CVE-2022-39952:
Unauthenticated RCE in Fortinet FortiNAC
https://github.com/Florian-R0th/CVE-2022-39952
Unauthenticated RCE in Fortinet FortiNAC
https://github.com/Florian-R0th/CVE-2022-39952
CVE-2023-23752:
CMS Joomla - unauthorized access to webservice endpoints
https://github.com/WhiteOwl-Pub/CVE-2023-23752
CMS Joomla - unauthorized access to webservice endpoints
https://github.com/WhiteOwl-Pub/CVE-2023-23752
DiffCSP.pdf
868.5 KB
#Research
"DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing", 2023.
"DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing", 2023.
#reversing
1. apk sh - Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks
https://github.com/ax/apk.sh#getting-started
2. Sekiryu - Python script for automatic decompilation and analysis of binary files with ChatGPT and Ghidra (IDA & Binja support soon)
https://github.com/20urc3/Sekiryu
1. apk sh - Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks
https://github.com/ax/apk.sh#getting-started
2. Sekiryu - Python script for automatic decompilation and analysis of binary files with ChatGPT and Ghidra (IDA & Binja support soon)
https://github.com/20urc3/Sekiryu
GitHub
GitHub - ax/apk.sh: Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding…
Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK. - ax/apk.sh
👍1
Firefox Addons for Pentester
https://github.com/Ignitetechnologies/Mindmap/tree/main/Firefox%20Pentest%20Addons
https://github.com/Ignitetechnologies/Mindmap/tree/main/Firefox%20Pentest%20Addons
GitHub
Mindmap/Firefox Pentest Addons at main · Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them - Ignitetechnologies/Mindmap
Android_Non-SDK_Srv_API_Sec.pdf
560.5 KB
#Mobile_Security
"A Systematic Study of Android Non-SDK (Hidden) Service API Security", 2022.
ServiceAudit tool - Android Service Helper bypass vulnerabilties detecting:
https://github.com/fripSide/ServiceAudit
Android static analysis repository:
https://github.com/krizzsk/HackersCave4StaticAndroidSec/blob/main/Android%20Research/research-articles.md
"A Systematic Study of Android Non-SDK (Hidden) Service API Security", 2022.
ServiceAudit tool - Android Service Helper bypass vulnerabilties detecting:
https://github.com/fripSide/ServiceAudit
Android static analysis repository:
https://github.com/krizzsk/HackersCave4StaticAndroidSec/blob/main/Android%20Research/research-articles.md
Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks
https://thehackernews.com/2023/03/jenkins-security-alert-new-security.html
https://thehackernews.com/2023/03/jenkins-security-alert-new-security.html
CVE-2023-21768 Local Privilege Escalation POC
https://github.com/xforcered/Windows_LPE_AFD_CVE-2023-21768
https://github.com/xforcered/Windows_LPE_AFD_CVE-2023-21768
GitHub
GitHub - xforcered/Windows_LPE_AFD_CVE-2023-21768: LPE exploit for CVE-2023-21768
LPE exploit for CVE-2023-21768. Contribute to xforcered/Windows_LPE_AFD_CVE-2023-21768 development by creating an account on GitHub.
50 Methods For Lsass Dump (RTC0002)
https://redteamrecipe.com/50-Methods-For-Dump-LSASS
https://redteamrecipe.com/50-Methods-For-Dump-LSASS
ExpiredDomains.com
redteamrecipe.com is for sale! Check it out on ExpiredDomains.com
Buy redteamrecipe.com for 195 on GoDaddy via ExpiredDomains.com. This premium expired .com domain is ideal for establishing a strong online identity.
👍4
#Mobile_Security
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
https://infosecwriteups.com/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
https://infosecwriteups.com/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
Medium
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
Mobile applications has become a trend these days since there are a rapid growing companies and startups which already taken their steps…
❤1
Vulristics - Extensible framework for analyzing publicly available information about vulnerabilities
https://github.com/leonov-av/vulristics
https://github.com/leonov-av/vulristics
GitHub
GitHub - leonov-av/vulristics: Extensible framework for analyzing publicly available information about vulnerabilities
Extensible framework for analyzing publicly available information about vulnerabilities - leonov-av/vulristics
👍1
WARF is a Web Application Reconnaissance Framework that helps to gather information about the target.
https://github.com/iamnihal/warf
https://github.com/iamnihal/warf
GitHub
GitHub - iamnihal/warf: WARF is a Web Application Reconnaissance Framework that helps to gather information about the target.
WARF is a Web Application Reconnaissance Framework that helps to gather information about the target. - iamnihal/warf
❤2
PetitPotato-master.zip
1.5 MB
Local privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)
https://github.com/wh0amitz/PetitPotato
#LPE
https://github.com/wh0amitz/PetitPotato
#LPE
CVE-2023-23397:
Microsoft Outlook EoP Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability
0-day: https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
Microsoft Outlook EoP Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability
0-day: https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
MDSec
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec
Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows...
Producing a PoC for CVE-2022-42475 (Fortinet RCE)
https://blog.scrt.ch/2023/03/14/producing-a-poc-for-cve-2022-42475-fortinet-rce
https://blog.scrt.ch/2023/03/14/producing-a-poc-for-cve-2022-42475-fortinet-rce
Multiple Internet to Baseband RCE Vulnerabilities in Samsung Exynos Modems
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
projectzero.google
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems - Project Zero
Posted by Tim Willis, Project Zero In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung S...
👍2