CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesigning bypass.
https://github.com/bazad/blanket
#ios
@sec_nerd_en
https://github.com/bazad/blanket
#ios
@sec_nerd_en
GitHub
GitHub - bazad/blanket: CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape,…
CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesigning bypass. - bazad/blanket
Windows Process Injection: PROPagate
https://modexp.wordpress.com/2018/08/23/process-injection-propagate/
#windows
#exploit
@sec_nerd_en
https://modexp.wordpress.com/2018/08/23/process-injection-propagate/
#windows
#exploit
@sec_nerd_en
modexp
Windows Process Injection: PROPagate
Introduction In October 2017, Adam at Hexacorn published details of a process injection technique called PROPagate. In his post, he describes how any process that uses subclassed windows has the po…
Forwarded from vulners
Researcher Discloses New Zero-Day Affecting All Versions of Windows
A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline.
Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database Engine that could allow an attacker to remotely execute malicious code on any vulnerable Windows computer.
The Microsoft JET Database Engine, or simply JET (Joint Engine Technology), is a database engine integrated within several Microsoft products, including Microsoft Access and Visual Basic.
An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer.
Read More
ZDI Advisory
ActiveX Browser PoC
A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline.
Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database Engine that could allow an attacker to remotely execute malicious code on any vulnerable Windows computer.
The Microsoft JET Database Engine, or simply JET (Joint Engine Technology), is a database engine integrated within several Microsoft products, including Microsoft Access and Visual Basic.
An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer.
Read More
ZDI Advisory
ActiveX Browser PoC
cloudflare bypass material
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
http://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html
https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510
#web
#pentest
#bypass
#sqli
#xss
@sec_nerd_en
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
http://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html
https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510
#web
#pentest
#bypass
#sqli
#xss
@sec_nerd_en
Christophe Tafani-Dereeper
CloudFlair: Bypassing Cloudflare using Internet-wide scan data - Christophe Tafani-Dereeper
Cloudflare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or…
Attack Methods for Gaining Domain Admin Rights in Active Directory
https://adsecurity.org/?p=2362
#windows
#ad
@sec_nerd_en
https://adsecurity.org/?p=2362
#windows
#ad
@sec_nerd_en
Playing with CloudGoat part 1: hacking AWS EC2 service for privilege escalation
https://medium.com/@rzepsky/playing-with-cloudgoat-part-1-hacking-aws-ec2-service-for-privilege-escalation-4c42cc83f9da
#amazon
#aws
@sec_nerd_en
https://medium.com/@rzepsky/playing-with-cloudgoat-part-1-hacking-aws-ec2-service-for-privilege-escalation-4c42cc83f9da
#amazon
#aws
@sec_nerd_en
Medium
Playing with CloudGoat part 1: hacking AWS EC2 service for privilege escalation
This post is a beginning of “Playing with CloudGoat” series focused on hacking misconfigurations in AWS services. While today I’ll be…
Forwarded from امنیت اطلاعات
#Java Deserialization: Misusing OJDBC for SSRF
https://agrrrdog.blogspot.com/2018/01/java-deserialization-misusing-ojdbc-for.html
#pentest
https://agrrrdog.blogspot.com/2018/01/java-deserialization-misusing-ojdbc-for.html
#pentest
Blogspot
Java Deserialization: Misusing OJDBC for SSRF
This year ZeroNights has got a new zone - Web Village. It was a special "track" for people who were interested in web security. The basic...
Layered and obfuscated PowerShell that injects a reverse TCP shell into memory.
https://pastebin.com/17GEj4eP
https://pastebin.com/17GEj4eP
Here is the report for CVE-2018-8373 exploit (Internet Explorer Memory Corruption Vulnerability)
https://app.any.run/tasks/d7ae8ea4-9767-44de-9784-b5cdb4ee1756
#exploit #malware #cve20188373
https://app.any.run/tasks/d7ae8ea4-9767-44de-9784-b5cdb4ee1756
#exploit #malware #cve20188373
app.any.run
http://cve-2018-8373.any.run/ - Interactive analysis - ANY.RUN
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
Just released a new #mimikatz version to support Windows 10 1803 to bypass the Credential Guard authentication chain
https://github.com/gentilkiwi/mimikatz/releases
#windows
#mimikatz
https://github.com/gentilkiwi/mimikatz/releases
#windows
#mimikatz
A personal favorite technique post-compromise, C# PoC for executing processes with a different PPID and retrieving output
https://github.com/leoloobeek/csharp
#windows
#csharp
https://github.com/leoloobeek/csharp
#windows
#csharp
GitHub
GitHub - leoloobeek/csharp: Various C# projects for offensive security
Various C# projects for offensive security. Contribute to leoloobeek/csharp development by creating an account on GitHub.
Forwarded from امنیت اطلاعات
poc-exploit.c
7.4 KB
Forwarded from امنیت اطلاعات
poc-suidbin.c
1.4 KB
JuicyPotato - A useful tool to Escalate from Windows Service Account to NT AUTHORITY\SYSTEM
ohpe.it/juicy-potato/
#windows
@sec_nerd_en
ohpe.it/juicy-potato/
#windows
@sec_nerd_en