NFT Lure Used to Distribute BitRAT
https://www.fortinet.com/blog/threat-research/nft-lure-used-to-distribute-bitrat
Allcome clipbanker is a newcomer in underground forums
https://www.gdatasoftware.com/blog/2022/02/37239-allcome-clipbanker-is-a-newcomer-in-malware-underground-forums
https://www.fortinet.com/blog/threat-research/nft-lure-used-to-distribute-bitrat
Allcome clipbanker is a newcomer in underground forums
https://www.gdatasoftware.com/blog/2022/02/37239-allcome-clipbanker-is-a-newcomer-in-malware-underground-forums
CVE-2021-44521 – Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution
Analysis of Microsoft CVE-2022-21907
https://www.fortinet.com/blog/threat-research/analysis-of-microsoft-cve-2022-21907
CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel
https://blog.immunityinc.com/p/a-remote-stack-overflow-in-the-linux-kernel
https://www.fortinet.com/blog/threat-research/analysis-of-microsoft-cve-2022-21907
CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel
https://blog.immunityinc.com/p/a-remote-stack-overflow-in-the-linux-kernel
One Byte to ROP // Deep Dive Edition
https://hackmd.io/@pepsipu/ry-SK44pt
A primer on DCSync attack and detection
https://www.alteredsecurity.com/post/a-primer-on-dcsync-attack-and-detection
https://hackmd.io/@pepsipu/ry-SK44pt
A primer on DCSync attack and detection
https://www.alteredsecurity.com/post/a-primer-on-dcsync-attack-and-detection
ice phishing on the blockchain
https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain
Evasive Trickbot Attacks Customers of 60 High-Profile Companies
https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies
https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain
Evasive Trickbot Attacks Customers of 60 High-Profile Companies
https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies
A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY
https://github.com/horizon3ai/backup_dc_registry
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM
https://github.com/JonathanSalwan/VMProtect-devirtualization
https://github.com/horizon3ai/backup_dc_registry
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM
https://github.com/JonathanSalwan/VMProtect-devirtualization
EU-21-Sheinfeld-Is-This-My-Domain-Controller.pdf
1.2 MB
A New Class of Active Directory Protocol Injection Attacks
https://i.blackhat.com/EU-21/Wednesday/EU-21-Sheinfeld-Is-This-My-Domain-Controller.pdf
https://i.blackhat.com/EU-21/Wednesday/EU-21-Sheinfeld-Is-This-My-Domain-Controller.pdf
Media is too big
VIEW IN TELEGRAM
تثبيت Kali NetHunter على الأندرويد
متطلبات أساسية:
_أندرويد lollipop مع وجود صلاحيات الروت
_مساحة تخزين خالية لا تقل عن 8 جيجابايت
بعد فتح البرنامج ومنحه الأذونات المطلوبة ادخل الى kali chroot manger وبعدها install kali chroot هتلاقي خيارين:
_الأول لتحميل حزمة ملفات Chroot ومن خلاله بتختار بنية نظامك وحجم الحزمة full ولا min وبعدين مسار تنزيل الملف وتضغط ok وتنتظر التنزيل، وطبعا الوقت هيختلف باختلاف سرعة النت عندك وحجم الحزمة اللي اخترتها
_تاني خيار هو للإستعادة من الملفات وهو انك بتحدد مسار المجلد اللي الحزمة موجودة فيه واسمها وهو اللي انا استخدمته
_حزمة chroot كاملة حجمها يقرُب لـ 1 جيجا ونص والـ minimal حجمها 651 ميجا
_استخدام ادوات الـ wifi يتطلب تثبيت Busybox
_استخدام هواتف سامسونج أفضل من غيرها لدعمها الكبير من مطورين xda ومشروعات الريكفري المعدل مفتوحة المصدر TWRP
_تثبيت Andrax بيكون بنفس الطريقة لكن الفرق ان andrax بيحتاج مساحة تخزين حوالي 15 جيجا
لتحميل تطبيق NetHunter و terminal
https://store.nethunter.com
أو gitlab
https://gitlab.com/kalilinux/nethunter/apps
متطلبات أساسية:
_أندرويد lollipop مع وجود صلاحيات الروت
_مساحة تخزين خالية لا تقل عن 8 جيجابايت
بعد فتح البرنامج ومنحه الأذونات المطلوبة ادخل الى kali chroot manger وبعدها install kali chroot هتلاقي خيارين:
_الأول لتحميل حزمة ملفات Chroot ومن خلاله بتختار بنية نظامك وحجم الحزمة full ولا min وبعدين مسار تنزيل الملف وتضغط ok وتنتظر التنزيل، وطبعا الوقت هيختلف باختلاف سرعة النت عندك وحجم الحزمة اللي اخترتها
_تاني خيار هو للإستعادة من الملفات وهو انك بتحدد مسار المجلد اللي الحزمة موجودة فيه واسمها وهو اللي انا استخدمته
_حزمة chroot كاملة حجمها يقرُب لـ 1 جيجا ونص والـ minimal حجمها 651 ميجا
_استخدام ادوات الـ wifi يتطلب تثبيت Busybox
_استخدام هواتف سامسونج أفضل من غيرها لدعمها الكبير من مطورين xda ومشروعات الريكفري المعدل مفتوحة المصدر TWRP
