CVE-2020-5617:
SKYSEA Client View (ver.12.200.12n - 15.210.05f) vulnerable to privilege escalation (PoC)
https://acru3l.github.io/2020/08/03/exploiting-activity-monitor-driver/
PoC Exploit:
https://github.com/acru3l/PoC/tree/master/CVE-2020-5617

SSRF-Vulnerabilities in the Openfire Admin Console (Jabber server)
https://swarm.ptsecurity.com/openfire-admin-console
PoC:
https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2019-18394.yaml

📃 "Botnet, la red Zombie" https://pixelmuerto.com/post/620069211263369216/botnet-la-red-zombie

Research/BlackHat 2020:
"EtherOops - Exploit Utilizing Packet-in-Packet Attacks on Ethernet Cables To Bypass Firewalls & NATs" (PoC)
https://www.armis.com/etheroops/

⚙️ "Cómo robar el pin de android y el código de iphone de su amigo con un enlace único" https://noticiasseguridad.com/tutoriales/como-robar-el-pin-de-android-y-el-codigo-de-iphone-de-su-amigo-con-un-enlace-unico/

CVE-2020-3702:
"Kr00k2" - Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Testing script:
https://github.com/eset/malware-research/tree/master/kr00k

Research:
"18 Attacks on Email Sender Authentication"
https://www.blackhat.com/us-20/briefings/schedule/#you-have-no-idea-who-sent-that-email--attacks-on-email-sender-authentication-19902
An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures:
https://github.com/chenjj/espoofer

Presentadas cuatro nuevas variantes de HTTP Request Smuggling en BlackHat 2020

https://unaaldia.hispasec.com/2020/08/presentadas-cuatro-nuevas-variantes-de-http-request-smuggling-en-blackhat-2020.html

Curso maestro de Python

2.49 GB

https://mega.nz/folder/PdJ2zQDC#xAmjJ7JIQm_jlKyuYiDLFw

SCADA Security/Research:
Infiltrating your home IoT network using a malicious ZigBee lightbulb (CVE-2020-6007) (PoC)
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/

TODOS LOS 49 GB LINUX PRO POR CERTIFICADOS WHITEHATS 2020 CURSO

https://mega.nz/folder/3dkjkJSa#BLyY2ufMT25ng2-bPhw7Tw

Warning: If you're using TeamViewer, make sure it's updated to the latest version.

TeamViewer recently patched a new vulnerability that could let remote attackers steal your system login credentials and compromise it—just convincing you into visiting a malicious web page once.
Read details: https://thehackernews.com/2020/08/teamviewer-password-hacking.html

🎥"El mejor adivino de la historia" https://youtu.be/NR279FlzD4s

Malware analysis:
1. Infecting macOS via macro-laden documents and 0days (PoC)
https://objective-see.com/blog/blog_0x4B.html
2. A Fork of the FTCode Powershell Ransomware
https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434

Creación de payloads cifrados en Powershell con Xeca

https://www.hackplayers.com/2020/08/payloads-cifrados-ps-con-xeca.html

Ghostscript (rendering engine for Postscript/PDF content) ver.9.50 - 9.52 SAFER Sandbox Breakout (CVE-2020-15900) (PoC)
https://insomniasec.com/blog/ghostscript-cve-2020-15900

Procesadores Intel, ARM, IBM y AMD vulnerables a nuevos ataques de canal lateral

https://unaaldia.hispasec.com/2020/08/procesadores-intel-arm-ibm-y-amd-vulnerables-a-nuevos-ataques-de-canal-lateral.html

PDF Test Security Suite:
- comprehensive test suite of malicious PDF documents;
- actual exploit files for 28 tested PDF applications;
- results for evitable metadata and revision recovery;
- results from crawling the Cisco Umbrella 1m domains;
- helper scripts to generate testcases, deflate.
https://github.com/RUB-NDS/PDF101

Aplicar técnicas OSINT en indicadores de compromiso detectados en los SIEM

http://feedproxy.google.com/~r/GuruDeLaInformtica/~3/RyunUr_wLgs/aplicar-tecnicas-osint-en-indicadores-de-compromiso-detectados-en-los-siem