The Unusual Case of Open Redirection to AWS Security Credentials Compromise
https://medium.com/@logicbomb_1/the-unusual-case-of-open-redirection-to-aws-security-credentials-compromise-59acc312f02b
https://medium.com/@logicbomb_1/the-unusual-case-of-open-redirection-to-aws-security-credentials-compromise-59acc312f02b
Medium
The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise
Hi All,
GitHub - Leviathan36/trigmap: A wrapper for Nmap to automate the pentest
https://github.com/Leviathan36/trigmap
https://github.com/Leviathan36/trigmap
GitHub
GitHub - Leviathan36/trigmap: A wrapper for Nmap to quickly run network scans
A wrapper for Nmap to quickly run network scans. Contribute to Leviathan36/trigmap development by creating an account on GitHub.
Hunting COM Objects « Hunting COM Objects | FireEye Inc
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html
Google Cloud Blog
Hunting COM Objects | Mandiant | Google Cloud Blog
Kerberos (I): How does Kerberos work? - Theory - Tarlogic Security - Cyber Security and Ethical hacking
https://www.tarlogic.com/en/blog/how-kerberos-works/
https://www.tarlogic.com/en/blog/how-kerberos-works/
Tarlogic Security
Kerberos (I): How does Kerberos work? - Theory
The objective of this posts is to clarify how Kerberos works, more than just introducing kerberos attacks. Basic kerberos theory explained
Kerberos (II): How to attack Kerberos? – Tarlogic Security – Cyber Security and Ethical hacking
https://www.tarlogic.com/en/blog/how-to-attack-kerberos/?amp&__twitter_impression=true
https://www.tarlogic.com/en/blog/how-to-attack-kerberos/?amp&__twitter_impression=true
Tarlogic - Ciberseguridad, Ciberinteligencia y RedTeam
Kerberos (II): ¿Como atacar Kerberos?
Introducción
En este artículo de Kerberos, se mostraran algunos ataques contra el protocolo. En caso de necesitar refrescar los conceptos en que se basan estos ataques, se recomienda leer primero la primera parte sobre teoría de Kerberos.El post se divide…
En este artículo de Kerberos, se mostraran algunos ataques contra el protocolo. En caso de necesitar refrescar los conceptos en que se basan estos ataques, se recomienda leer primero la primera parte sobre teoría de Kerberos.El post se divide…
Need to know the internal AD Domain name from outside? Find their Skype or Lync server and then:
nmap -p443 --script http-ntlm-info --script-args http-ntlm-info.root=/WebTicket/WebTicketService.svc skype.example.local
nmap -p443 --script http-ntlm-info --script-args http-ntlm-info.root=/WebTicket/WebTicketService.svc skype.example.local
How does Apple (privately) find your offline devices? – A Few Thoughts on Cryptographic Engineering
https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/amp/
https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/amp/
A Few Thoughts on Cryptographic Engineering
How does Apple (privately) find your offline devices?
At Monday’s WWDC conference, Apple announced a cool new feature called “Find My”. Unlike Apple’s “Find my iPhone”, which uses cellular communication and the lost…
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code – modexp
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/amp/?__twitter_impression=true
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/amp/?__twitter_impression=true
modexp
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
Introduction Previous Research AMSI Example in C AMSI Context AMSI Initialization AMSI Scanning CLR Implementation of AMSI AMSI Bypass A (Patching Data) AMSI Bypass B (Patching Code 1) AMSI Bypass …
Exploring Mimikatz - Part 2 - SSP
https://blog.xpnsec.com/exploring-mimikatz-part-2/amp/?__twitter_impression=true
https://blog.xpnsec.com/exploring-mimikatz-part-2/amp/?__twitter_impression=true
XPN InfoSec Blog
Exploring Mimikatz - Part 2 - SSP
If you haven't had a chance to check it out, take a look here. Continuing on, in this post we will review what has become a nice way of subverting security controls added by Microsoft to prevent dumping of credentials, as well as extracting credentials as…
GitHub - The-Cracker-Technology/ANDRAX-Mobile-Pentest: ANDRAX The first and unique Penetration Testing platform for Android smartphones
https://github.com/The-Cracker-Technology/ANDRAX-Mobile-Pentest/
https://github.com/The-Cracker-Technology/ANDRAX-Mobile-Pentest/
GitHub - Sheisback/CVE-2019-0859-1day-Exploit: CVE-2019-0859 1day Exploit
https://github.com/Sheisback/CVE-2019-0859-1day-Exploit
https://github.com/Sheisback/CVE-2019-0859-1day-Exploit
GitHub
GitHub - Sheisback/CVE-2019-0859-1day-Exploit: CVE-2019-0859 1day Exploit
CVE-2019-0859 1day Exploit. Contribute to Sheisback/CVE-2019-0859-1day-Exploit development by creating an account on GitHub.
Magic Unicorn v3.8 released.
Adds noexit randomization, python3 fixes and support and auto check for 64 bit shellcode.
https://t.co/tYdDIjWTVv
Adds noexit randomization, python3 fixes and support and auto check for 64 bit shellcode.
https://t.co/tYdDIjWTVv
GitHub
trustedsec/unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique...
If you use #BurpSuite and Firefox, your Burp probably catches a bunch of distracting Firefox traffic like captive portal detection, OCSP, update checks etc.
To have this traffic bypass burp proxy, you can use FoxyProxy allow/deny lists. My config is at: https://t.co/Z6K9ybGO59
To have this traffic bypass burp proxy, you can use FoxyProxy allow/deny lists. My config is at: https://t.co/Z6K9ybGO59
Gist
foxyproxy.json
GitHub Gist: instantly share code, notes, and snippets.
Subdomain Takeover:-
Part 1:- Basics.
https://t.co/mFjrw7npbN
Part 2:- Thoughts on Risks.
https://t.co/rxVrRJBxiL
Part 3:- Going beyond CNAME.
https://t.co/8LshILQWLB
Part 1:- Basics.
https://t.co/mFjrw7npbN
Part 2:- Thoughts on Risks.
https://t.co/rxVrRJBxiL
Part 3:- Going beyond CNAME.
https://t.co/8LshILQWLB
Patrik Hudak
Subdomain Takeover: Basics
Although I have written multiple posts about subdomain takeover, I realized that there aren't many posts covering basics of subdomain takeover and the whole "problem statement." This post aims to explain (in-depth) the entire subdomain takeover problem once…
Userrecon : Find Usernames Across Over 75 Social Networks : https://t.co/b3GqeHIiYy
GitHub
thelinuxchoice/userrecon
Find usernames across over 75 social networks. Contribute to thelinuxchoice/userrecon development by creating an account on GitHub.
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin - dirkjanm.io
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/
dirkjanm.io
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin
Earlier this week, Microsoft issued patches for CVE-2019-1040, which is a vulnerability that allows for bypassing of NTLM relay mitigations. The vulnerability was discovered by Marina Simakov and Yaron Zinar (as well as several others credited in the Microsoft…
Using Nmap to extract Windows host and domain information via RDP | Faded Lab
https://fadedlab.wordpress.com/2019/06/13/using-nmap-to-extract-windows-info-from-rdp/
https://fadedlab.wordpress.com/2019/06/13/using-nmap-to-extract-windows-info-from-rdp/
Faded Lab
Using Nmap to extract Windows host and domain information via RDP
I’ve recently spent some time in various code bases working on Windows RDP related discovery. This post is going to talk about using a new Nmap script, rdp-ntlm-info.nse, against RDP services…