This article is about how I found a vulnerability on Apple forgot password endpoint that allowed me to takeover an iCloud account. The vulnerability is completely patched by Apple security team and it no longer works. Apple Security Team rewarded me $18,000…

.NET for post-exploitation is here to stay. It has been bundled with most C2 frameworks, common tools have been ported, AMSI has been added (then bypassed) and new and clever ways have been found to launch unmanaged code. The process of loading a .NET assembly…

Detectify Crowdsource ethical hackers found an undocumented authentication bypass in Adobe Experience Manager. Comments from Adobe added.

PayPal CSP Bypass <script type="application/x-component" data-component=paypal-checkout> alert(document.domain) </script> <script src="//www.paypalobjects.com/api/checkout.4.0.75.js"> </script>

Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…

After investigating Impacket, the Checkmarx Security Research Team discovered a Path Traversal vulnerability, which could allow an attacker to write malicious files to any path on the target and achieve Remote Code Execution (RCE).

Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation - HuskyHacks/ShadowSteal

EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode - boku7/HOLLOW

Blog: CVE-2021-31956 - Exploiting the Windows Kernel via NTFS with WNF – Part 1 by @alexjplaskett - research.nccgroup.com/2021/07/15/cve…

I was recently on an engagement where we phished in and ran into UAC which gave me more trouble than I expected. When a user logs onto Windows, a logon session is created and the credentials are ti…

Example of simple dll injection

The ultimate WinRM shell for hacking/pentesting. Contribute to Hackplayers/evil-winrm development by creating an account on GitHub.

These techniques still hold their own in modern networks.

C# Lsass parser. Contribute to cube0x0/MiniDump development by creating an account on GitHub.

By creating the key "telnet.exe" in the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths" registry and setting the "Default" key to any executable. We can call it by running the command: rundll32.exe url.dll,TelnetProtocolHandler

Decided to put to paper my #OSINT methodology for investigating IP Addresses that includes the common points of exploitation I look for to see what data I can squeeze out of them. Keep in mind not all targets will contain all data points.

🚨RCE on a backend IIS server via file upload with an atypical file extension. 📋More community curated payloads can be found at github.com/swisskyrepo/Pa… #tipstoknow