CVE-2018-12071 (Codeigniter session fixation: leading to DOS)
CVE-2018-8958 (Samsung Browser Privilege Escalation)
These CVEs are not public yet as the vulnerabilities have not been patched.
CVE-2018-8958 (Samsung Browser Privilege Escalation)
These CVEs are not public yet as the vulnerabilities have not been patched.
Windows privilege escalation technique.
https://www.sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/
https://www.sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/
SEC Consult
Pentester’S Windows NTFS Tricks Collection
In this blog post René Freingruber (@ReneFreingruber) from the SEC Consult Vulnerability Lab shares different filesystem tricks which were collected over the last years from various blog posts or found by himself.
Bit Defender privilege escalation
https://blog.silentsignal.eu/2018/01/08/bare-knuckled-antivirus-breaking/#update180613
https://blog.silentsignal.eu/2018/01/08/bare-knuckled-antivirus-breaking/#update180613
😍 Some topics for self Learning😍
[+] Sql Injection Attack
[+] Hibernate Query Language Injection
[+] Direct OS Code Injection
[+] XML Entity Injection
[+] Broken Authentication and Session
Management
[+] Cross-Site Scripting (XSS)
[+] Insecure Direct Object References
[+] Security Misconfiguration
[+] Sensitive Data Exposure
[+] Missing Function Level Access Control
[+] Cross-Site Request Forgery (CSRF)
[+] Using Components with Known Vulnerabilities
[+] Unvalidated Redirects and Forwards
[+] Cross Site Scripting Attacks
[+] Click Jacking Attacks
[+] DNS Cache Poisoning
[+] Symlinking – An Insider Attack
[+] Cross Site Request Forgery Attacks
[+] Remote Code Execution Attacks
[+] Remote File inclusion
[+] Local file inclusion
[+] EverCookie
[+] Denial oF Service Attack
[+] Cookie Eviction
[+] PHPwn
[+] NAT Pinning
[+] XSHM
[+] MitM DNS Rebinding SSL/TLS Wildcards and
XSS
[+] Quick Proxy Detection
[+] Improving HTTPS Side Channel Attacks
[+] Side Channel Attacks in SSL
[+] Turning XSS into Clickjacking
[+] Bypassing CSRF protections with Click
Jacking and
[+] HTTP Parameter Pollution
[+] URL Hijacking
[+] Stroke Jacking
[+] Fooling B64_Encode(Payload) on WAFs And
Filters
[+] MySQL Stacked Queries with SQL Injection.
[+] Posting Raw XML cross-domain
[+] Generic Cross-Browser Cross-Domain theft
[+] Attacking HTTPS with Cache Injection
[+] Tap Jacking
[+] XSS - Track
[+] Next Generation Click Jacking
[+] XSSing Client-Side Dynamic HTML.
[+] Stroke triggered XSS and Stroke Jacking
[+] Lost iN Translation
[+] Persistent Cross Interface Attacks
[+] Chronofeit Phishing
[+] SQLi Filter Evasion Cheat Sheet (MySQL)
[+] Tabnabbing
[+] UI Redressing
[+] Cookie Poisoning
[+] SSRF
[+] Bruteforce of PHPSESSID
[+] Blended Threats and JavaScript
[+] Cross-Site Port Attacks
[+] CAPTCHA Re-Riding Attack
➖➖➖➖ ➖➖➖➖
[+] Sql Injection Attack
[+] Hibernate Query Language Injection
[+] Direct OS Code Injection
[+] XML Entity Injection
[+] Broken Authentication and Session
Management
[+] Cross-Site Scripting (XSS)
[+] Insecure Direct Object References
[+] Security Misconfiguration
[+] Sensitive Data Exposure
[+] Missing Function Level Access Control
[+] Cross-Site Request Forgery (CSRF)
[+] Using Components with Known Vulnerabilities
[+] Unvalidated Redirects and Forwards
[+] Cross Site Scripting Attacks
[+] Click Jacking Attacks
[+] DNS Cache Poisoning
[+] Symlinking – An Insider Attack
[+] Cross Site Request Forgery Attacks
[+] Remote Code Execution Attacks
[+] Remote File inclusion
[+] Local file inclusion
[+] EverCookie
[+] Denial oF Service Attack
[+] Cookie Eviction
[+] PHPwn
[+] NAT Pinning
[+] XSHM
[+] MitM DNS Rebinding SSL/TLS Wildcards and
XSS
[+] Quick Proxy Detection
[+] Improving HTTPS Side Channel Attacks
[+] Side Channel Attacks in SSL
[+] Turning XSS into Clickjacking
[+] Bypassing CSRF protections with Click
Jacking and
[+] HTTP Parameter Pollution
[+] URL Hijacking
[+] Stroke Jacking
[+] Fooling B64_Encode(Payload) on WAFs And
Filters
[+] MySQL Stacked Queries with SQL Injection.
[+] Posting Raw XML cross-domain
[+] Generic Cross-Browser Cross-Domain theft
[+] Attacking HTTPS with Cache Injection
[+] Tap Jacking
[+] XSS - Track
[+] Next Generation Click Jacking
[+] XSSing Client-Side Dynamic HTML.
[+] Stroke triggered XSS and Stroke Jacking
[+] Lost iN Translation
[+] Persistent Cross Interface Attacks
[+] Chronofeit Phishing
[+] SQLi Filter Evasion Cheat Sheet (MySQL)
[+] Tabnabbing
[+] UI Redressing
[+] Cookie Poisoning
[+] SSRF
[+] Bruteforce of PHPSESSID
[+] Blended Threats and JavaScript
[+] Cross-Site Port Attacks
[+] CAPTCHA Re-Riding Attack
➖➖➖➖ ➖➖➖➖
Red Team gone real!
PowerShell payloads within macro enabled MS files
https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/
PowerShell payloads within macro enabled MS files
https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/
Trend Micro
Potential MuddyWater Campaign uses PRB-Backdoor
We found a new sample that may be related to the MuddyWater campaign. The sample does not directly download the Visual Basic Script and PowerShell component files, and instead encode all the scripts on the document itself.
File format RCE: using path traversal in .zip and similar file formats.
Found as early as 1991. The attack is very easy to perform and requires minimalistic user interaction.
Vulnerable machines include iphones, Windows platform apps, Linux platform apps.
https://youtu.be/Ry_yb5Oipq0
Found as early as 1991. The attack is very easy to perform and requires minimalistic user interaction.
Vulnerable machines include iphones, Windows platform apps, Linux platform apps.
https://youtu.be/Ry_yb5Oipq0
Linux privilege escalation
https://j.ludost.net/blog/archives/2018/06/13/ancient_su_-_hostile_vulnerability_in_debian_8_and_9/
https://j.ludost.net/blog/archives/2018/06/13/ancient_su_-_hostile_vulnerability_in_debian_8_and_9/