Information Security – Telegram

Information Security

414 subscribers

157 photos

5 videos

9 files

2.28K links

Information Security News

we are @sec_nerd twin brother

Download Telegram

About

Blog

Apps

Platform

Information Security

414 subscribers

Information Security

Exploiting internal tomcat server with SSRF - Insomnihack teaser 2017 Web 50 writeup

https://blog.0daylabs.com/2017/01/22/smart-tomcat/

Exploiting internal tomcat server with SSRF - Insomnihack teaser 2017 Web 50 writeup

Exploiting internal tomcat server (with default credentials) using SSRF (Insomnihack teaser 2017 Web 50 writeup)

67 views19:25

Information Security

Known command-lines of fileless malicious executions.

https://github.com/chenerlich/FCL

GitHub - chenerlich/FCL: FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions - chenerlich/FCL

69 views19:27

Information Security

Red teamers, you can turn off Defender from admin powershell with ‘Set-MpPreference -DisableRealTimeMonitoring $true’ but it will result in a balloon notification for anyone logged on. Instead, use ‘Add-MpPreference -ExclusionPath “c:\temp”’ to silently add an exclusions folder.

74 views19:28

Information Security

#CVE-2018-14667 RichFaces Framework 3.X through 3.3.4 Expression Language (EL) injection

https://www.youtube.com/watch?v=HR7-nL5G91w

Poc of CVE-2018-14667 - Remote Code Execution in WebApps using Richfaces

PoC presented at Hackers to Hackers Conference 2018 (H2HC 2018)
More details in slides: https://www.slideshare.net/mobile/joaomatosff/a-little-bit-about-code-injection-in-webapplication-frameworks-cve201814667-h2hc-2018
CVE-2018-14667 is a Expression Language…

78 views18:47

Information Security

Active Directory Firewall Ports – Let’s Try To Make This Simple

https://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/

78 views18:47

Information Security

JSgen.py – bind and reverse shell JS code generator for SSJI in Node.js with filter bypass encodings

https://pentesterslife.blog/2018/06/28/jsgen/

96 views18:49

Information Security

Undetectable C# & C++ Reverse Shells

https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15

85 views18:33

Information Security

https://www.stormshield.com/relations-between-great-powers-becoming-strained-in-cyberspace/

The art of cyberwar and its international risks | Stormshield

After the land, the sea, the air and then space, the international climate is now stretching in cyberspace; but to what extent?

68 views15:01

Information Security

http://www.openrce.org/reference_library/files/reference/PE%20Format.pdf

72 views15:03

Information Security

http://www.openrce.org/articles/

69 views15:15

Information Security

http://www.openrce.org/articles/full_view/29

69 views15:16

Information Security

SILENTTRINITY. A post-exploitation agent powered by Python, IronPython, C#/.NET

https://github.com/byt3bl33d3r/SILENTTRINITY

81 views19:38

Information Security

XS-Searching Google’s bug tracker to find out vulnerable source code

https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549

XS-Searching Google’s bug tracker to find out vulnerable source code

Or how side-channel timing attacks aren’t that impractical

70 views17:58

Information Security

Active Directory Kill Chain Attack & Defense

https://github.com/infosecn1nja/AD-Attack-Defense/blob/master/README.md

75 views18:06

Information Security

https://twitter.com/benpturner/status/1064607825849196544

PoshC2 v4.5 now has 32bit -> 64bit migration using C# Pinvoke with Powershell! Thanks to @uint_ptr for his modification of Stephen Fewer's remote thread code from msf! https://t.co/WNTqhNpjHK https://t.co/uXAm9nfGJA

59 views18:35

Information Security

serverless datacenter

#fun

74 views19:01

Information Security

Luckystrike: An Evil Office Document Generator.

https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator

Luckystrike: An Evil Office Document Generator. - SynerComm

DerbyCon Tool Drop 2.0 Talk here. Luckystrike demo begins at 18:45. <tldr> Luckystrike is a PowerShell based generator of malicious .xls documents (soon to be .doc). All your payloads are saved into a database for easy retrieval & embedding into a new or…

57 views18:10

Information Security

Understanding the AD Account attributes - LastLogon, LastLogonTimeStamp and LastLogonDate

https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx

69 views18:14

Information Security

https://itsecx.fhstp.ac.at/wp-content/uploads/2018/11/02_Rene_Freingruber_Flying_under_the_radar_freingruber_v1.00.pdf

77 views12:18

Information Security

SMB Named Pipe Pivoting in Meterpreter

https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5

SMB Named Pipe Pivoting in Meterpreter

A hidden feature of Metasploit, is the ability to add SMB Named Pipe listeners in a meterpreter session to pivot on an internal network…

72 views19:01