One-liner Safari sandbox escape exploit – 0xCC – Medium
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
Just released part 1 of analyzing WannaCry in Ghidra! In this video we will find the killswitch, look at its installation/persistence methods and extract/decrypt the resources contained in the malware! https://t.co/d06xnVMRPC
YouTube
Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra
In this first video of the "Reversing WannaCry" series we will look at the infamous killswitch and the installation and unpacking procedure of WannaCry. The ...
RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an…
https://doublepulsar.com/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6
https://doublepulsar.com/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6
Medium
RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation
How you can very easily use Remote Desktop Services to gain lateral movement through a network, using no external software — and how to…
Owning the Network with BadUSB – Tenable TechBlog – Medium
https://medium.com/tenable-techblog/owning-the-network-with-badusb-72daa45d1b00
https://medium.com/tenable-techblog/owning-the-network-with-badusb-72daa45d1b00
Medium
Owning the Network with BadUSB
Man-in-the-Middle with a Raspberry Pi
A Pentester's Guide - Part 1 (OSINT - Passive Recon and Discovery of Assets) | Sequoia
https://www.sequoiacybersolutions.com/a-pentesters-guide-part-1-osint-passive-recon-and-discovery-of-assets/
https://www.sequoiacybersolutions.com/a-pentesters-guide-part-1-osint-passive-recon-and-discovery-of-assets/
Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
https://www.ambionics.io/blog/magento-sqli
https://www.ambionics.io/blog/magento-sqli
Ambionics
Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
Several flaws have been identified in the latest version of Magento 2, allowing an attacker to obtain complete control over the server. We're now releasing the exploit for the unauthenticated SQL injection. We'll release the details for the RCE vulnerability…
Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory | Shenanigans Labs
https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
Shenanigans Labs
Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory
Back in March 2018, I embarked on an arguably pointless crusade to prove that the TrustedToAuthForDelegation attribute was meaningless, and that “protocol transition” can be achieved without it. I believed that security wise, once constrained delegation was…
Ever wanted to better understand how Windows Defender implements its signatures? Here's a first step. I wrote a thing to decompress WDAV .vdm files. https://t.co/TKMILmcllL
Gist
Decompresses Windows Defender AV signatures for exploration purposes
Decompresses Windows Defender AV signatures for exploration purposes - ExpandDefenderSig.ps1
An intro to pentesting an Android phone – Noteworthy - The Journal Blog
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39
Medium
Pentesting Android applications by reversing and finding attack surfaces
In this past semester, I was taking a cybersecurity class. Since our awesome professor believe in the concept that we learn by doing and…
Hidden Markov Model For Insider Threat Detection – ASecuritySite: When Bob Met Alice – Medium
https://medium.com/asecuritysite-when-bob-met-alice/hidden-markov-model-for-insider-threat-detection-97a9a187ae6f
https://medium.com/asecuritysite-when-bob-met-alice/hidden-markov-model-for-insider-threat-detection-97a9a187ae6f
Medium
Hidden Markov Model For Insider Threat Detection
One of the most difficult threats to detect is the insider threat, especially when related to the detection to fraud. Normally we detect…
GitHub - Voorivex/pentest-guide: Penetration tests cases, resources and guidelines.
https://github.com/Voorivex/pentest-guide
https://github.com/Voorivex/pentest-guide
GitHub
GitHub - Voorivex/pentest-guide: Penetration tests guide based on OWASP including test cases, resources and examples.
Penetration tests guide based on OWASP including test cases, resources and examples. - Voorivex/pentest-guide
Analysis of a Chrome Zero Day: CVE-2019-5786 | McAfee Blogs
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
McAfee Blog
Cybersecurity News and Insights to Stay Safe Online | McAfee Blog
Welcome to the McAfee Blog, where we share posts about security solutions and products to keep you and your connected family safe online.
XSS in hidden input fields | Blog
https://portswigger.net/blog/xss-in-hidden-input-fields
https://portswigger.net/blog/xss-in-hidden-input-fields
PortSwigger Research
XSS in hidden input fields
At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it's behaving properly. Whilst doing this recently, Liam found a
GitHub - ivRodriguezCA/RE-iOS-Apps: A completely free, open source and online course about Reverse Engineering iOS Applications.
https://github.com/ivRodriguezCA/RE-iOS-Apps
https://github.com/ivRodriguezCA/RE-iOS-Apps
GitHub
GitHub - ivRodriguezCA/RE-iOS-Apps: A completely free, open source and online course about Reverse Engineering iOS Applications.
A completely free, open source and online course about Reverse Engineering iOS Applications. - ivRodriguezCA/RE-iOS-Apps
How I am able to hijack you. – InfoSec Write-ups – Medium
https://medium.com/bugbountywriteup/how-i-am-able-to-hijack-you-1cab793a01d1
https://medium.com/bugbountywriteup/how-i-am-able-to-hijack-you-1cab793a01d1
Medium
How I am able to hijack you.
or rather: How I am able to hijack your autosuggestions in Google Search.
GitHub - NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework
https://github.com/NationalSecurityAgency/ghidra
https://github.com/NationalSecurityAgency/ghidra
GitHub
GitHub - NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework
Ghidra is a software reverse engineering (SRE) framework - NationalSecurityAgency/ghidra