IT Security Mini Blogposts
Categories
miniblog
- How to launch Command Prompt and powershell from MS Paint
- Ouch! Oracle Java licensing switches to employee count metric
- CactusCon 2023: BloodHound Unleashed
- F5 hat Schwachstelle in BigIP, ermöglicht Übernahme der Geräte
- Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)
- Relaying PetitPotam/printerbug gegen LDAPS (Resource-based Constrained Delegation)
- Lapsus Timeline Sitel/SYKES breach
- Nexus Dashboard Fabric Controller (aka DCNM) again w/ unauth web-to-root chain
- BadSectorLabs.com
- Spring Framework
- Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All
- CVE-2022-27666: Exploit esp6 modules in Linux kernel
- ABC-Code Execution for Veeam | CVE-2022-26503 , CVE-2022-26504, CVE-2022-26500
- A Spectre proof-of-concept for a Spectre-proof web
- Excel XLSB vs XLSX file format. The Pros and Cons of XLSB Files
- LDAP relays for initial foothold in dire situations
- Pwn2Own Tokyo 2020: Defeating the TP-Link AC1750 - CVE-2021-27246.
- Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
- Leak: Immunity CANVAS 7.26
- D-Link DAP-2020 PreAuthRCE - CVE-2021-27249, CVE-2021-27250
- CVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi
- Windows DNS Server unauth RCE - SIGRed - CVE2020-1350
- Exchange RCE - CVE-2021-26855 - ProxyLogon
- Spectre exploits in the "wild"
- The most common on premises vulnerabilities & misconfigurations - CNs
- AV Evasion via SysWhispers2 and more
- PPLDump Revival
- The Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys
- HTB: Late
- Pokémon Shellcode Loader
- Efficient Infrastructure Testing
- Analysing LastPass, Part 1
- Userland Execution of Binaries Directly from Python
- Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
- Pwning ManageEngine — From Endpoint to Exploit
- D/Invoke & GadgetToJScript
- Subdomain Enumeration Tool Face-off 2022
- widespread malware attack on github
- Palo Alto Firewall / VPN RCE with default Key
- Know Your AD Vulnerability: CVE-2022-26923
- Evilginx, meet BITB
- McAfee Agent könnte als Schlupfloch für Schadcode dienen
- AtomPePacker : A Highly Capable Pe Packer
- Living off the land, AD CS style
- Bitbucket Server and Data Center Advisory 2022-08-24
- But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
- Seventh Inferno vulnerability (some NETGEAR smart switches)
- Linux Kernel Exploit (CVE-2022-32250) with mqueue
- Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
- Securing Developer Tools: Argument Injection in Visual Studio Code
- Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
- Bypassing AppLocker by abusing HashInfo
- FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
- Replicant: Reproducing a Fault Injection Attack on the Trezor One
- Continuous access evaluation - Azure
- PXEThief - Pulling Passwords out of Configuration Manager
- Evading Detection: A Beginner's Guide to Obfuscation
- Emotet malware is back and rebuilding its botnet via TrickBot
- CVE-2022-35742 - Outlook DoS
- DirtyCred
- HTB: OpenSource
- What can we learn from leaked Insyde's BIOS for Intel Alder Lake
- Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
- Detecting and preventing LSASS credential dumping attacks
- Comparing Semgrep and CodeQL
- Capturing Detection Ideas to Improve Their Impact
- Killing Microsoft Defender for Endpoint - via MsMpLics.dll
- Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style
- TP-Link TL-WR840N EU v5 Remote Code Execution
- FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug - CVE-2022-23090
- Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)
- Critical Samba bug could let anyone become Domain Admin – patch now!
- VulnerabilitiesDataImport
- Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
- Researching Open Source apps for XSS to RCE flaws
- Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
- ShadowSpray - AD Shadowcredentials AtTack
- The secrets of Schneider Electric’s UMAS protocol
- Fun with PowerShell – Executing commands with DNS requests
- Blacksmith - Rowhammer bit flip attack
- Chromium based Browser SSL/TLS Error Bypass
- Zyxel authentication bypass patch analysis (CVE-2022-0342)
- GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7 - CVE-2022-1162.
- Ransomware Gang Abused Microsoft Certificates to Sign Malware
- Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
- Escalating from Logic App Contributor to Root Owner in Azure
- Traitor - Linux LPE
- Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
- Branch History Injection - SpectreV2-BHI
- CVE-2022-22005 Microsoft Sharepoint RCE - authenticated
- chrome://net-export
- Put an io_uring on it: Exploiting the Linux Kernel - CVE-2021-41073
- TLStorm - Three critical vulnerabilities discovered in APC Smart-UPS devices
- Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
- Masterpiece Video about DRAM. Low level!
- vmware-authd-EoP
- The Dirty Pipe Vulnerability
- 2021 Year In Review - The DFIR Report
- CVE-2022-24990: TerraMaster TOS unauthenticated remote command execution via PHP Object Instantiation
- Abusing Kerberos Constrained Delegation without Protocol Transition
- AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
- Obfuscating Malicious, Macro-Enabled Word Docs
- Security wall of S7CommPlus - Part 1
- HTB: Hancliffe
- Escaping privileged containers for fun
- Raidforum beschlagnahmt
- LSASS dumping in 2021/2022 - from memory - without C2
- Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
- The Discovery and Exploitation of CVE-2022-25636
- Google & Apache Found Vulnerable to GitHub Environment Injection
- Security tools showcased at Black Hat USA 2021
- #Conti playbook in a (google) translated, safe pdf:
- HTB: Proper
- Déjà vu-lnerability
- MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
- Get root on macOS 13.0.1 with CVE-2022-46689 - macOS Dirty Cow bug
- I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
- How to Hack APIs in 2021
- Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273)
- Fontuscator - Text Obfuscation with custom Font
- CVE-2022-46908 - SQLite --safe context bypass
- PostDump - C# Implementierung von Nanodump
- A JOURNEY TO PWN AND OWN THE SONOS ONE SPEAKER
- Messing with slash-proc
- An ACE Up the Sleeve:Designing Active Directory DACL Backdoors
- HTB Business CTF Write-ups
- DEF CON 29: Vulnerability Exchange: One Domain Account for More Than Exchange Server RCE
- CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
- Evading Detection: A Beginner's Guide to Obfuscation
- DEF CON 29 - Jacob Baines - Bring Your Own Print Driver Vulnerability
- A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
- CVE-2022-28672 - Foxit PDF Reader - Use after Free - Remote Code Execution Exploit
- The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users
- Missing Bricks: Finding Security Holes in LEGO APIs
- NIST Retires SHA-1 Cryptographic Algorithm
- Spoofing Microsoft 365 Like It’s 1995
- StealthHook - A method for hooking a function without modifying memory protection
- CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
- Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)
- HTB: Devzat
- ACSESSED: Cross-tenant network bypass in Azure Cognitive Search
- Notice of Recent Security Incident - Lastpass
- Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
- SNMP… Strings Attached!
- Stealing Chrome cookies without a password
- Windows Privilege Escalation: Server Operator Group
- The Cyber Plumber's Handbook
- CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF
- Better Make Sure Your Password Manager Is Secure
- MSI Shenanigans. Part 1 – Offensive Capabilities Overview
- Okta says its GitHub account hacked, source code stolen
- 10 ways of gaining control over Azure function Apps
- Comparison of reverse image searching in popular search engines [OSINT hints]
- HTB: CrossFitTwo
- HTB: Epsilon
- Multiple vulnerabilities in FortiManager version 6.4.5
- OpenSSL - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
- CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability
- Exchange Server GetWacInfo Information Disclosure Vulnerability - CVE-2022-24463
- HTB: Ransom
- BITB - Browser templates for Browser In The Browser (BITB) attack
- Three Lessons From Threema: Analysis of a Secure Messenger
- CentOS 7 webpanel unauthenticated RCE - CVE-2022-44877
- The OWASSRF + TabShell exploit chain
- Fortinet music video "Firewall"
- Unauth RCE VEEAM - CVE-2022-26500 | CVE-2022-26501
- Decrypting Viscosity Passwords
- It’s Not You! Windows Security Logs Don’t Make Sense
- Maelstrom: Static OpSec Review
- A Detailed Guide on httpx
- Group3r - AD GPO Enumeration Tool
- ConPtyShell - Windows Reverse-Shell
- Circumventing Browser Security Mechanisms For SSRF
- Racing against the clock -- hitting a tiny kernel race window
- TCC ClickJacking
- Azure Dominance Paths - Attackmap
- Okta Service Hacked by Lapsus, Gained Superuser Access
- Initial Access - Right-To-Left Override [T1036.002]
- HTB: Stacked
- CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM
- Bypassing UAC in the most Complex Way Possible!
