Are you submitting bugs for free when others are being paid? Welcome to BugBounties!
https://medium.com/@zseano/are-you-submitting-bugs-for-free-when-others-are-being-paid-welcome-to-bugbounties-9e0fdb40a837
https://medium.com/@zseano/are-you-submitting-bugs-for-free-when-others-are-being-paid-welcome-to-bugbounties-9e0fdb40a837
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
GitHub
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug…
A list of resources for those interested in getting started in bug bounties - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
PWK Notes: Tunneling and Pivoting | 0xdf hacks stuff
https://0xdf.gitlab.io/2018/11/02/pwk-notes-tunneling.html
https://0xdf.gitlab.io/2018/11/02/pwk-notes-tunneling.html
0xdf hacks stuff
PWK Notes: Tunneling and Pivoting
That beautiful feeling of shell on a box is such a high. But once you realize that you need to pivot through that host deeper into the network, it can take you a bit out of your comfort zone. I’ve run into this in Sans Netwars, Hackthebox, and now in PWK.…
(2018-12-30) PowerShell Script To Reset The KrbTgt Account Password/Keys For Both RWDCs And RODCs – Jorge's Quest For Knowledge!
https://jorgequestforknowledge.wordpress.com/2018/12/30/powershell-script-to-reset-the-krbtgt-account-password-keys-for-both-rwdcs-and-rodcs/
https://jorgequestforknowledge.wordpress.com/2018/12/30/powershell-script-to-reset-the-krbtgt-account-password-keys-for-both-rwdcs-and-rodcs/
Jorge's Quest For Knowledge!
(2018-12-30) PowerShell Script To Reset The KrbTgt Account Password/Keys For Both RWDCs And RODCs
Information provided by Microsoft explaining why this is important KRBTGT Account Password Reset Scripts now available for customers – The original script written by Jared Poeppelman, who wor…
Debugging Android and iOS like a real G's with Dwarf GUI - Giovanni Rocca
http://www.giovanni-rocca.com/debugging-android-and-ios-like-a-real-gs-with-dwarf-gui/
http://www.giovanni-rocca.com/debugging-android-and-ios-like-a-real-gs-with-dwarf-gui/
Researcher shows how popular app ES File Explorer exposes Android device data – TechCrunch
https://techcrunch.com/2019/01/16/android-app-es-file-explorer-expose-data/
https://techcrunch.com/2019/01/16/android-app-es-file-explorer-expose-data/
TechCrunch
Researcher shows how popular app ES File Explorer exposes Android device data | TechCrunch
Why is one of the most popular Android apps running a hidden web server in the background? ES File Explorer claims it has more than 500 million downloads
Powershell Payload Delivery via DNS using Invoke-PowerCloud - Red Teaming Experiments
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts – TechCrunch
https://techcrunch.com/2019/01/17/wordpress-plugin-leaked-twitter-account-access-tokens/
https://techcrunch.com/2019/01/17/wordpress-plugin-leaked-twitter-account-access-tokens/
TechCrunch
A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts
A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise.
How to Find Hidden Cameras and Spy Bugs (The Professional Way) - Sentel Tech Security
https://www.senteltechsecurity.com/blog/post/how-to-find-hidden-cameras/
https://www.senteltechsecurity.com/blog/post/how-to-find-hidden-cameras/
GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
https://github.com/kgretzky/evilginx2
https://github.com/kgretzky/evilginx2
GitHub
GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session…
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication - kgretzky/evilginx2
How to write a rootkit without really trying | Trail of Bits Blog
https://blog.trailofbits.com/2019/01/17/how-to-write-a-rootkit-without-really-trying/
https://blog.trailofbits.com/2019/01/17/how-to-write-a-rootkit-without-really-trying/
The Trail of Bits Blog
How to write a rootkit without really trying
We open-sourced a fault injection tool, KRF, that uses kernel-space syscall interception. You can use it today to find faulty assumptions (and resultant bugs) in your programs. Check it out! This post covers intercepting system calls from within the Linux…
Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE – Embedi
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
DarkHydrus APT Uses Google Drive to Send Commands to RogueRobin Trojan
https://www.bleepingcomputer.com/news/security/darkhydrus-apt-uses-google-drive-to-send-commands-to-roguerobin-trojan/
https://www.bleepingcomputer.com/news/security/darkhydrus-apt-uses-google-drive-to-send-commands-to-roguerobin-trojan/
BleepingComputer
DarkHydrus APT Uses Google Drive to Send Commands to RogueRobin Trojan
New malicious campaigns attributed to DarkHydrus APT group show the adversary's use of a new variant of the RogueRobin Trojan and of Google Drive as an alternative command and control (C2) communication channel.
Get Reverse-shell via Windows one-liner
https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/
https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/
Hacking Articles
Get Reverse-shell via Windows one-liner
This article will help those who play with CTF challenges because today we will discuss “Windows One-Liner” to use malicious commands such as PowerShell or
HOW A 8 LINES OF CODE CAN STEAL YOUR MONEY ! – Vjk – Medium
https://medium.com/@vjkhere/how-a-8-lines-of-code-can-steal-your-money-6eea463eae19
https://medium.com/@vjkhere/how-a-8-lines-of-code-can-steal-your-money-6eea463eae19
Medium
HOW A 8 LINES OF CODE CAN STEAL YOUR MONEY !
This is my very first blog in medium.com . i hope you all will like it !!
An intro to pentesting an Android phone – Thao N. Vo – Medium
https://medium.com/@tnvo/an-intro-to-pentesting-an-android-phone-464ec4860f39
https://medium.com/@tnvo/an-intro-to-pentesting-an-android-phone-464ec4860f39
Medium
Pentesting Android applications by reversing and finding attack surfaces
In this past semester, I was taking a cybersecurity class. Since our awesome professor believe in the concept that we learn by doing and…
Bypass EDR’s memory protection, introduction to hooking
https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6
https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6
Medium
Bypass EDR’s memory protection, introduction to hooking
How to get started with Malware Analysis and Reverse Engineering - 0ffset
https://0ffset.net/miscellaneous/how-to-get-started-with-malware-analysis/
https://0ffset.net/miscellaneous/how-to-get-started-with-malware-analysis/
0ffset Training Solutions | Practical and Affordable Cyber Security Training
How to get started with Malware Analysis | 0ffset Training Solutions
So it's been a while since I last posted anything - I've been extremely busy with exam season coming up, but I had a bit of spare time so I decided to post something. Expect more regular posts over the holidays, and I hope to revamp the website a bit so it…