Privilege Escalation in Ubuntu Linux (dirty_sock exploit) | Shenanigans Labs
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
Shenanigans Labs
Privilege Escalation in Ubuntu Linux (dirty_sock exploit)
In January 2019, I discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the…
Recon-ng Tutorial
Part 1 Install and Setup
https://t.co/6KmMj59yCO
Part 2 Workspaces and Import
https://t.co/kua3VB200g
Part 3 Usage and Reporting
https://t.co/gHBp5lw8KK
Part 1 Install and Setup
https://t.co/6KmMj59yCO
Part 2 Workspaces and Import
https://t.co/kua3VB200g
Part 3 Usage and Reporting
https://t.co/gHBp5lw8KK
Pwning WPA/WPA2 Networks With Bettercap and the PMKID Client-Less Attack
https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/#.XGRV3mo06jA.twitter
https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/#.XGRV3mo06jA.twitter
Disclose private attachments in Facebook Messenger Infrastructure - 15,000$
https://medium.com/bugbountywriteup/disclose-private-attachments-in-facebook-messenger-infrastructure-15-000-ae13602aa486
https://medium.com/bugbountywriteup/disclose-private-attachments-in-facebook-messenger-infrastructure-15-000-ae13602aa486
Medium
Disclose private attachments in Facebook Messenger Infrastructure - 15,000$
Hello community, today I would like to share with you my most critical bug that I found in Facebook so far, so let’s get started :)
Pass the Hash Attack Tutorial | Lateral Movement using LanMan or NTLM hashes
https://attack.stealthbits.com/pass-the-hash-attack-explained
https://attack.stealthbits.com/pass-the-hash-attack-explained
Netwrix
Pass the Hash Attack
This tutorial explains how Pass the Hash attacks work, and how to detect, mitigate and respond to them.
GitHub - tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
GitHub
GitHub - tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection…
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan/MobileApp-Pentest-Chea...
Webkit Exploitation Tutorial - Auxy’s Blog
http://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/
http://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/
How Google Tracks Hackers - Motherboard
https://motherboard.vice.com/en_us/article/wjmxz9/how-google-tracks-hackers-cyber-podcast
https://motherboard.vice.com/en_us/article/wjmxz9/how-google-tracks-hackers-cyber-podcast
Motherboard
How Google Tracks Hackers
This week, CYBER speaks to Shane Huntley, the Director of Google's Threat Analysis Group (TAG), essentially Google's hacker hunting team.
Facebook Login Phishing Campaign
https://myki.com/blog/facebook-login-phishing-campaign/
https://myki.com/blog/facebook-login-phishing-campaign/
Script Injection: Invision Power Board 3.3.1 - 3.4.8 stored XSS in any message
https://scriptinjection.blogspot.com/2019/02/invision-power-board-331-348-stored-xss.html
https://scriptinjection.blogspot.com/2019/02/invision-power-board-331-348-stored-xss.html
Blogspot
Invision Power Board 3.3.1 - 3.4.8 stored XSS in any message
XSS, cross site scripting, javascript injection, clientside, RCE, 0day, 1day
Brute-forcing Active Directory credentials via RD Gateway
https://medium.com/@alexeypetrenko/brute-forcing-active-directory-credentials-via-rd-gateway-7ef061e05414
https://medium.com/@alexeypetrenko/brute-forcing-active-directory-credentials-via-rd-gateway-7ef061e05414
Medium
Brute-forcing Active Directory credentials via RD Gateway
I wrote a module for patator to brute-force AD credentials via Microsoft RD Gateway
slides about JavaScript engine fuzzing: https://t.co/ITeCL1D1gP thesis (developed the fuzzer) can be found here: https://t.co/hv5en0hmIT
MOV AX, BX Code depilation salon: Articles, Code samples, Processor code documentation, Low-level programming, Working with debuggers Windows Process Injection: Sharing the payload
https://movaxbx.ru/2019/02/16/windows-process-injection-sharing-the-payload/
https://movaxbx.ru/2019/02/16/windows-process-injection-sharing-the-payload/
mov ax,bx
Windows Process Injection: Sharing the payload
Original text Introduction The last post discussed some of the problems when writing a payload for process injection. The purpose of this post is to discuss deploying the payload into the memo…
❤1
CVE-2019-8372: Local Privilege Elevation in LG Kernel Driver - @Jackson_T
http://www.jackson-t.ca/lg-driver-lpe.html
http://www.jackson-t.ca/lg-driver-lpe.html
GitHub - Tuhinshubhra/CMSeeK: CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 150 other CMSs
https://github.com/Tuhinshubhra/CMSeeK
https://github.com/Tuhinshubhra/CMSeeK
GitHub
GitHub - Tuhinshubhra/CMSeeK: CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs - Tuhinshubhra/CMSeeK
GitHub - AntonioErdeljac/Google-Machine-Learning-Course-Notes: Notes taken from Google Machine Learning Course provided to public for practice & correction.
https://github.com/AntonioErdeljac/Google-Machine-Learning-Course-Notes
https://github.com/AntonioErdeljac/Google-Machine-Learning-Course-Notes
GitHub
AntonioErdeljac/Google-Machine-Learning-Course-Notes
Notes taken from Google Machine Learning Course provided to public for practice & correction. - AntonioErdeljac/Google-Machine-Learning-Course-Notes
Why you should not use GraphQL schema generators – Raz0r.name
https://raz0r.name/articles/why-you-should-not-use-graphql-schema-generators/
https://raz0r.name/articles/why-you-should-not-use-graphql-schema-generators/
WordPress 5.0.0 Remote Code Execution – A combination of a Path Traversal and Local File Inclusion vulnerability lead to RCE Remote Code Execution in the WordPress core. The vulnerability was present for over 6 years. Check out how we found it! https://t.co/H8uZceNTel
Microsoft Edge RCE - (CVE-2018-8495) - Abdulrahman Al-Qabandi
https://leucosite.com/Microsoft-Edge-RCE/
https://leucosite.com/Microsoft-Edge-RCE/
Leucosite
Edge RCE
(CVE-2018-8495) Chaining small bugs together to achieve RCE