- SAM und SECURITY für normale Nutzer unter Windows 10 lesbar
- Active Directory Enumeration: PowerView
- Remote Potato - Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
- Azure AD Pass The Certificate - Lateral Movement in Azure
- SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718)
- Exploring Windows UAC Bypasses: Techniques and Detection Strategies
- Citrix Injection - DLL Injections via Ctx64Injector64
- TOOL: SharpRDP
- Tech-support-scams für infosec
- NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack
- Maelstrom: EDR Kernel Callbacks, Hooks, and Call Stacks
- Snaffler und Group3r inlineExecuteAssembly
- A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
- Shadow Credentials - AD
- Advanced-Process-Injection-Workshop by CyberWarFare Labs
- Chrome 0.5day - RCE
- Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
- GitLab <13.9.4 RCE via unsafe inline Kramdown options when rendering certain Wiki pages
- CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability
- Ubuntu OverlayFS - EoP
- HTTP/3 connection contamination: an upcoming threat?
- NAME:WRECK - IoT DNS Exploits
- From 0 to RCE: Cockpit CMS
- PulseSecure VPN RCE - Aktiv Angegriffen
- Finding Buried Treasure in Server Message Block (SMB)
- Named-Pipe-PTH - Lokale User impersonierung
- Lateral Movement – WebClient - Windows ADs
- Ubuntu Desktop Exploit - Pwn2Own 2021 Local Escalation of Privilege Category
- Process Ghosting - Windows
- persistence-info.github.io
- CVE-2021-42287/CVE-2021-42278 Weaponisation
- A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
- LOG4J2-3201 - Limit the protocols JNDI can use by default.
- Javascript RegEx bypass
- Relaying Kerberos only using native Windows
- Introducing BloodHound 4.1 — The Three Headed Hound
- 🔥Top 10 web hacking techniques of 2021🔥
- How Docker Made Me More Capable and the Host Less Secure - CVE-2021-41091
- Heap tricks never get old - Insomni'hack teaser 2022
- Object Overloading - Windows
- HOW TO HACK "THE MAINFRAME" ! (for real)
- QNAP removes backdoor account in NAS backup, disaster recovery app
- Microsoft Office Online Server Remote Code Execution
- Cyberchef
- Recognizing patterns in memory
- CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
- Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
- Introducing Decompiler Explorer
- Koh: The Token Stealer
- Retbleed: Arbitrary Speculative Code Execution with Return Instructions
- iscsicpl autoelevate DLL Search Order hijacking UAC Bypass 0day
- Fakesign Binaries to bypass AVs/EDR
- rundll32.exe keymgr.dll, KRShowKeyMgr - Read stored credentials
- A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
- I feel a draft. Opening the doors and windows - 0-click RCE on the Tesla Model3
- CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel
- Firejail: private-cwd leaks access to the entire filesystem #4780
- Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida
- Web App Pen Testing in an Angular Context
- Networking VMs for HTB
- SPN-jacking: An Edge Case in WriteSPN Abuse
- Workplace by Facebook | Unauthorized access to companies environment — $27,5k
- SiSyPHuS Win10: Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10
- Hacking the Furbo Dog Camera: Part I
- Anatomy of how you get pwned
- CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
- Detecting and annoying Burp users
- CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
- Introducing Pretender - Your New Sidekick for Relaying Attacks
- Ubuntu accountsservice CVE-2021-3939 (GHSL-2021-1011)
- Lansweeper lansweeper - Multiple Vulnerabilities
- Windows Server 2016 - EOL
- Issue 100: Platform certificates used to sign malware
- Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access
- Stalking inside of your Chromium Browser - Revisiting Remote Debugging
- Visual Studio Code: Remote Code Execution
- CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection
- Looting iOS App’s Cache.db
- Malware triage in 30 minutes or how to get infected when browsing google
- ChatGPT - OpenAI
- Openredirect www.google.com - Phishing
- Microsoft Defender for Identity Encrypted Password
- Web browsers drop mysterious company with ties to U.S. military contractor
- Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) - LPE Ubuntu
- FreeBSD-SA-22:15. Stack overflow in ping(8) - CVE-2022-23093
- Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 - CVE-2022-36431
- Car Hacking - SiriusXM Telemetry
- Outdated JavaScript engine leads to RCE in Foxit PDF Reader
- I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit
- Looting Microsoft Configuration Manager
- The art and science of modern hacking - Humblebundle
- Exactly what you’re looking for - Github Code Search allows RegEx
- A Confused Deputy Vulnerability in AWS AppSync
- macOS Sandbox Escape vulnerability via Terminal
- Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE-2021-38666)
- HTB: CarpeDiem
- SysmonEoP - CVE-2022-41120
- A phishing document signed by Microsoft – part 1
- SMTP Matching Abuse in Azure AD
- Android App Hacking Workshop
- Why is Exposing the Docker Socket a Really Bad Idea?
- Debugging Protected Processes
- Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
- Pre-Auth RCE with CodeQL in Under 20 Minutes
- Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway
- CertPotato – Using ADCS to privesc from virtual and network service accounts to local system
- Sniffing SSH Passwords
- Internet Explorer 0-day exploited by North Korean actor APT37
- Issue 2346: Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP - CVE-2022-41057
- Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
- Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)
- Azure temporary passwords - Eingeschränkter Zeichenraum
- HardeningKitty and Windows 10 Hardening
- Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
- Citrix SSON Credential Leak
- CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
- [ENG] Creating a loader PoC using various languages
- Scavenger: Misuse Error Handling Leading To QEMU/KVM Escape
- CVE-2020-28018: Exim Use-after-free (UAF) leading to RCE
- Shodan 201: Rummaging Around The Internet
- Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack
- PlumHound Reporting Engine for BloodHoundAD
- Cool vulns don't live long - Netgear and Pwn2Own
- Secret Backdoors Found in German-made Auerswald VoIP System
- CVE-2022-22536 - SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22536
- Dumping Plaintext RDP credentials from svchost.exe
- Azure AD Certificate-Based Authentication now in Public Preview
- NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
- Never, Ever, Ever Use Pixelation for Redacting Text
- Where's the Interpreter!? (CVE-2021-30853) - MacOS Security Bypass
- From Backup Operator To Domain Admin
- Issue 2319: Cisco Jabber: XMPP Stanza Smuggling with stream:stream tag - CVE-2022-20917
- Advisory: Western Digital My Cloud Pro Series PR4100 RCE
- Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
- Cache Poisoning at Scale
- Responder and IPv6 attacks
- Lsass Shtinkering
- Building A Virtual Machine inside ChatGPT
- Hijacking GitHub Repositories by Deleting and Restoring Them
- How to mimic Kerberos protocol transition using reflective RBCD
- Top 10 web hacking techniques of 2021 - nominations open
- Issue 2223: Zoom: Buffer overflow when processing chat messages
- Enumeration and lateral movement in GCP environments
- Turning bad SSRF to good SSRF: Websphere Portal
- Converting C# Tools to PowerShell
- A defender’s view inside a DarkSide ransomware attack
- Write Windows Shellcode in Rust
- Driver-Based Attacks: Past and Present - BYOVD - Windows
- OfflineSAM Modification - Offline Attack Windows (Fremdbooten)
- Eliminating Dangling Elastic IP Takeovers with Ghostbuster
- Dropping Files on a Domain Controller Using CVE-2021-43893
- SCCM passwords & #mimikatz
- CVE‑2021‑1079 – NVIDIA GeForce Experience Command Execution
- HTB: AdmirerToo
- Public penetration testing reports
- CVE-2021-21551 - Dell Command Update via DBUtil_2_3
- MS-FSRVP abuse (ShadowCoerce)
- Fixing the Unfixable: Story of a Google Cloud SSRF
- 🔥KrbRelay - Kerberos relaying C#🔥
- Another Log4j on the fire: Unifi
- HTB: LogForge
- The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
- PHP LFI with Nginx Assistance
- Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs
- Dirty Vanity - Shellcode Execution via Process Forks
- Arbitrary Code Execution via v8 Javascript Engine
- HTB: Outdated
- Responsible Red Teaming - Operate with Honor - Free Course
- Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
- Issue 1252074: Security: ChromeOS root command persistence
- Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
- From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
- Windows Command-Line Obfuscation
- RemotePotato0
- HTB: Armageddon
- SuperSneakyExec - C# Shellcode Runner without PInvoke
- Diving into pre-created computer accounts
- SQL Injection in Wordpress core (CVE-2022–21661)
- The Mac Malware of 2021 👾
- Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
- EDR Parallel-asis through Analysis
- Insecure Comments - MS Office
- CVE-2021-20038 - SonicWall VPN RCE
- Microsoft Cybersecurity Reference Architectures
- HTB: EarlyAccess
- Microsoft is making it harder to steal Windows passwords from memory
- AD PKI #ESC8 in Kombination mit PetitPotam
- Exploited Windows zero-day lets JavaScript files bypass security warnings
- CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable
- Using OpenAI Chat to Generate Phishing Campaigns
- ReverseRDP_RCE - Windows RDP RCE auf Client
- Cisco Prime 3.9.1 - RCE
- Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)
- Steal Credentials & Bypass 2FA Using noVNC
- nrich - Shodan API Tool (Portscan)
- Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!
