Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
https://www.ambionics.io/blog/magento-sqli
https://www.ambionics.io/blog/magento-sqli
Ambionics
Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
Several flaws have been identified in the latest version of Magento 2, allowing an attacker to obtain complete control over the server. We're now releasing the exploit for the unauthenticated SQL injection. We'll release the details for the RCE vulnerability…
Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory | Shenanigans Labs
https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
Shenanigans Labs
Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory
Back in March 2018, I embarked on an arguably pointless crusade to prove that the TrustedToAuthForDelegation attribute was meaningless, and that “protocol transition” can be achieved without it. I believed that security wise, once constrained delegation was…
Ever wanted to better understand how Windows Defender implements its signatures? Here's a first step. I wrote a thing to decompress WDAV .vdm files. https://t.co/TKMILmcllL
Gist
Decompresses Windows Defender AV signatures for exploration purposes
Decompresses Windows Defender AV signatures for exploration purposes - ExpandDefenderSig.ps1
An intro to pentesting an Android phone – Noteworthy - The Journal Blog
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39
Medium
Pentesting Android applications by reversing and finding attack surfaces
In this past semester, I was taking a cybersecurity class. Since our awesome professor believe in the concept that we learn by doing and…
Hidden Markov Model For Insider Threat Detection – ASecuritySite: When Bob Met Alice – Medium
https://medium.com/asecuritysite-when-bob-met-alice/hidden-markov-model-for-insider-threat-detection-97a9a187ae6f
https://medium.com/asecuritysite-when-bob-met-alice/hidden-markov-model-for-insider-threat-detection-97a9a187ae6f
Medium
Hidden Markov Model For Insider Threat Detection
One of the most difficult threats to detect is the insider threat, especially when related to the detection to fraud. Normally we detect…
GitHub - Voorivex/pentest-guide: Penetration tests cases, resources and guidelines.
https://github.com/Voorivex/pentest-guide
https://github.com/Voorivex/pentest-guide
GitHub
GitHub - Voorivex/pentest-guide: Penetration tests guide based on OWASP including test cases, resources and examples.
Penetration tests guide based on OWASP including test cases, resources and examples. - Voorivex/pentest-guide
Analysis of a Chrome Zero Day: CVE-2019-5786 | McAfee Blogs
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
McAfee Blog
Cybersecurity News and Insights to Stay Safe Online | McAfee Blog
Welcome to the McAfee Blog, where we share posts about security solutions and products to keep you and your connected family safe online.
XSS in hidden input fields | Blog
https://portswigger.net/blog/xss-in-hidden-input-fields
https://portswigger.net/blog/xss-in-hidden-input-fields
PortSwigger Research
XSS in hidden input fields
At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it's behaving properly. Whilst doing this recently, Liam found a
GitHub - ivRodriguezCA/RE-iOS-Apps: A completely free, open source and online course about Reverse Engineering iOS Applications.
https://github.com/ivRodriguezCA/RE-iOS-Apps
https://github.com/ivRodriguezCA/RE-iOS-Apps
GitHub
GitHub - ivRodriguezCA/RE-iOS-Apps: A completely free, open source and online course about Reverse Engineering iOS Applications.
A completely free, open source and online course about Reverse Engineering iOS Applications. - ivRodriguezCA/RE-iOS-Apps
How I am able to hijack you. – InfoSec Write-ups – Medium
https://medium.com/bugbountywriteup/how-i-am-able-to-hijack-you-1cab793a01d1
https://medium.com/bugbountywriteup/how-i-am-able-to-hijack-you-1cab793a01d1
Medium
How I am able to hijack you.
or rather: How I am able to hijack your autosuggestions in Google Search.
GitHub - NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework
https://github.com/NationalSecurityAgency/ghidra
https://github.com/NationalSecurityAgency/ghidra
GitHub
GitHub - NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework
Ghidra is a software reverse engineering (SRE) framework - NationalSecurityAgency/ghidra
Xiaomi URL spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi? - Andmp | A blog about infosec, bug hunting and more!
https://www.andmp.com/2019/04/xiaomi-url-spoofing-w-ssl-vulnerability.html?m=1
https://www.andmp.com/2019/04/xiaomi-url-spoofing-w-ssl-vulnerability.html?m=1
Andmp | A blog about infosec, bug hunting and more!
Xiaomi URL Address Bar spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi?
Writeup and PoC for Xiaomi URL spoofing w/ SSL vulnerability or, CVE-2019-10875
Wordpress cve 2019 8942 · Issue #11587 · rapid7/metasploit-framework · GitHub
https://github.com/rapid7/metasploit-framework/pull/11587
https://github.com/rapid7/metasploit-framework/pull/11587
Bypassing Network Restrictions Through RDP Tunneling « Bypassing Network Restrictions Through RDP Tunneling | FireEye Inc
https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html
https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html
Google Cloud Blog
Bypassing Network Restrictions Through RDP Tunneling | Mandiant | Google Cloud Blog
GitHub - sailay1996/eternal-pulsar: Eternalblue-Doublepulsar without Metasploit or python
https://github.com/sailay1996/eternal-pulsar
https://github.com/sailay1996/eternal-pulsar
GitHub
GitHub - sailay1996/eternal-pulsar: Eternalblue-Doublepulsar without Metasploit or python
Eternalblue-Doublepulsar without Metasploit or python - GitHub - sailay1996/eternal-pulsar: Eternalblue-Doublepulsar without Metasploit or python