CVE-2020-3702:
"Kr00k2" - Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Testing script:
https://github.com/eset/malware-research/tree/master/kr00k

Research:
"18 Attacks on Email Sender Authentication"
https://www.blackhat.com/us-20/briefings/schedule/#you-have-no-idea-who-sent-that-email--attacks-on-email-sender-authentication-19902
An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures:
https://github.com/chenjj/espoofer

Presentadas cuatro nuevas variantes de HTTP Request Smuggling en BlackHat 2020

https://unaaldia.hispasec.com/2020/08/presentadas-cuatro-nuevas-variantes-de-http-request-smuggling-en-blackhat-2020.html

Curso maestro de Python

2.49 GB

https://mega.nz/folder/PdJ2zQDC#xAmjJ7JIQm_jlKyuYiDLFw

SCADA Security/Research:
Infiltrating your home IoT network using a malicious ZigBee lightbulb (CVE-2020-6007) (PoC)
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/

TODOS LOS 49 GB LINUX PRO POR CERTIFICADOS WHITEHATS 2020 CURSO

https://mega.nz/folder/3dkjkJSa#BLyY2ufMT25ng2-bPhw7Tw

Warning: If you're using TeamViewer, make sure it's updated to the latest version.

TeamViewer recently patched a new vulnerability that could let remote attackers steal your system login credentials and compromise it—just convincing you into visiting a malicious web page once.
Read details: https://thehackernews.com/2020/08/teamviewer-password-hacking.html

🎥"El mejor adivino de la historia" https://youtu.be/NR279FlzD4s

Malware analysis:
1. Infecting macOS via macro-laden documents and 0days (PoC)
https://objective-see.com/blog/blog_0x4B.html
2. A Fork of the FTCode Powershell Ransomware
https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434

Creación de payloads cifrados en Powershell con Xeca

https://www.hackplayers.com/2020/08/payloads-cifrados-ps-con-xeca.html

Ghostscript (rendering engine for Postscript/PDF content) ver.9.50 - 9.52 SAFER Sandbox Breakout (CVE-2020-15900) (PoC)
https://insomniasec.com/blog/ghostscript-cve-2020-15900

Procesadores Intel, ARM, IBM y AMD vulnerables a nuevos ataques de canal lateral

https://unaaldia.hispasec.com/2020/08/procesadores-intel-arm-ibm-y-amd-vulnerables-a-nuevos-ataques-de-canal-lateral.html

PDF Test Security Suite:
- comprehensive test suite of malicious PDF documents;
- actual exploit files for 28 tested PDF applications;
- results for evitable metadata and revision recovery;
- results from crawling the Cisco Umbrella 1m domains;
- helper scripts to generate testcases, deflate.
https://github.com/RUB-NDS/PDF101

Aplicar técnicas OSINT en indicadores de compromiso detectados en los SIEM

http://feedproxy.google.com/~r/GuruDeLaInformtica/~3/RyunUr_wLgs/aplicar-tecnicas-osint-en-indicadores-de-compromiso-detectados-en-los-siem

Udacity Data science (All courses)


Download link:-

https://mega.nz/folder/qrpxSIRD#PClG5ZMHdd5FroIFTT_Z5Q

🔥 Watch Out! A new critical vBulletin zero-day RCE vulnerability and its PoC exploits have been publicly disclosed, allowing attackers to bypass patch for an old RCE bug (CVE-2019-16759) and remotely compromise sites.

Details — https://thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html

PATCH! UPDATE! ALERT!

Newly discovered critical vulnerabilities could let unauthenticated attackers compromise on-premise Citrix XenMobile servers, an enterprise mobility management solution that enables companies to manage their employees' devices from a centralized system.

https://thehackernews.com/2020/08/citrix-endpoint-management.html

China está bloqueando el tráfico HTTPS con TLS 1.3 y ESNI

https://unaaldia.hispasec.com/2020/08/china-esta-bloqueando-el-trafico-https-con-tls-1-3-y-esni.html

Pentest-Tools
General usefull Powershell Scripts
AMSI Bypass restriction Bypass
Payload Hosting
Network Share Scanner
Lateral Movement
Reverse Shellz
POST Exploitation
Pivot
Backdoor finder
Persistence on windows
Web Application Pentest
Framework Discovery
Framework Scanner / Exploitation
Web Vulnerability Scanner / Burp Plugins
Network- / Service-level Vulnerability Scanner
Crawler
Web Exploitation Tools
Windows Privilege Escalation / Audit
T3 Enumeration
Linux Privilege Escalation / Audit
Credential harvesting Windows Specific
Credential harvesting Linux Specific
Data Exfiltration - DNS/ICMP/Wifi Exfiltration
Git Specific
Reverse Engineering / decompiler
Forensics
Network Attacks
Specific MITM service Exploitation
Sniffing / Evaluation / Filtering
Scanner / Exploitation-Frameworks / Automation
Default Credential Scanner
Payload Generation / AV-Evasion / Malware Creation
Domain Finding / Subdomain Enumeration
Scanner network level
Email Gathering
Domain Auth + Exploitation
Network service - Login Brute Force + Wordlist attacks
Command & Control Frameworks
Wifi Tools
Raspberri PI Exploitation
Social Engeneering
Wordlists / Wordlist generators
Obfuscation
Source Code Analysis
No category yet
Industrial Control Systems
NAC bypass
JMX Exploitation

https://github.com/S3cur3Th1sSh1t/Pentest-Tools