#Java Deserialization: Misusing OJDBC for SSRF
https://agrrrdog.blogspot.com/2018/01/java-deserialization-misusing-ojdbc-for.html
#pentest
https://agrrrdog.blogspot.com/2018/01/java-deserialization-misusing-ojdbc-for.html
#pentest
Blogspot
Java Deserialization: Misusing OJDBC for SSRF
This year ZeroNights has got a new zone - Web Village. It was a special "track" for people who were interested in web security. The basic...
Layered and obfuscated PowerShell that injects a reverse TCP shell into memory.
https://pastebin.com/17GEj4eP
https://pastebin.com/17GEj4eP
Here is the report for CVE-2018-8373 exploit (Internet Explorer Memory Corruption Vulnerability)
https://app.any.run/tasks/d7ae8ea4-9767-44de-9784-b5cdb4ee1756
#exploit #malware #cve20188373
https://app.any.run/tasks/d7ae8ea4-9767-44de-9784-b5cdb4ee1756
#exploit #malware #cve20188373
app.any.run
http://cve-2018-8373.any.run/ - Interactive analysis - ANY.RUN
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
Just released a new #mimikatz version to support Windows 10 1803 to bypass the Credential Guard authentication chain
https://github.com/gentilkiwi/mimikatz/releases
#windows
#mimikatz
https://github.com/gentilkiwi/mimikatz/releases
#windows
#mimikatz
A personal favorite technique post-compromise, C# PoC for executing processes with a different PPID and retrieving output
https://github.com/leoloobeek/csharp
#windows
#csharp
https://github.com/leoloobeek/csharp
#windows
#csharp
GitHub
GitHub - leoloobeek/csharp: Various C# projects for offensive security
Various C# projects for offensive security. Contribute to leoloobeek/csharp development by creating an account on GitHub.
Forwarded from امنیت اطلاعات
poc-exploit.c
7.4 KB
Forwarded from امنیت اطلاعات
poc-suidbin.c
1.4 KB
JuicyPotato - A useful tool to Escalate from Windows Service Account to NT AUTHORITY\SYSTEM
ohpe.it/juicy-potato/
#windows
@sec_nerd_en
ohpe.it/juicy-potato/
#windows
@sec_nerd_en
a new metasploit post module for gathering information stored by #git. Pillage credentials, SSH keys, and locate internal git services for lateral moves.
https://bit.ly/2xFKIbe
#msf
https://bit.ly/2xFKIbe
#msf
ScriptBlock based functionnal AMSI bypass PoC tested today on a freshly updated #Windows10
https://pastebin.com/raw/iFVpKim5
https://github.com/kmkz/Pentesting/blob/master/Pentest-cheat-sheet
https://pastebin.com/raw/iFVpKim5
https://github.com/kmkz/Pentesting/blob/master/Pentest-cheat-sheet
Windows 10 Updates from September 2018 vs. Metasploit - Some fun with Windows Defender and Mimikatz
https://www.youtube.com/watch?v=cq-tgcmMHXU&feature=youtu.be
#windows
https://www.youtube.com/watch?v=cq-tgcmMHXU&feature=youtu.be
#windows
YouTube
Windows 10 dpdate from September 2018 vs. Metasploit
Windows 10 x86_64 ver 10..0.17134.286 build vs. Metasploit
Local policies restrictions/Defender/#AMSI bypass using WMI and p0wnedShell + Meterpreter session
https://cobbr.io/ScriptBlock-Logging-Bypass.html
https://cobbr.io/ScriptBlock-Logging-Bypass.html
Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
https://blog.rapid7.com/2018/09/26/password-tips-from-a-pen-tester-are-12-character-passwords-really-stronger-or-just-a-dime-a-dozen/
#msf
https://blog.rapid7.com/2018/09/26/password-tips-from-a-pen-tester-are-12-character-passwords-really-stronger-or-just-a-dime-a-dozen/
#msf
Rapid7
[Research] Password Best Practices: 12- vs. 8-Character Limits | Rapid7 Blog
The most common passwords are a variation of company name and "password" and the season/year. But what happens if we boost the password length requirement?