- HTB: Bolt
- ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images. - CVE-2021-22204
- The Curious Case of the Password Database - ManageEngine’s Password Manager Pro
- PNG Parser Differential - Apple <-> NonApple
- the XSS Rat - Course Material
- HTB: Attended
- Assessing Standalone Managed Service Accounts
- Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
- Precious Gemstones: The New Generation of Kerberos Attacks
- Yes, fun browser extensions can have vulnerabilities too!
- Blackswan Technical Writeup (PDF) - Windows LPE
- Want to try to decode SCCM passwords in SC_UserAccount table with #mimikatz ?
- A physical graffiti of LSASS: getting credentials from physical memory for fun and learning
- Honeysploit: Exploiting the Exploiters
- letme.go – A minimalistic Meterpreter stager written in Go
- Rogue Assembly Hunter
- HTB: Static
- RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
- AD CS
- VMWare Horizon anfällig für log4shell
- Statistik über Ransomware Ergebnisse
- INFRA:HALT
- Microsoft verbessert Schutz gegen Makros ab April
- ASR schützt LSASS Prozess gegen auslesen
- Follina — a Microsoft Office code execution vulnerability
- Windows 11 enthält kein WMIC mehr
- Stealing a few more GitHub Actions secrets
- Remote Code Execution in pfSense <= 2.5.2
- Rubeus 2.0
- Identifying Bugs in Router Firmware at Scale with Taint Analysis
- Variant analysis of the ‘Sequoia’ bug
- A pinch of XLL and a splash of rust has the potential to be a sharp combination
- AD CS – The Basics
- From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator
- Blackhat: Diving in to spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer.
- CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
- Blackhat: Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
- DEFCON : Response Smuggling: Pwning HTTP/1.1 Connections
- Blackhat: HTTP/2: The Sequel is Always Worse
- SameSite: Hax – Exploiting CSRF With The Default SameSite Policy
- 🔥Relaying Kerberos over DNS using krbrelayx and mitm6🔥
- Find You: Building a stealth AirTag clone
- Horde Webmail 5.2.22 - Account Takeover via Email
- The Ultimate Guide to Phishing
- Universal Privilege Escalation and Persistence – Printer
- The path to code execution in the era of EDR, Next-Gen AVs, and AMSI
- Graphischer UAC Bypass - msconfig
- From Stolen Laptop to Inside the Company Network
- Welcome to Bug Hunter University
- AWS ECR Public Vulnerability
- FindUncommonShares - AD SMB enumeration
- Linux kernel Use-After-Free (CVE-2021-23134) PoC.
- Microsoft Wont-Fix-List
- If anybody is bored - can you recreate #HiveNightmare in a 240 or less character PowerShell tweet?
- Fantastic Windows Logon types and Where to Find Credentials in Them
- Decrypting SMB3 Traffic with just a PCAP? Absolutely (maybe.)
- NTLM relaying to AD CS - On certificates, printers and a little hippo
- Blind exploits to rule WatchGuard firewalls
- New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
- macOS Red Teaming: Get Active Directory credentials from NoMAD
- Build your own WiFi Pineapple Tetra for $7!
- Kernel Pwning with eBPF: a Love Story
- Issue 2186: Exchange: AD Schema Misconfiguration Elevation of Privilege
- #printnightmare 4.x
- Issue 2228: Windows: EFSRPC Arbitrary File Upload EoP
- Windows cmd.exe - Ausführen von Dateien
- CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO
- CVE-2021-1499 - Cisco HyperFlex HX Data Platform RCE
- Issue 2254: Zoom: Remote Code Execution with XMPP Stanza Smuggling
- NAT Slipstreaming v2.0
- Moodle 2nd Order Sqli
- How to Analyze Malicious Microsoft Office Files
- Bluffy the AV Slayer - Convert shellcode into different formats.
- LAPSUS$ <-> NVIDA
- Triaging A Malicious Docker Container
- ContiLeaks
- SEKTOR7 Kurs-Rabatt
- JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library
- Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
- HTB: Object
- SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
- Rogue RDP – Revisiting Initial Access Methods
- Re-ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using.. Google.. Again
- Intro to Embedded RE Part 1: Tools and Series Overview
- Running Cobalt Strike BOFs from Python
- Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
- sheepl
- EFS RPC
- Fuzzing Windows RPC with RpcView
- HTB: TheNotebook
- Bypassing Windows 10 UAC with mock folders and DLL hijacking
- Hunt for the gMSA secrets - WIndows AD
- Microsoft Intune - Bypassing conditional access by faking device compliance.
- malware_training_vol1
- SAML XML Injection
- Fingerprint cloning: Myth or reality?
- Attack Surface Analysis - Part 2 - Custom Protocol Handlers
- HTB: Meta
- How I Met Your Beacon - x33fcon - Domchell
- Anti-Malware - Rewind - Panik Button bei Virusinfektionen
- Gitlab Project Import RCE Analysis (CVE-2022-2185)
- CVE-2021-22986 f5 big ip unauth rce
- Incident Response in AWS
- EoP - Windows mit Intune via Bitlocker Recovery Key
- LPE Windows 10 - CVE-2021-1732
- Trojan Source: Invisible Vulnerabilities
- CVE-2021-22205 - Gitlab RCE
- From Zero to Domain Admin - DFIR Report
- HTB: Explore
- MalAPI.io - Sammlung an Windows APIs die Malware benutzt
- CyberArk Endpoint Manager Local Privilege Escalation CVE-2021–44049.
