Telegram Web Link
bootg.com
»
United States
»
Information Security
» Telegram Web
Information Security
https://github.com/Hackplayers/evil-winrm
GitHub
GitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting
The ultimate WinRM shell for hacking/pentesting. Contribute to Hackplayers/evil-winrm development by creating an account on GitHub.
Information Security
https://infosecwriteups.com/abusing-ntlm-relay-and-pass-the-hash-for-admin-d24d0f12bea0?gi=95183a07a9d6
Medium
Abusing NTLM Relay and Pass-The-Hash for Admin
These techniques still hold their own in modern networks.
Information Security
https://github.com/cube0x0/MiniDump
GitHub
GitHub - cube0x0/MiniDump: C# Lsass parser
C# Lsass parser. Contribute to cube0x0/MiniDump development by creating an account on GitHub.
Information Security
http://blog.takemyhand.xyz/2021/07/hacking-on-xiaomis-android-apps.html
Information Security
https://twitter.com/nas_bench/status/1432781693279248390?s=20
Twitter
Nasreddine Bencherchali
By creating the key "telnet.exe" in the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths" registry and setting the "Default" key to any executable. We can call it by running the command: rundll32.exe url.dll,TelnetProtocolHandler
Information Security
https://twitter.com/sinwindie/status/1434878552126726145?s=20
Twitter
Sin
Decided to put to paper my #OSINT methodology for investigating IP Addresses that includes the common points of exploitation I look for to see what data I can squeeze out of them. Keep in mind not all targets will contain all data points.
Information Security
https://twitter.com/ptswarm/status/1435618157956370432?s=20
Twitter
PT SWARM
🚨
RCE on a backend IIS server via file upload with an atypical file extension.
📋
More community curated payloads can be found at github.com/swisskyrepo/Pa… #tipstoknow
Information Security
https://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a
Medium
Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444
Threat Actors Infrastructure (VT Analysis).
Information Security
https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/
Intezer
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Victims include telecommunications, government and financial institutions.
Information Security
https://www.mdsec.co.uk/2021/09/nsa-meeting-proposal-for-proxyshell/
MDSec
NSA Meeting Proposal for ProxyShell - MDSec
As part of Microsoft Exchange April and May 2021 patch, several important vulnerabilities were fixed which could lead to code execution or e-mail hijacking. Any outdated and exposed Exchange server...
Information Security
https://zenn.dev/ooooooo_q/books/rails_deserialize
Zenn
Deserialization on Rails
Ruby on Railsで使われているDeserializeとその危険性について調べたものをまとめました。
Information Security
https://blog.s1r1us.ninja/research/PP
blog.s1r1us.ninja
s1r1us - Prototype Pollution
Introduction
Information Security
https://medium.com/@_ip_/300-000-rce-wordpress-29700ad6a993
Medium
$300,000 RCE @ Wordpress
An analysis of the current state of Wordpress and whether the price tag is deserved.
Information Security
https://zero-s4n.hashnode.dev/fuzzing-websocket-messages-on-burpsuite
Sandeep Wawdane
Fuzzing WebSocket messages on Burpsuite
Hi everyone, in this article, I'll explain how to fuzz WebSocket messages using Burpsuite. I'll try to explain all things in detail yet more clearly.
This article will cover:
🚪
Introduction to WebSocket
⚙️
DVWS lab setup
📜
Ws-Harness script
⚙️
...
Information Security
https://dsec.ru/wp-content/uploads/2020/12/final_pres_media_files_hack.pdf
Information Security
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
PT SWARM
WinRAR’s vulnerable trialware: when free software isn’t free
In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application.…
Information Security
https://attackerkb.com/topics/VrYz48szMN/cve-2021-38648
AttackerKB
CVE-2021-38648 | AttackerKB
Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649
Information Security
https://posts.specterops.io/mimidrv-in-depth-4d273d19e148?gi=7a6660661a50
Medium
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
Mimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…
Information Security
https://www.embercybersecurity.com/blog/cve-2019-1378-exploiting-an-access-control-privilege-escalation-vulnerability-in-windows-10-update-assistant-wua
EmberSec
CVE-2019-1378: Exploiting an Access Control Privilege Escalation Vulnerability in Windows 10 Update Assistant (WUA)
Introduction Windows 10 is an incredibly feature rich Operating System (OS). In the last four years, the innovative folks at Microsoft have continued to introduce and expand functionality as well...
Information Security
https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html
Blogspot
Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over
Hello All! Long time since I have posted here :) As most of you know I am planning on writing up a lot of my research I have done through M...
2024/10/01 10:19:49
Back to Top
HTML Embed Code:
TW
HK
DE
US
CA
RU
NO
CN
UA
SG
YE
IN
SA
FR
IQ
UK
EG