Pass the Hash Attack Tutorial | Lateral Movement using LanMan or NTLM hashes
https://attack.stealthbits.com/pass-the-hash-attack-explained
https://attack.stealthbits.com/pass-the-hash-attack-explained
Netwrix
Pass the Hash Attack
This tutorial explains how Pass the Hash attacks work, and how to detect, mitigate and respond to them.
GitHub - tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
GitHub
GitHub - tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection…
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan/MobileApp-Pentest-Chea...
Webkit Exploitation Tutorial - Auxy’s Blog
http://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/
http://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/
How Google Tracks Hackers - Motherboard
https://motherboard.vice.com/en_us/article/wjmxz9/how-google-tracks-hackers-cyber-podcast
https://motherboard.vice.com/en_us/article/wjmxz9/how-google-tracks-hackers-cyber-podcast
Motherboard
How Google Tracks Hackers
This week, CYBER speaks to Shane Huntley, the Director of Google's Threat Analysis Group (TAG), essentially Google's hacker hunting team.
Facebook Login Phishing Campaign
https://myki.com/blog/facebook-login-phishing-campaign/
https://myki.com/blog/facebook-login-phishing-campaign/
Script Injection: Invision Power Board 3.3.1 - 3.4.8 stored XSS in any message
https://scriptinjection.blogspot.com/2019/02/invision-power-board-331-348-stored-xss.html
https://scriptinjection.blogspot.com/2019/02/invision-power-board-331-348-stored-xss.html
Blogspot
Invision Power Board 3.3.1 - 3.4.8 stored XSS in any message
XSS, cross site scripting, javascript injection, clientside, RCE, 0day, 1day
Brute-forcing Active Directory credentials via RD Gateway
https://medium.com/@alexeypetrenko/brute-forcing-active-directory-credentials-via-rd-gateway-7ef061e05414
https://medium.com/@alexeypetrenko/brute-forcing-active-directory-credentials-via-rd-gateway-7ef061e05414
Medium
Brute-forcing Active Directory credentials via RD Gateway
I wrote a module for patator to brute-force AD credentials via Microsoft RD Gateway
slides about JavaScript engine fuzzing: https://t.co/ITeCL1D1gP thesis (developed the fuzzer) can be found here: https://t.co/hv5en0hmIT
MOV AX, BX Code depilation salon: Articles, Code samples, Processor code documentation, Low-level programming, Working with debuggers Windows Process Injection: Sharing the payload
https://movaxbx.ru/2019/02/16/windows-process-injection-sharing-the-payload/
https://movaxbx.ru/2019/02/16/windows-process-injection-sharing-the-payload/
mov ax,bx
Windows Process Injection: Sharing the payload
Original text Introduction The last post discussed some of the problems when writing a payload for process injection. The purpose of this post is to discuss deploying the payload into the memo…
❤1
CVE-2019-8372: Local Privilege Elevation in LG Kernel Driver - @Jackson_T
http://www.jackson-t.ca/lg-driver-lpe.html
http://www.jackson-t.ca/lg-driver-lpe.html
GitHub - Tuhinshubhra/CMSeeK: CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 150 other CMSs
https://github.com/Tuhinshubhra/CMSeeK
https://github.com/Tuhinshubhra/CMSeeK
GitHub
GitHub - Tuhinshubhra/CMSeeK: CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs - Tuhinshubhra/CMSeeK
GitHub - AntonioErdeljac/Google-Machine-Learning-Course-Notes: Notes taken from Google Machine Learning Course provided to public for practice & correction.
https://github.com/AntonioErdeljac/Google-Machine-Learning-Course-Notes
https://github.com/AntonioErdeljac/Google-Machine-Learning-Course-Notes
GitHub
AntonioErdeljac/Google-Machine-Learning-Course-Notes
Notes taken from Google Machine Learning Course provided to public for practice & correction. - AntonioErdeljac/Google-Machine-Learning-Course-Notes
Why you should not use GraphQL schema generators – Raz0r.name
https://raz0r.name/articles/why-you-should-not-use-graphql-schema-generators/
https://raz0r.name/articles/why-you-should-not-use-graphql-schema-generators/
WordPress 5.0.0 Remote Code Execution – A combination of a Path Traversal and Local File Inclusion vulnerability lead to RCE Remote Code Execution in the WordPress core. The vulnerability was present for over 6 years. Check out how we found it! https://t.co/H8uZceNTel
Microsoft Edge RCE - (CVE-2018-8495) - Abdulrahman Al-Qabandi
https://leucosite.com/Microsoft-Edge-RCE/
https://leucosite.com/Microsoft-Edge-RCE/
Leucosite
Edge RCE
(CVE-2018-8495) Chaining small bugs together to achieve RCE
MikroTik Firewall & NAT Bypass – Tenable TechBlog – Medium
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
Medium
MikroTik Firewall & NAT Bypass
Exploitation from WAN to LAN
GitHub - parsiya/Hacking-with-Go: Golang for Security Professionals
https://github.com/parsiya/Hacking-with-Go
https://github.com/parsiya/Hacking-with-Go
GitHub
GitHub - parsiya/Hacking-with-Go: Golang for Security Professionals
Golang for Security Professionals. Contribute to parsiya/Hacking-with-Go development by creating an account on GitHub.
Abusing autoresponders and email bounces – intigriti – Medium
https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2
https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2
Medium
Abusing autoresponders and email bounces
Being a bug bounty hunter, I face a lot of competition. Lots of companies are willing to issue rewards for vulnerabilities in their…