- Phishing for AWS credentials via AWS SSO device code authentication
- SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
- Part 1 – SingPass RASP Analysis
- Abusing Google Drive's Email File Functionality
- Windows LPE - Windows 10 1909 to 20H2 and Server Core 2004/20H2 (CVE-2021-33739)
- ProtectMyTooling – Don’t detect tools, detect techniques
- CVE-2022-21970 - HTML Smuggeling Edge / Chrome
- Zooming in on Zero-click Exploits
- Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
- Local Privilege Escalation in all Windows Versions
- Dotnet’s default AES mode is vulnerable to padding oracle attacks
- HTB: Enterprise
- Microsoft resumes default blocking of Office macros after updating docs
- CVE-2022-1040 Sophos XG Firewall Authentication bypass
- Bypassing Image Load Kernel Callbacks
- Stranger Strings: An exploitable flaw in SQLite
- GrabAccess - Konboot Klon
- Certified Pre-OwnedAbusing Active Directory Certificate Services
- Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
- Make JDBC Attack Brilliant Again
- Gitlab: Clipboard DOM-based XSS.
- critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)
- Kerberos Relaying
- Breaking electron-store's encryption
- Harvesting Active Directory credentials via HTTP Request Smuggling
- BSI Phishing-Spiel
- ChaosDB: How we hacked thousands of Azure customers’ databases
- DD-WRT UPnP Buffer Overflow
- H2C Smuggling in the Wild
- TPM sniffing
- LinkSys EA6100 AC1200
- PDF als Transporter für Schadcode
- CVE-2021-42321 - Exchange RCE
- Windows installer LPE 0day
- Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology
- Terminal Server PRIV.ESC via RemotePotat0
- Is exploiting a null pointer deref for LPE just a pipe dream? - WIndows LPE
- Zero-Day Exploitation of Atlassian Confluence - CVE-2022-26134.
- Security issues related to the npm registry
- Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
- Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days
- AutoPoC - Validating the Lack of Validation in PoCs
- MS Defender Bypass durch umbenennen von procdump.exe
- Drupal insecure default leads to password reset poisoning
- SANS - Cheatsheets
- Nagios XI < 5.7.5 - 13 Nagios Vulnerabilities
- The trouble with Microsoft’s Troubleshooters
- Feral Terror - RCE in Netgear Switches
- 2021.1 IPU - Intel® VT-d Advisory
- Windows Drivers Reverse Engineering Methodology
- CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
- Persistent access to Burp’s Collaborator Session
- pay-what-you-can (min $5) on the following courses: External Pentest Playbook Windows PrivEsc Linux PrivEsc
- Creating Fully Undetectable Payload (FUD) with C
- GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
- Autodial(DLL)ing Your Way - Lateral Movement Windows
- The github.dev web-based editor
- Teil2: Managed Identity Attack Paths, Part 2: Logic Apps
- SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
- Responder DHCP in Version 3.0.7.0
- Zoom RCE from Pwn2Own 2021
- Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn
- Visual Studio Code Jupyter Notebook RCE
- Snakes on a Domain: An Analysis of a Python Malware Loader
- The dying knight in the shiny armour
- RC4 Is Still Considered Harmful
- AAD & M365 kill chain
- php-fpm-local-root - LPE
- CVE-2022-30781 Gitea RCE über die Migrate Funktion
- Linux sudo Heap Overflow < 1.9.5p1
- Attacking Azure & Azure AD, Part II
- Convert ldapdomaindump to Bloodhound
- HTB: Spooktrol
- All Access Pass: Five Trends with Initial Access Brokers
- SharpSystemTriggers - Cross User DCOM Authentication Trigger
- Schwachstelle in Citrix ADM
- DFSCoerce - NetNTLM Coerced Auth
- Lockbit Ransomware group - Samples
- Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
- Decrypting VEEAM Passwords
- CdpSvcLPE - WIndows LPE - Writeable SYSTEM path Dll Hijacking)
- XSS in the AWS Console
- Car hijacking swapping a single bit - Hardware SPI
- Discovering Zero-Day Vulnerabilities in McAfee Products (CVE-2021-31838)
- Responder's DHCP Poisoner
- Don't Ruck Us Too Hard - Owning Ruckus AP devices
- Abusing the Exchange Postmaster to Expose Email Spam & Malware Filters
- Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
- Your Microsoft Teams chats aren’t as private as you think..
- 9 OSINT Tools For Your Reconnaissance Needs
- Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
- Repurposing Real TTPs for use on Red Team Engagements
- SynLapse – Technical Details for Critical Azure Synapse Vulnerability
- Hertzbleed Attack
- Nextcloud - Attacker can obtain write access to any federated share/public link (CVE-2021-32654 & CVE-2021-32655)
- Cracking WiFi at Scale with One Simple Trick
- Pwn2Own Vancouver 2021 :: Microsoft Exchange Server Remote Code Execution
- HotPics 2021 - RCE via GhostScript
- %appdata% is a mistake – Introducing Invoke-DLLClone
- AWS WAF's Dangerous Defaults
- Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete?
- CVE-2022-21371 - Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
- Pwning 3CX Phone Management Backends from the Internet
- Solarwinds Web Help Desk: When the Helpdesk is too Helpful
- Recovering Randomly Generated Passwords
- 🔥pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)🔥
- Resource based constrained Delegation (RBCD) WebClient attack
- SharpProxyLogon
- This man thought opening a TXT file is fine, he thought wrong. macOS CVE-2019-8761
- The Power of SeImpersonation
- Man in the Terminal - Logger für Linux / Pathhijacking
- Breaking GitHub Private Pages for $35k
- RDCMan v2.8
- Evasive Phishing Techniques Threat Actors Use to Circumvent Defense Mechanisms
- Miracle - One Vulnerability To Rule Them All
- Retrieving AWS security credentials from the AWS console
- Attacking With WebView2 Applications
- No Passwords More Problems
- Anatomy and Disruption of Metasploit Shellcode
- Introducing iHide – A New Jailbreak Detection Bypass Tool
- ZDI-21-1053: Bypassing Windows Lock Screen
- Popular 'coa' NPM library hijacked to steal user passwords
- How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
- Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
- Automatically extracting static antivirus signatures
- Binary File Write via Microsoft Speech API
- Mitmproxy 9
- Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
- GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
- Safari is hot-linking images to semi-random websites
- Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
- Nighthawk 0.2.1 – Haunting Blue
- Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
- X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL 3.0.0 - 3.0.6
- Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
- Hacking Swagger-UI - from XSS to account takeovers
- Finding DOM Polyglot XSS in PayPal the Easy Way
- How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506]
- An EPYC escape: Case-study of a KVM breakout - CVE-2021-29657
- RCE 0-day that afftceted to GhostScript-9.50
- HTB: Unobtainium
- From RpcView to PetitPotam (Windows)
- RestrictedAdmin
- unauth RCE Western Digital PR4100 NAS - Your vulnerability is in another OEM!
- BleedingTooth - Linux Blueetooth Stack (BadVibes, BadKarma and BadChoice)
- Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter
- Analysis of CVE-2022-30136 “Windows Network File System Vulnerability“
- How I Got Pwned by My Cloud Costs
- Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
- Apache Tapestry - CVE-2021-27850 Exploit
- A supply-chainbreach: Taking over an Atlassian account
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- 🔥Trust me. PowerShell is not going to be the same again once you do this.🔥
- ProxyToken: An Authentication Bypass in Microsoft Exchange Server - CVE-2021-33766
- The Phantom Credentials of SCCM: Why the NAA Won’t Die
- Double PetitPotam - unauthenticated #petitpotam everywhere (not only for DCs)!
