Hack crypto secrets from heap memory to exploit Android application
https://secureitmania.medium.com/hack-crypto-secrets-from-heap-memory-to-exploit-android-application-728097fcda3
https://secureitmania.medium.com/hack-crypto-secrets-from-heap-memory-to-exploit-android-application-728097fcda3
Medium
Hack crypto secrets from heap memory to exploit Android application
Due to the short time of development, The developers only focus on the building feature, functionalities and UI components. But they may…
Route SSH Connections with HAProxy
https://www.haproxy.com/blog/route-ssh-connections-with-haproxy/
https://www.haproxy.com/blog/route-ssh-connections-with-haproxy/
HAProxy Technologies
Route SSH Connections with HAProxy - HAProxy Technologies
In this blog post, you will learn several ways to configure HAProxy for proxying SSH, all of which rely on the ssh command's ProxyCommand field.
How I Found My First Ever ZeroDay (In RDP)
https://www.malwaretech.com/2020/12/how-i-found-my-first-ever-zeroday-in-rdp.html
https://www.malwaretech.com/2020/12/how-i-found-my-first-ever-zeroday-in-rdp.html
MalwareTech
How I Found My First Ever ZeroDay (In RDP) - MalwareTech
Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d done the occasional patch analysis, but I never saw a point in bug hunting on a major OS. After all…
NTFS Remote Code Execution (CVE-2020-17096) Analysis
https://blog.zecops.com/vulnerabilities/ntfs-remote-code-execution-cve-2020-17096-analysis/
https://blog.zecops.com/vulnerabilities/ntfs-remote-code-execution-cve-2020-17096-analysis/
ZecOps Blog
NTFS Remote Code Execution (CVE-2020-17096) Analysis - ZecOps Blog
This is an analysis of the CVE-2020-17096 vulnerability published by Microsoft on December 12, 2020. The remote code execution vulnerability assessed with Exploitation: “More Likely”, grabbed our attention among the last Patch Tuesday fixes. Diffing ntfs.sys…
PIDRILA: Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers.
https://www.kitploit.com/2021/01/pidrila-python-interactive-deepweb.html
https://www.kitploit.com/2021/01/pidrila-python-interactive-deepweb.html
KitPloit - PenTest & Hacking Tools
Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Pretty cool. SolarWinds hackers put malware on the build systems which would hijack the compile process and quietly insert the backdoor into the code every time the devs compiled it.
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
Crowdstrike
SUNSPOT Malware: A Technical Analysis | CrowdStrike
In this blog, we offer a technical analysis of SUNSPOT, malware that was deployed into the build environment to inject this backdoor into the SolarWinds Orion platform.
Researching new ways to detect 0-day exploits in the wild
Part 1 - Introduction
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
Part 2 - Chrome Infinity Bug
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html
Part 3 - Chrome Exploits (PoC for CVE-2017-5070, CVE-2020-6418, CVE-2019-5782, CVE-2019-13764)
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html
Part 4 - Android Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html?
Part 5 - Android Post-Exploitation
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
Part 6 - Windows Exploits (PoC for CVE-2020-0938, CVE-2020-1020, CVE-2020-1027)
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html
Part 1 - Introduction
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
Part 2 - Chrome Infinity Bug
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html
Part 3 - Chrome Exploits (PoC for CVE-2017-5070, CVE-2020-6418, CVE-2019-5782, CVE-2019-13764)
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html
Part 4 - Android Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html?
Part 5 - Android Post-Exploitation
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
Part 6 - Windows Exploits (PoC for CVE-2020-0938, CVE-2020-1020, CVE-2020-1027)
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html
Blogspot
Introducing the In-the-Wild Series
This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other p...
#RedTeam
Pentesting the #ELK (#Elasticsearch, #Logstash, #Kibana) Stack
https://insinuator.net/2021/01/pentesting-the-elk-stack
Pentesting the #ELK (#Elasticsearch, #Logstash, #Kibana) Stack
https://insinuator.net/2021/01/pentesting-the-elk-stack
Insinuator.net
Pentesting the ELK Stack
With this blog post, I will provide information on how to proceed when testing ELK Stack landscapes. Information regarding the exploitation of the ELK Stack is very rare on the internet. Therefore, following article aims to provide you with some approaches…
First reconftw official release is out, it has a lot of changes and bug fixes along some new or improved functionalities, also the installer is compatible with most distros and extra gift: recon mindmap, check it out!!
https://github.com/six2dez/reconftw
https://github.com/six2dez/reconftw
GitHub
six2dez/reconftw
Simple script for full recon. Contribute to six2dez/reconftw development by creating an account on GitHub.
