https://medium.com/@reegun/unsanitized-file-validation-leads-to-malicious-payload-download-via-office-binaries-202d02db7191
#Microsoft Office binaries #winword #excel #powerpnt added to #lolbas || #lolbin
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Winword/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Powerpnt/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Excel/
#Microsoft Office binaries #winword #excel #powerpnt added to #lolbas || #lolbin
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Winword/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Powerpnt/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Excel/
Medium
Unsanitized file validation leads to Malicious payload download via Office binaries.
As a part of finding vulnerable endpoints to improve defence, I used to reckon legitimate binaries on any chance of masking for payload…
https://github.com/OWASP/Amass
OWASP Amass Tip
For ASNs:
amass intel -org OrgName
For domain names:
amass intel -active -asn n1,n2
For subdomains and infrastructure:
amass enum -src -ip -df domains.txt
OWASP Amass Tip
For ASNs:
amass intel -org OrgName
For domain names:
amass intel -active -asn n1,n2
For subdomains and infrastructure:
amass enum -src -ip -df domains.txt
GitHub
GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discovery
In-depth attack surface mapping and asset discovery - owasp-amass/amass
This media is not supported in your browser
VIEW IN TELEGRAM
Henry Chen
@chybeta
CVE-2019-8451 Unauthorized SSRF via REST API /plugins/servlet/gadgets/makeRequest
use @ to bypass the whitelisting !
https://jira.atlassian.com/browse/JRASERVER-70001?filter=13085
@chybeta
CVE-2019-8451 Unauthorized SSRF via REST API /plugins/servlet/gadgets/makeRequest
use @ to bypass the whitelisting !
https://jira.atlassian.com/browse/JRASERVER-70001?filter=13085
vb5.py
820 B
# vBulletin 5.x 0day pre-auth RCE exploit
#
# This should work on all versions from 5.0.0 till 5.5.4
#
# This should work on all versions from 5.0.0 till 5.5.4
Information Security
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
GitHub
GitHub - pinnace/burp-jwt-fuzzhelper-extension: JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing.
JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing. - pinnace/burp-jwt-fuzzhelper-extension
bypass360mimikatz_x64:--
Method: change resources, add a digital signature
Unzip password: 6613kris
https://github.com/ianxtianxt/bypass360mimikatz_x64
Method: change resources, add a digital signature
Unzip password: 6613kris
https://github.com/ianxtianxt/bypass360mimikatz_x64
GitHub
GitHub - ianxtianxt/bypass360mimikatz_x64
Contribute to ianxtianxt/bypass360mimikatz_x64 development by creating an account on GitHub.