- Understanding Zigbee and Wireless Mesh Networking
- Phishing for NetNTLM Hashes
- Fuzzing RDP: Holding the Stick at Both Ends
- Blinding EDR On Windows
- PHP NULL Byte
- Backdooring Rust crates for fun and profit
- New Critical Vulnerabilities Found on Nucleus TCP/IP Stack
- Pentest tale - Dumping cleartext credentials from antivirus
- Rapidly Search and Hunt through Windows Event Logs
- Escalating XSS to Sainthood with Nagios - Nagios <
- Spoofing Calendar Invites Using .ics Files
- HTB: Nunchucks
- Riding the InfoRail to Exploit Ivanti Avalanche
- No Logs? No Problem! Incident Response without Windows Event Logs
- How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It
- XSS Phishing Payload - Snippet
- HTB: Union
- Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover
- WarCon 2022 – Modern Initial Access and Evasion Tactics
- Phishing Course
- Notepad++ Plugins for Persistence
- HTB: Anubis
- This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them
- Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
- BitLocker touch-device lockscreen bypass
- urlscan.io's SOAR spot: Chatty security tools leaking private data
- LOLBINed — Using Kaspersky Endpoint Security “KES” Installer to Execute Arbitrary Commands
- Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
- Gregor Samsa: Exploiting Java's XML Signature Verification - CVE-2022-34169 CVSS: 7.5
- HTB: Tentacle
- HTB: Gobox
- Pwn2Own’ing the TP-Link Archer A7 - CVE-2021-27246
- Automated 0-day discovery in 2021: Squashing the low-hanging fruit in widespread embedded software
- HTB: Moderators
- Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
- SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE
- Bypassing Signature-Based AV
- Pass the Cloud with a Cookie
- Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
- CVE-2021-26084 Remote Code Execution on Confluence Servers
- Windows - Infoleak (CVE-2021-24084)
- Phishing Users to Take a Test
- Hacking the Apple Webcam (again)
- BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
- CVE-2022-27666: Exploit esp6 modules in Linux kernel
- Sitecore Experience Platform Pre-Auth RCE
- RipZip
- HTB: Atom
- Adding a native sniffer to your implants: decomposing and recomposing PktMon
- CONTInuing the Bazar Ransomware Story
- TokenTactics
- HTML Maldoc Remote Macro Injection
- UDP Technology IP Camera vulnerabilities
- Google Chrome 0day/1day
- Rawsec's CyberSecurity Inventory
- Decompile Microsoft ASR Scripts
- Passwordspraying gegen Azure - aad-sso-enum-brute-spray
- Facebook email disclosure and account takeover
- PHP 7.0-8.0 disable_functions bypass [user_filter]
- Abusing Weak ACL on Certificate Templates.
- Finden von Windows Registry Hives in virtuellen Festplatten - Needle
- A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows
- DeepSurface Security Advisory: LPE in Firefox on Windows
- HTB: Monitors
- Backdoor .NET assemblies with… dnSpy 🤔
- Phishing Email Database: Real Phishing Examples & Threats
- Windows - PowerShell Jobs
- LSASS Procdump
- Malicious Python Script Behaving Like a Rubber Ducky
- Azure AD introduction for red teamers
- Tianfu Cup - Exploit Conference
- Reverse engineering and decrypting CyberArk vault credential files
- Part-1&2 Dive into Zoom Applications
- Resetting Expired Passwords Remotely
- How the Kaseya VSA Zero Day Exploit Worked
- Bypass Bitlocker Preboot Authentication mit physischem Zugriff auf das Gerät
- SharpImpersonation Release
- Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings
- Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492)
- [CVE-2022-34918] A crack in the Linux firewall
- CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
- SysWhispers is dead, long live SysWhispers!
- Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
- Unrar Path Traversal Vulnerability affects Zimbra Mail
- CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
- FabricScape: Escaping Service Fabric and Taking Over the Cluster
- Beefproject - Beef
- ‘Demon’s Cries’ authentication bypass patched in Netgear switches
- Restoring (Recovering) PowerShell Scripts from Event Logs
- CVE-2021-22555: Turning into 10000$
- Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
- Bypassing Windows Hello Without Masks or Plastic Surgery
- CVE-2022-44142 - New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root
- HackTheBox: APT (Insane)
- Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
- PRINTING SHELLZ : HP Printer RCE für 150 Modelle
- URL Shorteners
- Password spraying and MFA bypasses in the modern security landscape
- Obsidian, Taming a Collective Consciousness
- OpenBMC: remote code execution in netipmid - IPMI
- SharpLink - C# Port der symboliclink-testing-tools von James Forshaw
- Revisiting a Credential Guard Bypass - Windows
- ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3
- Lateral Movement with Managed Identities of Azure Virtual Machines
- Attacking Active Directory: 0 to 0.9
- DIVD-2021-00011 - Kaseya VSA Limited Disclosure
- Filesec.io
- Bypassing Azure AD home tenant MFA and CA
- Certificates and Pwnage and Patches, Oh My!
- Do You Really Know About LSA Protection (RunAsPPL)?
- Kubesploit - C2 Kubernetes Framework
- alert() is dead, long live print()
- AV Evasion Part 3: Fibers
- #Pwn2Own - RCE in Zoom (0click)
- OffensiveAutoIt
- The Pen Testing Tools We’re Thankful for in 2021
- GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
- All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
- Exploiting CVE-2021-43267 - Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution
- PGSharp: Analysis of a Cheating App for PokemonGO
- HTB: PivotAPI
- Alert changes to sensitive AD groups using MDI
- F-Secure: Attack Detection Fundamentals 2021: Windows
- CVE: CVE-2022-26911 - Skype4Business authenticated arbitrary Fileread
- KeepassXC Read Password from Memory
- Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
- CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability
- Weaponizing and Abusing Hidden FunctionalitiesContained in Office Document Properties
- Webdriver Bugs
- Graphical Lures In The Age of Cybercrime.
- The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
- Using CVE-2021-40531 for RCE with Sketch - macOS
- Dumping and extracting the SpaceX Starlink User Terminal firmware
- KeeFarce Reborn - Keepass Export PWs
- Coercing NTLM Authentication from SCCM
- A tale of EDR bypass methods
- An Introduction to Fault Injection (Part 1/3)
- ProxyNotRelay - An Exchange Vulnerability Encore
- Accidental $70k Google Pixel Lock Screen Bypass - CVE-2022-20465
- xterm before patch 375 can enable an RCE under certain conditions - CVE-2022-45063
- AMSI-ETW-Patch - 1 Byte Memory patch
- LaZagne - Credentials recovery project
- Suborner: A Windows Bribery for Invisible Persistence
- A possibly overlooked GELSEMIUM artefact
- AMSI Unchained
- Social Engineering Your Way Into The Network
- Critical Vulnerabilities Discovered in Popular Automotive GPS Tracking Device (MiCODUS MV720)
- DEEPL - Prozess Dumper
- PrivacyTests.org - Übersicht der Anti-Tracking Features der Browser
- Pwn2Own -> Xxe2Rce - RCE in Rockwell Studio 5000 Logix Designer
- Kerberoast with OpSec
- How iOS Malware Can Spy on Users Silently
- Windows Quiz: Medium IL to High IL
- Master of Puppets Part II – How to tamper the EDR?
