CVE-2024-4577:
Make PHP-CGI Argument Injection
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability
]-> https://github.com/watchtowrlabs/CVE-2024-4577
CVE-2024-5171:
libaom Video Codec Library Vulnerability
https://issues.chromium.org/issues/332382766
Make PHP-CGI Argument Injection
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability
]-> https://github.com/watchtowrlabs/CVE-2024-4577
CVE-2024-5171:
libaom Video Codec Library Vulnerability
https://issues.chromium.org/issues/332382766
CVE-2024-26229: Windows LPE
PATCHADO: 9 de abril de 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Corrigida ligeiramente a exploração original
PATCHADO: 9 de abril de 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Corrigida ligeiramente a exploração original
Assembly for Hackers
"Assembly Unleashed: A Hacker's Handbook" is a definitive resource tailored specifically for hackers and security researchers seeking to master the art of assembly programming language. Authored by seasoned practitioners in the field, this book offers a comprehensive journey into the depths of assembly, unraveling its complexities and exposing its potential for exploitation and defense.
Source:
https://redteamrecipe.com/assembly-for-hackers
"Assembly Unleashed: A Hacker's Handbook" is a definitive resource tailored specifically for hackers and security researchers seeking to master the art of assembly programming language. Authored by seasoned practitioners in the field, this book offers a comprehensive journey into the depths of assembly, unraveling its complexities and exposing its potential for exploitation and defense.
Source:
https://redteamrecipe.com/assembly-for-hackers
CVE-2024-30103: Critical Microsoft Outlook Zero-Click RCE Flaw Executes as Email is Opened.
https://cybersecuritynews.com/microsoft-outlook-zero-click-rce-flaw/
https://cybersecuritynews.com/microsoft-outlook-zero-click-rce-flaw/
CVE-2024-28995: High-Severity Directory Traversal Vulnerability affecting SolarWinds Serv-U.
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
POC: https://github.com/rapid7/metasploit-framework/pull/19255
Query:
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
POC: https://github.com/rapid7/metasploit-framework/pull/19255
Query:
Hunter: protocol.banner="Serv-U FTP"
FOFA: app="SolarWinds-Serv-U-FTP"
SHODAN: product:"Serv-U ftpd"[OSEP-PEN300]-[2022]-offenseive_security_expert_penetration_tester
https://teraboxapp.com/s/1ukPQmfhzBxj6VnH5JwdXHg
https://teraboxapp.com/s/1ukPQmfhzBxj6VnH5JwdXHg
Computer Hacking Forensic Investigator Certification (CHFI) (Theory Based)
Course Links:
Part One:
https://drive.google.com/file/d/1n7PF9WNmC-6C4jGjlAYH0ZMwHz0N-q9h/view?usp=sharing
Part Two:
https://drive.google.com/file/d/1-OhDO7nnepI-PcaWa9uPXqzG5GPbgMvS/view?usp=sharing
Part Three:
https://drive.google.com/file/d/1setWYm95KGt3F4HW8d3psvFz5HExxHsh/view?usp=sharing
Course Links:
Part One:
https://drive.google.com/file/d/1n7PF9WNmC-6C4jGjlAYH0ZMwHz0N-q9h/view?usp=sharing
Part Two:
https://drive.google.com/file/d/1-OhDO7nnepI-PcaWa9uPXqzG5GPbgMvS/view?usp=sharing
Part Three:
https://drive.google.com/file/d/1setWYm95KGt3F4HW8d3psvFz5HExxHsh/view?usp=sharing
INE | eCPPT Penetration Testing Professional (NEW - 2024)
Download : https://1024terabox.com/s/1cVvLsmUf-Jb81Rawna24LQ
More info :https://security.ine.com/certifications/ecppt-certification/
Download : https://1024terabox.com/s/1cVvLsmUf-Jb81Rawna24LQ
More info :https://security.ine.com/certifications/ecppt-certification/
pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard https://github.com/hackertarget/pcap-did-what
duck.ai
Uma ferramenta de comunicação com chatbots feita pela DuckDuckGo. Gratuito, não requer cadastro (posiciona-se como anônimo e não coleta esses usuários) e muito rápido:
Turbo GPT-3.5
Claude 4 Haiku
Liama 3 70B
Mixtral 8x78
Uma ferramenta de comunicação com chatbots feita pela DuckDuckGo. Gratuito, não requer cadastro (posiciona-se como anônimo e não coleta esses usuários) e muito rápido:
Turbo GPT-3.5
Claude 4 Haiku
Liama 3 70B
Mixtral 8x78
Persistence Techniques That Persist https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist
Cyberark
Persistence Techniques That Persist
Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...
Fascinating C code: TCP sockets & HTTP file downloads using only ntdll exports (NtCreateFile & NtDeviceIoControlFile syscalls). Bypasses Winsock for low-level Windows networking.
https://www.x86matthew.com/view_post?id=ntsockets
https://www.x86matthew.com/view_post?id=ntsockets
Red Team Privilege Escalation
Part 1 - Writable SYSTEM Path Privilege Escalation
https://www.praetorian.com/blog/red-team-local-privilege-escalation-writable-system-path-privilege-escalation-part-1
Part 2 - RBCD Based Privilege Escalation
https://www.praetorian.com/blog/red-team-privilege-escalation-rbcd-based-privilege-escalation-part-2
Part 1 - Writable SYSTEM Path Privilege Escalation
https://www.praetorian.com/blog/red-team-local-privilege-escalation-writable-system-path-privilege-escalation-part-1
Part 2 - RBCD Based Privilege Escalation
https://www.praetorian.com/blog/red-team-privilege-escalation-rbcd-based-privilege-escalation-part-2
👍1
😈 RedTeam Story #1: XSS, LFI, Logrotate.
• MITRE ATT&CK Techniques and Tactics;
• Attack Context;
• Methodology;
• Evasion Mechanism;
• Goal;
• Exploitation of Website;
• Privilege Escalation and Lateral Movement;
• Post-Exploitation;
• Automation and Scripting;
• Persistence;
- MITRE ATT&CK Techniques and Tactics Sorted by Tactics;
- Attack Context;
• Scripting;
- Creating and Testing a Bash Reverse Shell;
- Verifying the Reverse Shell;
- Establishing a Reverse Shell Connection;
- Analyzing Root Crontab and Persistence Mechanisms;
— Reviewing Crontab;
— Root Reset Script;
— Log Rotation Configuration;
— Automated Root Login Script;
— Database Cleanup Script;
• Privilege Escalation;
• MITRE ATT&CK Techniques and Tactics;
• Attack Context;
• Methodology;
• Evasion Mechanism;
• Goal;
• Exploitation of Website;
• Privilege Escalation and Lateral Movement;
• Post-Exploitation;
• Automation and Scripting;
• Persistence;
- MITRE ATT&CK Techniques and Tactics Sorted by Tactics;
- Attack Context;
• Scripting;
- Creating and Testing a Bash Reverse Shell;
- Verifying the Reverse Shell;
- Establishing a Reverse Shell Connection;
- Analyzing Root Crontab and Persistence Mechanisms;
— Reviewing Crontab;
— Root Reset Script;
— Log Rotation Configuration;
— Automated Root Login Script;
— Database Cleanup Script;
• Privilege Escalation;