Zero Day Initiative — CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability
https://www.thezdi.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability
https://www.thezdi.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability
Zero Day Initiative
Zero Day Initiative — CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability
Last month, Microsoft released patches to address two remote code execution (RCE) vulnerabilities in SharePoint. In both Critical-rated cases, an attacker could send a specially crafted request to execute their code in the context of the SharePoint application…
Windows Privilege Escalation Guide
http://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
http://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Absolomb
Windows Privilege Escalation Guide
Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can…
UPDATE: AutoSploit 3.0 - The New Year's edition - PenTestIT
http://pentestit.com/update-autosploit-3-0-the-new-years-edition/amp/?__twitter_impression=true
http://pentestit.com/update-autosploit-3-0-the-new-years-edition/amp/?__twitter_impression=true
PenTestIT
UPDATE: AutoSploit 3.0 - The New Year's edition - PenTestIT
I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it’s subsequent update to AutoSploit 2.2. Recently, AutoSploit 3.0 was released. This post tries to describe the changes between the last release and the newest…
GitHub - SecureThisShit/WinPwn: Automation for internal Windows Penetrationtest / AD-Security - Still much work to do
https://github.com/SecureThisShit/WinPwn
https://github.com/SecureThisShit/WinPwn
GitHub
GitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-Security
Automation for internal Windows Penetrationtest / AD-Security - S3cur3Th1sSh1t/WinPwn
Writing a Custom Shellcode Encoder – syscall59 – Medium
https://medium.com/syscall59/writing-a-custom-shellcode-encoder-31816e767611
https://medium.com/syscall59/writing-a-custom-shellcode-encoder-31816e767611
Medium
Writing a Custom Shellcode Encoder
An example of how to write a custom encoder and decoder in plain assembly.
An extensive step by step reverse engineering of a Linux CTF binary
http://blog.kartone.ninja/2019/03/25/when-a-reverse-me-ctf-binary-makes-you-loose-that-job/
http://blog.kartone.ninja/2019/03/25/when-a-reverse-me-ctf-binary-makes-you-loose-that-job/
Kartone Infosec Blog
An extensive step by step reverse engineering of a Linux CTF binary
...or in other words, when failing to reverse a CTF binary makes you loose a job
A mimikatz update to start the week... introducing very experimental ARM64 support 🥳 for Windows 10 (1803), with a tons of bugfixes and two or three little things for pleasure
https://t.co/Wzb5GAfWfd
Yes, it still support Windows XP 😉
https://t.co/Wzb5GAfWfd
Yes, it still support Windows XP 😉
GitHub
Releases · gentilkiwi/mimikatz
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
Compilation of recon workflows · Pentester Land
https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html
https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html
Pentester Land
Compilation of recon workflows
Hi, this is a compilation of recon workflows found online. Use it as inspiration for creating your own Web pentest / bug bounty recon workflow.
These are all the ones that I could find. So if yours is missing and you want to see it featured above too, please…
These are all the ones that I could find. So if yours is missing and you want to see it featured above too, please…
Automating Discovery and Exploiting DOM (Client) XSS Vulnerabilities using Sboxr — Part 1
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-1-2e55c120c9e1
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-1-2e55c120c9e1
Medium
Automating Discovery and Exploiting DOM (Client) XSS Vulnerabilities using Sboxr — Part 1
This series of blogposts show how you can identify DOM XSS issues using Sboxr on Single Page or JavaScript rich applications. As examples…
GitHub - outflanknl/Excel4-DCOM: PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
https://github.com/outflanknl/Excel4-DCOM
https://github.com/outflanknl/Excel4-DCOM
GitHub
GitHub - outflanknl/Excel4-DCOM: PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM…
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe) - outflanknl/Excel4-DCOM
How to Find Subdomains (And Why You Should) – Katerina Borodina – Medium
https://www.explainhownow.com/2019/how-to-find-subdomains/
https://www.explainhownow.com/2019/how-to-find-subdomains/
GitHub - BloodHoundAD/BloodHound-Tools: Miscellaneous tools for BloodHound
https://github.com/BloodHoundAD/BloodHound-Tools
https://github.com/BloodHoundAD/BloodHound-Tools
GitHub
GitHub - BloodHoundAD/BloodHound-Tools: Miscellaneous tools for BloodHound
Miscellaneous tools for BloodHound. Contribute to BloodHoundAD/BloodHound-Tools development by creating an account on GitHub.
One-liner Safari sandbox escape exploit – 0xCC – Medium
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
Just released part 1 of analyzing WannaCry in Ghidra! In this video we will find the killswitch, look at its installation/persistence methods and extract/decrypt the resources contained in the malware! https://t.co/d06xnVMRPC
YouTube
Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra
In this first video of the "Reversing WannaCry" series we will look at the infamous killswitch and the installation and unpacking procedure of WannaCry. The ...
RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an…
https://doublepulsar.com/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6
https://doublepulsar.com/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6
Medium
RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation
How you can very easily use Remote Desktop Services to gain lateral movement through a network, using no external software — and how to…
Owning the Network with BadUSB – Tenable TechBlog – Medium
https://medium.com/tenable-techblog/owning-the-network-with-badusb-72daa45d1b00
https://medium.com/tenable-techblog/owning-the-network-with-badusb-72daa45d1b00
Medium
Owning the Network with BadUSB
Man-in-the-Middle with a Raspberry Pi
A Pentester's Guide - Part 1 (OSINT - Passive Recon and Discovery of Assets) | Sequoia
https://www.sequoiacybersolutions.com/a-pentesters-guide-part-1-osint-passive-recon-and-discovery-of-assets/
https://www.sequoiacybersolutions.com/a-pentesters-guide-part-1-osint-passive-recon-and-discovery-of-assets/
Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
https://www.ambionics.io/blog/magento-sqli
https://www.ambionics.io/blog/magento-sqli
Ambionics
Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
Several flaws have been identified in the latest version of Magento 2, allowing an attacker to obtain complete control over the server. We're now releasing the exploit for the unauthenticated SQL injection. We'll release the details for the RCE vulnerability…
Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory | Shenanigans Labs
https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
Shenanigans Labs
Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory
Back in March 2018, I embarked on an arguably pointless crusade to prove that the TrustedToAuthForDelegation attribute was meaningless, and that “protocol transition” can be achieved without it. I believed that security wise, once constrained delegation was…