893/msg138943/#msg138943
📕 PDF Revista UnderDOCS - Abril 2020, Número 9
https://underc0de.org/foro/e-zines/underdocs-abril-2020-numero-9/msg139527/#msg139527
📕 PDF Revista UnderDOCS - Mayo 2020, Número 10
https://underc0de.org/foro/e-zines/underdocs-mayo-2020-numero-10/msg140117/#msg140117
📕 PDF Revista UnderDOCS - Junio 2020, Número 11
https://underc0de.org/foro/e-zines/underdocs-junio-2020-numero-11/msg140607/#msg140607
https://underc0de.org/foro/e-zines/t41366/msg137616/#msg137616
📕 PDF Revista UnderDOCS - Enero 2020, Número 6
https://underc0de.org/foro/e-zines/t41548/msg138108/#msg138108
📕 PDF Revista UnderDOCS - Febrero 2020, Número 7
https://underc0de.org/foro/e-zines/t41728/msg138492/#msg138492
📕 PDF Revista UnderDOCS - Marzo 2020, Número 8
https://underc0de.org/foro/e-zines/t41893/msg138943/#msg138943
📕 PDF Revista UnderDOCS - Abril 2020, Número 9
https://underc0de.org/foro/e-zines/underdocs-abril-2020-numero-9/msg139527/#msg139527
📕 PDF Revista UnderDOCS - Mayo 2020, Número 10
https://underc0de.org/foro/e-zines/underdocs-mayo-2020-numero-10/msg140117/#msg140117
📕 PDF Revista UnderDOCS - Junio 2020, Número 11
https://underc0de.org/foro/e-zines/underdocs-junio-2020-numero-11/msg140607/#msg140607
Red Team Tactics:
Bypassing LSA Protection
(aka Protected Process Light) without Mimikatz
on Windows 10 1903/1909/2004
https://www.redcursor.com.au/blog/bypassing-lsa-protection-aka-protected-process-light-without-mimikatz-on-windows-10
PoC:
https://github.com/RedCursorSecurityConsulting/PPLKiller
Bypassing LSA Protection
(aka Protected Process Light) without Mimikatz
on Windows 10 1903/1909/2004
https://www.redcursor.com.au/blog/bypassing-lsa-protection-aka-protected-process-light-without-mimikatz-on-windows-10
PoC:
https://github.com/RedCursorSecurityConsulting/PPLKiller
Red Cursor
Bypassing LSA Protection without Mimikatz on Windows 10 - Red Cursor
Starting with Windows 8.1 (and Server 2012 R2) Microsoft introduced a feature termed LSA Protection. This feature is based on the ...
DNSdumpster.com-- https://dnsdumpster.com/
Hunter-- https://hunter.io/
Intelligence X --https://intelx.io/
Pastebin --https://pastebin.com/
GitHub -- https://github.com/
Shodan – https://www.shodan.io/
FOFA -- https://fofa.so/
Google Hacking Database (GHDB) -- https://www.exploit-db.com/google-hacking-database
Hunter-- https://hunter.io/
Intelligence X --https://intelx.io/
Pastebin --https://pastebin.com/
GitHub -- https://github.com/
Shodan – https://www.shodan.io/
FOFA -- https://fofa.so/
Google Hacking Database (GHDB) -- https://www.exploit-db.com/google-hacking-database
DNSDumpster.com
DNSDumpster - Find & lookup dns records for recon & research
Free domain research tool to discover hosts related to a domain. Find visible hosts from the attackers perspective for Red and Blue Teams.
Bootstrap MITM en HTTPs y la directiva preload en HSTS
http://feedproxy.google.com/~r/ElLadoDelMal/~3/nOQv6hEL37c/bootstrap-mitm-en-https-y-la-directiva.html
http://feedproxy.google.com/~r/ElLadoDelMal/~3/nOQv6hEL37c/bootstrap-mitm-en-https-y-la-directiva.html
Elladodelmal
Bootstrap MITM en HTTPs y la directiva preload en HSTS
Blog personal de Chema Alonso, CDCO Telefónica, 0xWord, MyPublicInbox, sobre seguridad, hacking, hackers y Cálico Electrónico.