- Windows Relaying - I’m bringing relaying back: A comprehensive guide on relaying anno 2022
- Critical Flaws Discovered in Cisco Small Business RV Series Routers
- HTB: Pressed
- S4fuckMe2selfAndUAndU2proxy - A low dive into Kerberos delegations
- Solving DOM XSS Puzzles
- Sandboxing Antimalware Products for Fun and Profit
- Bloodhound "Spotlight"
- QNAP Pre-Auth CGI_Find_Parameter RCE
- executing an http stream as an .exe
- Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
- Go away BitLocker, you´re drunk
- HTB: Intelligence
- Popping iOS <=14.7 with IOMFB
- HOWTO: Microsoft Teams Proxy DLL Hijacking(Tutorial)
- GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI
- Facebook account takeover due to a wide platform bug in ajaxpipe responses
- CookieMonster - Tool
- The Invisible JavaScript Backdoor
- Thick Client Penetration Testing Methodology
- Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog
- This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others
- Windows 11 LPE
- Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
- Reset Passwords
- Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
- GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink
- Kaspersky Password Manager: All your passwords are belong to us
- Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
- Introducing ROADtools Token eXchange (roadtx) - Automating Azure AD authentication, Primary Refresh Token (ab)use and device registration
- Php-Internalog, Introspection Applied to 0day Research
- Lessons Learned from Cloning Windows Binaries and Code Signing Implants
- Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses
- BREAKING & ENTERING
- Linux Kernel Teaching
- Relaying to AD Certificate Services over RPC - ESC11
- Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
- A not-so-common and stupid privilege escalation
- UNORTHODOX LATERAL MOVEMENT:
- Account hijacking using "dirty dancing" in sign-in OAuth-flows
- Unicode Right-To-Left Override
- MSDT DLL Hijack UAC bypass
- Rooting Gryphon Routers via Shared VPN
- CVE-2022-21882 - LPE Windows
- Software Defined Radio, Part 6: Building a Cellphone IMSI Catcher (Stingray)
- [ENG] UUID Shellcode Execution Implementation in C# and DInvoke
- It’s all in the details: The curious case of an lsass dumper gone undetected
- Stealing passwords from infosec Mastodon - without bypassing CSP
- BloodHound Inner Workings & Limitations
- 50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)
- OffensiveVBA
- Using Kerberos for Authentication Relay Attacks
- Hacking Unifi Controller Passwords for Fun and WIFI
- WinRAR’s vulnerable trialware: when free software isn’t free
- SSD Advisory – Cisco "Secure" Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege
- Virtual Disks (VHD(x), ISO) erhalten MOTW
- BumbleBee Zeros in on Meterpreter
- Amazon once again lost control (for 3 hours) over the IP pool in a BGP Hijacking attack
- Ich habe deutsche Kommunen auf Schwachstellen überprüft
- Code execution as root via AT commands on the Quectel EG25-G modem
- reverse_ssh
- MS Defender Bypass comsvcs - mal wieder
- USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
- Phishing with Google Calendar
- A Symmetric Cipher Ransomware … YES!
- Grafana v8.x Arbitrary File Read - 0day
- Reflective Code Loading in Linux — A New Defense Evasion Technique in MITRE ATT&CK v10
- Windows 10 RCE: The exploit is in the link
- CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
- Android Rubberducky
- Introduction to Parent-Child Process Evasion
- HTB: Hathor
- Exploiting System Mechanic Driver
- Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
- Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette"
- Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
- Microsoft Internet Explorer 11 (protected mode off) & Adobe Acrobat Reader DC ActiveX
- From NtObjectManager to PetitPotam
- The past 10 years of Automotive Vulnerabilities
- A Diamond in the Ruff - Kerberos Diamond Tickets
- Possible RCE in OpenSSL 3.0.4
- HTB - Spider
- When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
- Game Of Active Directory v2 - GOAD v2 is out !
- WriteUp Webexploits
- The Art of Bypassing Kerberoast Detections with Orpheus
- Fuzzing and PR’ing: How We Found Bugs in a Popular Third-Party EtherNet/IP Protocol Stack
- SOCKS5 via RDP Dynamic Virtual Channel
- Exploiting Flipper Zero’s NFC file loader
- Nagios XI < 5.7.5 authenticated RCE
- Allow arbitrary URLs, expect arbitrary code execution
- Fetch Defender exclusions from Intune managed devices as non-admin user:
- Phishing With Google's Domain
- CVE-2021-25646 - Apache Druid < 20.1 authenticated RCE
- GoodHound - Bloodhound Enumeration Tool
- Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
- The Challenges of Fuzzing 5G Protocols
- Wordliste - weakpass_3a
- Azure Privilege Escalation via Service Principal Abuse
- AnyDesk Escalation of Privilege (CVE-2021-40854)
- Shellcode loader ScareCrow V3
- Windows - EDRHunt
- They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
- PrinterNightmate #4.x
- Exploit for CVE-2021-40449 (Win32k - LPE)
- CVE-2022–43781 - ATLASSIAN BitBucket RCE (Vietnamesisch)
- Exploit Development: Swimming In The (Kernel) Pool - Leveraging Pool Vulnerabilities From Low-Integrity Exploits, Part 1&2
- HTB: Breadcrumbs
- This shouldn't have happened: A vulnerability postmortem
- Azure Privilege Escalation via Azure API Permissions Abuse
- Former Ubiquiti employee charged with hacking and extorting company
- Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon
- VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability
- Google Project Zero pubished four Browser RCE 0day POC
- Printnightmare - Episode 3
- Rediscovering Epic Games 0-Days (Forever Unpatched?)
- Always Free Server Oracle Cloud
- Remote code execution in cdnjs of Cloudflare
- Microsoft Windows internals - Developer Notes
- 9 Post-Exploitation Tools for Your Next Penetration Test
- Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040
- Azure AD Kerberos authentication (Preview)
- A dive into Microsoft Defender for Identity
- Nighthawk Sample removed from VirusTotal because of Copyright
- Disrupting a PyPI Software Supply Chain Threat Actor
- Mind the Gap
- Recreating an ISO Payload for Fun and No Profit
- Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
- HTB: RouterSpace
- Coercer - Tool für erzwungene Anmeldungen von Maschinen Konten
- Honda bug lets a hacker unlock and start your car via replay attack
- Microsoft rolls back decision to block Office macros by default
- Protecting Windows Credentials against Network Attacks
- Defender Bypass - Dump LSASS comsvcs.dll
- [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
- Abusing forgotten permissions on computer objects in Active Directory
- Office Makros bleiben erhalten
- CME - Hashspider
- HTB: Pikaboo
- Subdomain Enumeration Guide 2021 📖
- RCE in NPM VSCode Extention - CVE2021-26700
- Github Exploits
- PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
- RCE für Windows via TTF CVE-2021-24093 Fixed-2021-Feb-9
- An Exploration of JSON Interoperability Vulnerabilities
- CVE-2020-8625: A Fifteen-Year-Old RCE Bug Returns in ISC BIND Server
- ESXI - VMware unauth RCE CVE-2021-21972
- Farming for Red Teams: Harvesting NetNTLM
- Windows User Profile Service 0day LPE - Windows 11
- CISCO anyconnect EoP - CVE-2021-1366
- CVE-2020-28243 SaltStack Minion Local Privilege Escalation
- Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
- Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
- Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
- Microsoft 365 OAuth Device Code Flow and Phishing
- Discovering Domains via a Timing Attack on Certificate Transparency
- Making HTTP header injection critical via response queue poisoning
- Chaos Computer Club hackt Video-Ident
- BumbleBee Roasts Its Way to Domain Admin
- Yanluowang ransomware group claims to have breached Cisco
- Yanluowang ransomware group claims to have breached Cisco
- 1Password Secret Retrieval — Methodology and Implementation
- Yanluowang ransomware group claims to have breached Cisco
- Yanluowang ransomware group claims to have breached Cisco
- Yanluowang ransomware group claims to have breached Cisco
- Skidaddle Skideldi - I just pwnd your PKI
- You're M̶u̶t̶e̶d̶ Rooted - Zoom LPE unter macOS
- Solving the Unredacter Challenge
- CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
- CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
- New Attack Paths? AS Requested Service Tickets
- The Unavoidable Pain Of Backups — Security Deep-Dive Into The Internals Of NetBackup
- Windows - First Installation Animation
- PersistenceSniper
- HTB: Perspective
- QNAP Poisoned XML Command Injection (Silently Patched)
- Toner Deaf – Printing your next persistence (Hexacon 2022)
- Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
- Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
- WAM BAM - Recovering Web Tokens From Office
- Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
- Kernel Driver Exploit: System Mechanic
- Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark
- Introducing the Windows 10 SMB Shadow Attack: Direct SMB Session Takeover
- Killing AV with SysInternals
- Bypass #2 ..
