Red Team Tactics:
Exploiting popular macOS apps with a single “.terminal” file + two “insecure features”: dangerous handling of .fileloc and .url shortcut files, those allow executing arbitrary local files by the full path at shortcut file opening (CVE-2020-6797/6402) (PoC)
https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa

Un ciberatacante destruye miles de bases de datos MongoDB y Elasticsearch y deja sólo una firma: "miau"
https://www.genbeta.com/seguridad/ciberatacante-destruye-miles-bases-datos-mongodb-elasticsearch-deja-solo-firma-miau

🎥 "Guerra de hackers" https://youtu.be/WbgTpvlRBBQ

In its first-ever sanctions against cyberattacks, the European Union imposes restrictive measures against hackers from Chinese, Russian and North Korean—who're also wanted by the FBI—and companies involved in various attacks.

Read: https://thehackernews.com/2020/07/sanctions-against-wanted-hackers.html

📃 "UserRecon, Buscar usuarios en Redes Sociales" https://pixelmuerto.com/post/620159842626289665/userrecon-buscar-usuarios-en-redes-sociales

📃 "InstagramOSINT, Obtener información de usuarios" https://pixelmuerto.com/post/621065790196760576/instagramosint-obtener-informaci%C3%B3n-de-usuarios

Unos consejos para fortificar MongoDB en el mundo NoSQL

http://feedproxy.google.com/~r/ElLadoDelMal/~3/-ZrxNscmZgY/unos-consejos-para-fortificar-mongodb.html

Chema vs. Chema: Descansar o Construir.

http://feedproxy.google.com/~r/ElLadoDelMal/~3/I2smacvOi40/chema-vs-chema-descansar-o-construir.html

⚙️"Cómo recuperar la contraseña de archivos .rar o .zip" https://www.solvetic.com/tutoriales/article/2763-como-recuperar-la-contrasena-de-archivos-rar-o-zip/

Desarrollo web desde cero paso a paso


https://mega.nz/folder/IQAnEY5Z#N579Iyk-pBSBD8shKAOqFA

🗺 Mapa con ataques informáticos en tiempo real: https://community.blueliv.com/map/

Herramienta para exfiltrar el texto de los documentos de Word abiertos

https://www.hackplayers.com/2020/08/herramienta-para-exfiltrar-el-texto-de.html

⚙️"Guía de indicaciones para preservar los derechos fundamentales en Internet" https://xnet-x.net/manual-tecnico-derechos-fundamentales-internet/

CVE-2020-13379:
Unauthenticated Full-Read SSRF in Grafana 3.0.1 - 7.0.1
https://rhynorater.github.io/CVE-2020-13379-Write-Up
PoC:
/avatar/tesdt%3Fd=http://redirect.rhynorater.com%25253f%253b%http://252fbp.blogspot.com%252f169.254.169.254

FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation (CVE-2020-7457) (PoC)
https://packetstormsecurity.com/files/158695/ip6_setpktopt_uaf_priv_esc.rb.txt

Threat research:
UAC bypass via dll hijacking and mock directorie (PoC)
http://daniels-it-blog.blogspot.com/2020/07/uac-bypass-via-dll-hijacking-and-mock.html

Technical analysis:
CVE-2020-15654 and a history of Firefox “Browser Lock” bugs
https://news.sophos.com/en-us/2020/08/03/technical-analysis-cve-2020-15654-and-a-history-of-firefox-browser-lock-bugs/#deceptive-custom-cursor

CVE-2020-5617:
SKYSEA Client View (ver.12.200.12n - 15.210.05f) vulnerable to privilege escalation (PoC)
https://acru3l.github.io/2020/08/03/exploiting-activity-monitor-driver/
PoC Exploit:
https://github.com/acru3l/PoC/tree/master/CVE-2020-5617

SSRF-Vulnerabilities in the Openfire Admin Console (Jabber server)
https://swarm.ptsecurity.com/openfire-admin-console
PoC:
https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2019-18394.yaml

📃 "Botnet, la red Zombie" https://pixelmuerto.com/post/620069211263369216/botnet-la-red-zombie

Research/BlackHat 2020:
"EtherOops - Exploit Utilizing Packet-in-Packet Attacks on Ethernet Cables To Bypass Firewalls & NATs" (PoC)
https://www.armis.com/etheroops/

⚙️ "Cómo robar el pin de android y el código de iphone de su amigo con un enlace único" https://noticiasseguridad.com/tutoriales/como-robar-el-pin-de-android-y-el-codigo-de-iphone-de-su-amigo-con-un-enlace-unico/