_تثبيت Andrax بيكون بنفس الطريقة لكن الفرق ان andrax بيحتاج مساحة تخزين حوالي 15 جيجا
لتحميل تطبيق NetHunter و terminal
https://store.nethunter.com
أو gitlab
https://gitlab.com/kalilinux/nethunter/apps
Exploiting CVE 2019-2215 Android Binder
https://cutesmilee.github.io/kernel/linux/android/2022/02/17/cve-2019-2215_writeup
Case Study: Zabbix Frontend Vulnerabilities CVE-2022-23131 & CVE-2022-23134
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
https://cutesmilee.github.io/kernel/linux/android/2022/02/17/cve-2019-2215_writeup
Case Study: Zabbix Frontend Vulnerabilities CVE-2022-23131 & CVE-2022-23134
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
the most memory safe buffer overflow in rust
https://gist.github.com/rexim/38c176fe4669ef83db69aca9909d7b7f
Tutorial: Kubernetes Vulnerability
Scanning & Testing With Open Source
https://www.conjur.org/blog/tutorial-kubernetes-vulnerability-scanning-testing-with-open-source
https://gist.github.com/rexim/38c176fe4669ef83db69aca9909d7b7f
Tutorial: Kubernetes Vulnerability
Scanning & Testing With Open Source
https://www.conjur.org/blog/tutorial-kubernetes-vulnerability-scanning-testing-with-open-source
Vulnerability in WordPress' UpdraftPlus plugin allows subscribers to download sensitive backups
https://www.wordfence.com/blog/2022/02/vulnerability-in-updraftplus-allowed-subscribers-to-download-sensitive-backups
Local Privilege Escalation Vulnerability Discovered in snap-confine CVE-2021-44731
https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731
https://www.wordfence.com/blog/2022/02/vulnerability-in-updraftplus-allowed-subscribers-to-download-sensitive-backups
Local Privilege Escalation Vulnerability Discovered in snap-confine CVE-2021-44731
https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731
EmailAll is a powerful Email Collect tool
https://github.com/Taonn/EmailAll
extract JavaScript files from burp suite project with ease
https://github.com/0xDexter0us/uproot-JS
https://github.com/Taonn/EmailAll
extract JavaScript files from burp suite project with ease
https://github.com/0xDexter0us/uproot-JS
AI Powered Hacking Environment, A Software For Hackers, Social Engineers, ..
https://github.com/Mahmoud7Osman/Digle
For Building Distributed Denial Of Service Bots (DDOS), Attacking Network Applications Such As Web Applications, Services, ..
https://github.com/Mahmoud7Osman/EvilDoser
https://github.com/Mahmoud7Osman/Digle
For Building Distributed Denial Of Service Bots (DDOS), Attacking Network Applications Such As Web Applications, Services, ..
https://github.com/Mahmoud7Osman/EvilDoser
Ethical / unethical hacking platform to learn the concepts of hacking and cyber security and tools to exploit old and new services or system applications such as file path looting https://github.com/ArkAngeL43/Red-Rabbit-V5
Shell command obfuscation to avoid detection systems
https://github.com/ariary/volana
https://github.com/ariary/volana
Zenith exploits a memory corruption vulnerability in the NetUSB driver to get remote-code execution on the TP-Link Archer C7 V5 router for Pwn2Own Austin 2021
https://github.com/0vercl0k/zenith
https://github.com/0vercl0k/zenith
CVE-2022-23131 zabbix-saml-bypass-exp
https://github.com/Mr-xn/cve-2022-23131
Bypassing Linux Executable Space Protection CVE-2022-25265
https://github.com/x0reaxeax/exec-prot-bypass
https://github.com/Mr-xn/cve-2022-23131
Bypassing Linux Executable Space Protection CVE-2022-25265
https://github.com/x0reaxeax/exec-prot-bypass
Bug Bounty Roadmaps
https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
Useful Google Dorks for BugBounty
https://github.com/Proviesec/google-dorks
A curated list of backdoor learning resources
https://github.com/THUYimingLi/backdoor-learning-resources
https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
Useful Google Dorks for BugBounty
https://github.com/Proviesec/google-dorks
A curated list of backdoor learning resources
https://github.com/THUYimingLi/backdoor-learning-resources
InfoSecSherpa’s News Roundup for Sunday, February 20, 2022
https://infosecsherpa.medium.com/infosecsherpas-news-roundup-for-sunday-february-20-2022-a5a2aec09ddc
https://infosecsherpa.medium.com/infosecsherpas-news-roundup-for-sunday-february-20-2022-a5a2aec09ddc