- Powershell Obfuskierung - YARA
- Powershell Obfuskierung - YARA
- horrifying-pdf-experiments
- Exchange RCE - CVE-2021-26855
- horrifying-pdf-experiments
- Giving JuicyPotato a second chance: JuicyPotatoNG
- Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
- Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
- HTB: Developer
- 1001 ways to PWN prod - A tale of 60 RCE in 60 minutes
- SSD Advisory – pfSense Post Auth RCE
- Aktueller Patch Tuesday ist ernst zu nehmen!
- BadSectorLabs.com
- Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
- Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
- Windows DNS Server RCE - SIGRed - CVE2020-1350
- AV Evasion via SysWhispers2 and more
- Pokémon Shellcode Loader
- Pokémon Shellcode Loader
- Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
- RCE in Adobe Acrobat Reader for android(CVE-2021-40724)
- Palo Alto Firewall / VPN RCE with default Key
- But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
- But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
- Securing Developer Tools: Argument Injection in Visual Studio Code
- Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
- FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
- FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
- FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
- DirtyCred
- What can we learn from leaked Insyde's BIOS for Intel Alder Lake
- Windows Security Updates for Hackers
- PXEThief - Pulling Passwords out of Configuration Manager
- Detecting and preventing LSASS credential dumping attacks
- Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
- ShadowSpray - AD Shadowcredentials AtTack
- Spring Framework
- Spring Framework
- Fun with PowerShell – Executing commands with DNS requests
- Chromium based Browser SSL/TLS Error Bypass
- Chromium based Browser SSL/TLS Error Bypass
- Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
- Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
- Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
- Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
- Branch History Injection - SpectreV2-BHI
- Masterpiece Video about DRAM. Low level!
- Masterpiece Video about DRAM. Low level!
- The Dirty Pipe Vulnerability
- The Dirty Pipe Vulnerability
- The Dirty Pipe Vulnerability¶
- vmware-authd-EoP
- AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
- ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
- If anybody is bored - can you recreate #HiveNightmare in a 240 or less character PowerShell tweet?
- The Discovery and Exploitation of CVE-2022-25636
- CVE-2022-46908 - SQLite --safe context bypass
- Security tools showcased at Black Hat USA 2021
- CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
- A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
- SNMP… Strings Attached!
- Stealing Chrome cookies without a password
- OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
- OpenSSL - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
- The Kerberos Key List Attack: The return of the Read Only Domain Controllers
- BITB - Browser templates for Browser In The Browser (BITB) attack
- Fortinet music video "Firewall"
- Unauth RCE VEEAM - CVE-2022-26500 | CVE-2022-26501
- Group3r - AD GPO Enumeration Tool
- Remote Potato - Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
- Snaffler und Group3r inlineExecuteAssembly
- Chrome 0.5day - RCE
- Chrome 0.5day - RCE
- MySQL Windows EoP
- Introducing BloodHound 4.1 — The Three Headed Hound
- HTB: Shibboleth
- Introducing BloodHound 4.1 — The Three Headed Hound
- How Docker Made Me More Capable and the Host Less Secure - CVE-2021-41091
- CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
- Retbleed: Arbitrary Speculative Code Execution with Return Instructions
- Issue 100: Platform certificates used to sign malware
- Openredirect www.google.com - Phsihing
- Openredirect www.google.com - Phsihing
- Openredirect www.google.com - Phsihing
- Openredirect www.google.com - Phsihing
- HTB: 0xdf revisits
- FreeBSD-SA-22:15. Stack overflow in ping(8) - CVE-2022-23093
- Openredirect www.google.com - Phsihing
- ChatGPT - OpenAI
- Windows Server 2016 - EOL
- Internet Explorer 0-day exploited by North Korean actor APT37
- Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
- Citrix SSON Credential Leak
- CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
- CVE-2020-28018: Exim Use-after-free (UAF) leading to RCE
- Secret Backdoors Found in German-made Auerswald VoIP System
- Cloudflare Pages, part 1: The fellowship of the secret
- Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
- Dumping Plaintext RDP credentials from svchost.exe
- Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
- Azure AD Certificate-Based Authentication now in Public Preview
- Advisory: Western Digital My Cloud Pro Series PR4100 RCE
- Lsass Shtinkering
- 🔥KrbRelay - Kerberos relaying C#🔥
- KrbRelay - Kerberos relaying C#
- KrbRelay - Kerberos relaying C#
- CVE-2021-21551 - Dell Command Update via DBUtil_2_3
- CVE-2021-3929-3947 - QEMU VM Escape
- CVE-2021-21551 - Dell Command Update via DBUtil_2_3
- MS-FSRVP abuse (ShadowCoerce)
- Fixing the Unfixable: Story of a Google Cloud SSRF
- PHP LFI with Nginx Assistance
- Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
- RemotePotato0
- RemotePotato0
- RemotePotato0
- Insecure Comments - MS Office
- Insecure Comments - MS Office
- Unmanaged Code Execution with .NET Dynamic PInvoke
- Can it run Doom? -Can Doom run it? - Game Injection
- Microsoft is making it harder to steal Windows passwords from memory
- Using OpenAI Chat to Generate Phishing Campaigns
- ReverseRDP_RCE - Windows RDP RCE auf Client
- nrich - Shodan API Tool (Portscan)
- nrich - Shodan API Tool (Portscan)
- ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images. - CVE-2021-22204
- ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images.
- PNG Parser Differential - Apple <-> NonApple
- PNG Parser Differential - Apple <-> NonApple
- PNG Parser Differential - Apple <-> NonApple
- Managed Identity Attack Paths, Part 1: Automation Accounts
- From Backup Operator To Domain Admin
- Yes, fun browser extensions can have vulnerabilities too!
- Yes, fun browser extensions can have vulnerabilities too!
- AD CS
- Rubeus 2.0
- Remote Code Execution in pfSense <= 2.5.2
- HTTP/2: The Sequel is Always Worse
- Response Smuggling: Pwning HTTP/1.1 Connections
- Response Smuggling: Pwning HTTP/1.1 Connections
- Universal Privilege Escalation and Persistence – Printer
- Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
- Issue 2186: Exchange: AD Schema Misconfiguration Elevation of Privilege
- CVE-2021-1499 - Cisco HyperFlex HX Data Platform RCE
- ContiLeaks
- Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
- Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
- ACHTUNG
- Rogue RDP – Revisiting Initial Access Methods
- sheepl
- Fingerprint cloning: Myth or reality?
- Windows LPE - Windows 10 1909 to 20H2 and Server Core 2004/20H2 (CVE-2021-33739)
- HTB: Acute
- CVE-2022-21970 - HTML Smuggeling Edge / Chrome
- CVE-2022-21970 - HTML Smuggeling Edge / Chrome
- CVE-2022-21970 - HTML Smuggeling Edge / Chrome
- Kerberos Relaying
- Windows installer LPE 0day
- Windows installer LPE 0day
- Zero-Day Exploitation of Atlassian Confluence - CVE-2022-26134.
- CVE-2021-42321 - Exchange RCE
- Zero-Day Exploitation of Atlassian Confluence
- Security issues related to the npm registry
- DirSync: Leveraging Replication Get-Changes and Get-Changes-In-Filtered-Set
- MS Defender Bypass durch umbenennen von procdump.exe
- MS Defender Bypass
- MS Defender Bypass durch umbenennen von procdump.exe
- MS Defender Bypass durch umbenennen von procdump.exe
- MS Defender Bypass durch umbenennen von procdump.exe
- Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
- Autodial(DLL)ing Your Way - Lateral Movement Windows
- php-fpm-local-root - LPE
- AAD & M365 kill chain
- Attacking Azure & Azure AD, Part II
- SATisfying our way into remote code execution in the OPC UA industrial stack
- SharpSystemTriggers - Cross User DCOM Authentication Trigger
- DFSCoerce - NetNTLM Coerced Auth
- Lockbit Ransomware group - Samples
- SharpSystemTriggers - Cross User DCOM Authentication Trigger
- Hertzbleed Attack
- CVE-2021-26084 Remote Code Execution on Confluence Servers
- CVE-2022-21371 - Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- HTB: Talkative
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
- GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
- X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL 3.0.0 - 3.0.6
- X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL
- STARTTLS implementations in email clients & servers plagued by 40+ vulnerabilities
- RCE 0-day that afftceted to GhostScript-9.50
- Fun fact: Die Fuchsia ist nach einem berühmten Tübinger benannt.
