Found a service running as SYSTEM from the public folder. This by default grants permissions to everyone. Makes it trivial to use for privesc and persistence. May want to check, will show MS FW rules also. reg query HKLM\SYSTEM\CurrentControlSet\services…

Greetings,

Change monitoring app that checks the content of web pages in different periods. - al-sultani/url-tracker

Reflected Cross-Site Scripting happens when you provide a malicious javascript code to some input parsing functionality and due to lack of…

Metasploit’s Development Diaries series sheds light on how Rapid7’s offensive research team analyzes vulnerabilities as potential candidates for inclusion in Metasploit Framework.

During many Red Team Assessment, we use multiple agents to connect to our target network infrastructure. These agents connect to different…

Apache Kylin is an open source, distributed Analytical Data Warehouse for Big Data written in Java. It was originally developed by eBay and is used by global enterprises such as Cisco, Baidu and Xiaomi to analyze extremely large datasets. After a SQL injection…

This one is about an interesting behavior 🤭 I identified in cmd.exe in result of many weeks of intermittent (private time, every now and then) research in pursuit of some new OS Command Injection attack vectors.

So I was mostly trying to:

* find an encoding…

POC for cve-2019-1458. Contribute to Microsvuln/cve-2019-1458_POC development by creating an account on GitHub.

Digging deep into CIA Vault 7 documents to craft Proof-Of-Concept remote code execution for Cisco Catalyst switches

Update Sept. 24: auxiliary/admin/cisco/cisco_asa_extrabacon is now in the Metasploit master repo. There is support for the original ExtraBa...

10/20/20 Update: A new version of this software and associated blog can be found here



Executive summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a…

Dragging Reolink, kicking and screaming, into the light of the open-standards day

In this video we will look at reverse engineering and hacking the firmware encryption used on Moxa industrial control gateways using Ghidra.

Links:
Twitter: https://twitter.com/ghidraninja
Moxa W2150A: https://www.moxa.com/en/products/industrial-edge-co…

This is technical writeup for personal CTF challenge I create to show off my understading in hardware/IoT security testcases