Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04 and 16.04) Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2018010018
https://cxsecurity.com/issue/WLB-2018010018
Cxsecurity
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04 and 16.04) Local Privilege Escalation - CXSecurity.com
Andrey Konovalov has realised a new security note Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04 and 16.04) Local Privilege Escalation
Forwarded from امنیت اطلاعات
Spiesexpose.pdf
1.3 MB
5 Practical Scenarios for XSS Attacks
https://pentest-tools.com/blog/xss-attacks-practical-scenarios/
https://pentest-tools.com/blog/xss-attacks-practical-scenarios/
WebExec - an authenticated RCE vulnerability in Cisco WebEx client
https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
PE Sec Info – A Simple Tool to Manipulate ASLR and DEP Flags
https://osandamalith.com/2018/10/24/pe-sec-info-a-simple-tool-to-manipulate-aslr-and-dep-flags/
https://osandamalith.com/2018/10/24/pe-sec-info-a-simple-tool-to-manipulate-aslr-and-dep-flags/
🔐Blog of Osanda
PE Sec Info – A Simple Tool to Manipulate ASLR and DEP Flags | 🔐Blog of Osanda
Recently I was interested in exploring the PE headers and writing simple programs to manipulate different headers. There are thousands of applications and code to be found on this topic. I started …
This media is not supported in your browser
VIEW IN TELEGRAM
To see the future clearly, you have to look to the past. #MrRobot
Capturing NetNTLM Hashes with Office [DOT] XML Documents
https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents/
https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents/
bohops
Capturing NetNTLM Hashes with Office [DOT] XML Documents
TL;DR An Office XML (.xml) document can call a remote XSL stylesheet over SMB. If this occurs against an attacker controlled server, the net-NTLM authentication hash (challenge/response) of t…
Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques
https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
Elastic Blog
Ten process injection techniques: A technical survey of common and trending process injection techniques
Process injection is a widespread defense evasion technique employed often within malware and fileless adversary tradecraft, and entails running custom code within the address space of another process...
Code injection on Windows using Python: a simple example
https://www.andreafortuna.org/programming/code-injection-on-windows-using-python-a-simple-example/
https://www.andreafortuna.org/programming/code-injection-on-windows-using-python-a-simple-example/
So Long, and Thanks for All the Fish
Code injection on Windows using Python: a simple example
Recently i had to perform some comparative tests on a couple of whitelisting solutions. One of the crucial step of the test was the proper functioning of memory monitoring feature, useful in case o…
Injecting Shellcode into a Remote Process with Python
https://www.christophertruncer.com/injecting-shellcode-into-a-remote-process-with-python/
https://www.christophertruncer.com/injecting-shellcode-into-a-remote-process-with-python/
Christopher Truncer's Website
Injecting Shellcode into a Remote Process with Python
In order to inject shellcode into a remote process, we’re going to have to interact with the Windows API, and it’s actually going to be fairly simple to do. To start off, you need to check that yo…