Mobile Pentesting with FRIDA
[SLIDES] https://t.co/APhEluWkYa
[SLIDES] https://t.co/APhEluWkYa
Google Docs
frida_nn2019.pdf
Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution (will remian unpatched due to EOL) : https://t.co/RC9UAZIV1M
Fortinet Blog
Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution
FortiGuard Labs has discovered an unauthenticated command injection vulnerability in D-Link products that could lead to Remote Code Execution (RCE) upon successful exploitation. Learn more.…
WhatsApp GIF RCE on #android ---> https://t.co/ufQBRi6yMw (poc code in c)
note you will need memory leak vuln in order to have a full remote exploit. This is a local exploit where you have to figure out the address manually.
note you will need memory leak vuln in order to have a full remote exploit. This is a local exploit where you have to figure out the address manually.
GitHub
dorkerdevil/CVE-2019-11932
double-free bug in WhatsApp exploit poc. Contribute to dorkerdevil/CVE-2019-11932 development by creating an account on GitHub.
This aggressor script adds three UAC bypass techniques to Cobalt Strike's interface + beacon console. These include:
https://t.co/zX43xhDGlX
https://t.co/zX43xhDGlX
GitHub
RhinoSecurityLabs/Aggressor-Scripts
Aggregation of Cobalt Strike's aggressor scripts. Contribute to RhinoSecurityLabs/Aggressor-Scripts development by creating an account on GitHub.
🔥 CVE-2019-14287
A flaw in Sudo—that comes installed on almost every #Linux OS—could let users run commands as "root" even when they're restricted.
Details ➤ https://t.co/NeFvITBR73
How? Just by specifying user ID "-1" or "4294967295" in the command instead of the root.
A flaw in Sudo—that comes installed on almost every #Linux OS—could let users run commands as "root" even when they're restricted.
Details ➤ https://t.co/NeFvITBR73
How? Just by specifying user ID "-1" or "4294967295" in the command instead of the root.