Using Spotify Playlists as Malware CDN(!) | C2Tify
https://kaganisildak.com/2021/01/14/using-spotify-playlists-as-malware-cdn-c2tify/
https://kaganisildak.com/2021/01/14/using-spotify-playlists-as-malware-cdn-c2tify/
Kağan IŞILDAK
Using Spotify Playlists as Malware CDN(!) | C2Tify
Hi there Yesterday, I made a project with Spotify and Twitter api, like the “now playing” feature in MSN.(here) Then, while I was trying to sleep at night, ideas started colliding in my…
Pentester Swiss Army Knife is a Docker Image with a suite of the most used tools for Hacking and Pentesting.
https://github.com/leoanggal1/P-SAK
https://github.com/leoanggal1/P-SAK
GitHub
leoanggal1/P-SAK
Pentester Swiss Army Knife is a Docker Image with a suite of the most used tools for Hacking and Pentesting. - leoanggal1/P-SAK
CISCO CVE-2020-3452 Scanner & Exploiter
https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
GitHub
darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
CISCO CVE-2020-3452 Scanner & Exploiter. Contribute to darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter development by creating an account on GitHub.
https://secret.club/2021/01/14/vbox-escape.html
This post is about a #VirtualBox escape for the latest currently available version (VirtualBox 6.1.16 on #Windows). The vulnerabilities were discovered and exploited by our team Sauercl0ud as part of the RealWorld #CTF 2020/2021.
This post is about a #VirtualBox escape for the latest currently available version (VirtualBox 6.1.16 on #Windows). The vulnerabilities were discovered and exploited by our team Sauercl0ud as part of the RealWorld #CTF 2020/2021.
secret club
Escaping VirtualBox 6.1: Part 1
This post is about a VirtualBox escape for the latest currently available version (VirtualBox 6.1.16 on Windows). The vulnerabilities were discovered and exploited by our team Sauercl0ud as part of the RealWorld CTF 2020/2021. The vulnerability was known…
Beginner-friendly post about some of the basics related to code coverage in #fuzzing, just going over terminology, common strats, and some tooling.
https://h0mbre.github.io/Fuzzing-Like-A-Caveman-5/#
https://h0mbre.github.io/Fuzzing-Like-A-Caveman-5/#
The Human Machine Interface
Fuzzing Like A Caveman 5: A Code Coverage Tour for Cavepeople
IntroductionWe’ve already discussed the importance of code coverage previously in this series so today we’ll try to understand some of the very basic underlying concepts, some common approaches, some tooling, and also see what techniques some popular fuzzing…
How to use Ghidra to Reverse Engineer Mobile Application
https://medium.com/bugbountywriteup/how-to-use-ghidra-to-reverse-engineer-mobile-application-c2c89dc5b9aa
https://medium.com/bugbountywriteup/how-to-use-ghidra-to-reverse-engineer-mobile-application-c2c89dc5b9aa
Medium
How to use Ghidra to Reverse Engineer Mobile Application
Unveil the
Exploiting Error Based SQL Injections & Bypassing Restrictions
https://medium.com/bugbountywriteup/exploiting-error-based-sql-injections-bypassing-restrictions-ed099623cd94
https://medium.com/bugbountywriteup/exploiting-error-based-sql-injections-bypassing-restrictions-ed099623cd94
Medium
Exploiting Error Based SQL Injections & Bypassing Restrictions
In this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL Injections. Before diving in, let’s…
Gaining access to arbitrary* Content Providers
https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/
https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/
News, Techniques & Guides
Gaining access to arbitrary* Content Providers
The vulnerability we shall be looking at is very common, but remains little known. We want to shed some light on it today, so as to help app developers avoid it when they write their apps and security researchers find it in other people's apps and warn the…