It chained the CVE-2019-11510 and CVE-2019-11539 to a preAuth RCE! We also demonstrate how to leverage the logon script feature to compromise back all the connected VPN clients!

More details can be found from the slides "Infiltrating Corporate Intranet Like…

Security Research. Contribute to mirchr/security-research development by creating an account on GitHub.

Datajack Proxy allows you to intercept TLS traffic in native x86 applications across platforms - GitHub - nccgroup/DatajackProxy: Datajack Proxy allows you to intercept TLS traffic in native x86 ap...

Purposely vulnerable Java application to help lead secure coding workshops - ScaleSec/vulnado

Let’s take a look at some essential OSINT resources plus recent developments in the areas of data, tooling, content and community.

I’ve been doing some crazy experiments on running an EXE as a DLL. Here are some parts of my research. Case #1 Let’s take a simple example like a MessageBox. [crayon-66755c969f20e947920713/] After …

Query-level race conditions can lead to serious but hard to find vulnerabilities in web applications.

I helped a colleague with a forensic analysis by extracting certificates from the Windows registry. In this blog post, we explain how to do this. The Windows registry contains binary blobs, contain…

Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to accomplish this by executing powershell.exe to run a base6…

netshell features all in version 2 powershell. Contribute to besimorhino/powercat development by creating an account on GitHub.

Confluence Server and Confluence Data Center Local File Disclosure(CVE-2019-3394) with Pocsuite3 by Knownsec 404 Team. https://www.seebug.org/vuldb/ssvid-98064

A cheatsheet with commands that can be used to perform kerberos attacks - kerberos_attacks_cheatsheet.md

Putting CVE-2019–15055 to Work