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- Trust me. PowerShell is not going to be the same again once you do this.
- ProxyToken: An Authentication Bypass in Microsoft Exchange Server
- ProxyToken: An Authentication Bypass in Microsoft Exchange Server
- The Phantom Credentials of SCCM: Why the NAA Won’t Die
- The Phantom Credentials of SCCM: Why the NAA Won’t Die
- Blinding EDR On Windows
- F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive
- Blinding EDR On Windows
- Rapidly Search and Hunt through Windows Event Logs
- Rapidly Search and Hunt through Windows Event Logs
- Spoofing Calendar Invites Using .ics Files
- No Logs? No Problem! Incident Response without Windows Event Logs
- 🔥 urlscan.io's SOAR spot: Chatty security tools leaking private data 🔥
- Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
- Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
- Gregor Samsa: Exploiting Java's XML Signature Verification - CVE-2022-34169
- HTB: Gobox
- INFOCONDB - Sammlung von ITSec Konfernenzen
- CVE-2021-26084 Remote Code Execution on Confluence Servers
- CVE-2021-26084 Remote Code Execution on Confluence Servers
- Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
- Humblebundle:
- Phishing Users to Take a Test
- Google Chrome 0day/1day
- Adding a native sniffer to your implants: decomposing and recomposing PktMon
- Google Chrome 0day/1day
- Google Chrome 0day/1day
- Part-1 Dive into Zoom Applications
- The Elastic Container Project for Security Research
- The dark side of Microsoft Remote Procedure Call protocols
- How the Kaseya VSA Zero Day Exploit Worked
- Unrar Path Traversal Vulnerability affects Zimbra Mail
- Restoring (Recovering) PowerShell Scripts from Event Logs
- PRINTING SHELLZ : HP Printer RCE
- Certificates and Pwnage and Patches, Oh My!
- The Pen Testing Tools We’re Thankful for in 2021
- GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
- GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
- All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
- Exploiting CVE-2021-43267
- A New Attack Surface on MS Exchange Part 3 - ProxyShell!
- OffensiveAutoIt
- Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
- Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
- Accidental $70k Google Pixel Lock Screen Bypass - CVE-2022-20465
- Social Engineering Your Way Into The Network
- Sandboxing Antimalware Products for Fun and Profit
- Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
- BREAKING & ENTERING
- UNORTHODOX LATERAL MOVEMENT:
- Ich habe deutsche Kommunen auf Schwachstellen überprüft
- Sophos UTM Preauth RCE: A Deep Dive into CVE-2020-25223
- Ich habe deutsche Kommunen auf Schwachstellen überprüft
- Grafana v8.x Arbitrary File Read - 0day
- reverse_ssh
- MS Defender Bypass comsvcs - mal wieder
- Windows 10 RCE: The exploit is in the link
- Windows 10 RCE: The exploit is in the link
- SOCKS5 via RDP Dynamic Virtual Channel
- GoodHound - Bloodhound Enumeration Tool
- Relaying to AD Certificate Services over RPC - ESC11
- Windows Print Spooler Elevation of Privilege vulnerability (CVE-2021-1675) explained
- HTB: Schooled
- They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
- CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability
- CVE-2022–43781 - ATLASSIAN BitBucket RCE (Vietnamesisch)
- PrinterNightmate #4.x
- This shouldn't have happened: A vulnerability postmortem
- This shouldn't have happened: A vulnerability postmortem
- Always Free Server Oracle Cloud
- Defender Bypass - Dump LSASS
- [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
- PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
- Windows EoP via USB Device
- PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
- PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
- RCE für Windows via TTF
- RCE für Windows via TTF
- Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
- Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
- Microsoft 365 OAuth Device Code Flow and Phishing
- Microsoft 365 OAuth Device Code Flow and Phishing
- HTB: Minion
- DirSync: Leveraging Replication Get-Changes and Get-Changes-In-Filtered-Set
- Account Persistence – Certificates - Windows
- HTB: Talkative
- Windows EoP via USB Device
- Windows EoP via USB Device
- Spying on users using Remote Desktop Shadowing - Living off the Land
- File URL Handler in Windows
- File URL Handler in Windows
- Kali - 2021.3
- LPE - Google Chrome / Edge Update Service - Windows 10 2009
- The Cyber Plumber's Handbook
- CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
- Spying on users using Remote Desktop Shadowing - Living off the Land
- Outdated JavaScript engine leads to RCE in Foxit PDF Reader
- Outdated JavaScript engine leads to RCE in Foxit PDF Reader
- SMTP Matching Abuse in Azure AD
- SMTP Matching Abuse in Azure AD
- Exploited Windows zero-day lets JavaScript files bypass security warnings
- The Curious Case of the Password Database
- Follina — a Microsoft Office code execution vulnerability
- Follina — a Microsoft Office code execution vulnerability
- CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
- SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
- Google Chrome NTP XSS via Google Search CSRF
- SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
- Harvesting Active Directory credentials via HTTP Request Smuggling
- BloodHound Inner Workings & Limitations
- BloodHound Inner Workings & Limitations
- CVE-2022-30781 Gitea RCE über die Migrate Funktion
- Phishing for NetNTLM Hashes
- Revisiting a Credential Guard Bypass - Windows
- Phishing With Google's Domain
- Windows User Profile Service 0day LPE
- HTB - Spider
- tinkershell - LPE
- CME - Hashspider
- CME - Hashspider
- CME - Hashspider
- Can it run Doom? -Can Doom run it? - Game Injection
- Déjà vu-lnerability
- Déjà vu-lnerability
- Déjà vu-lnerability
- Déjà vu-lnerability
- Linux sudo Heap Overflow < 1.9.4p2
- lsarelayx - NTLM Relaying unter Windows
- Linux sudo Heap Overflow < 1.9.5p1
- CVE-2021-25646 - Apache Druid < 20.1 authenticated RCE
- BIGIP Adwanced WAF & ASM RCE < 16.0.1.1 - CVE-2021-22992
- Giving JuicyPotato a second chance: JuicyPotatoNG
- Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
- Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)
- Infosec Blogs: Our Cup Runneth Over
- Backdooring and hijacking Azure AD accounts by abusing external identities
- The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
- ÆPIC Leak
- OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
- Capability Abstraction Case Study: Detecting Malicious Boot Configuration Modifications
- Undermining Microsoft Teams Security by Mining Tokens
- Making HTTP header injection critical via response queue poisoning
- Chaos Computer Club hackt Video-Ident
- Windows Containers: Host Registry Virtual Registry Provider Bypass EoP - CVE-2021-26864
- HTB: StreamIO
- Issue 2128: Windows Containers: AppSilo Object Manager Root Directory EoP
- HTB: Scanned
- Solving the Unredacter Challenge
- Living-Off-the-Blindspot - Operating into EDRs’ blindspot
- INTEL : Lord of the Ring(s): Side Channel Attacks on theCPU On-Chip Ring Interconnect Are Practical
- Kali - 2021.3
- BumbleBee Roasts Its Way to Domain Admin
- Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
- Yanluowang ransomware group claims to have breached Cisco
- Skidaddle Skideldi - I just pwnd your PKI
- Taking Kerberos to the next Level - Blackhat USA 2022 - James Forshaw - Nick Landers
- Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
- Phreaking 2.0Abusing Microsoft Teams Direct Routing
- How I Hacked my Car
- Hijack Libs
- RBCD on SPN-less users
- Oh, Behave! Figuring Out User Behavior (Windows Activity)
- Process injection: breaking all macOS security layers with a single vulnerability
- Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
- You're M̶u̶t̶e̶d̶ Rooted - Zoom LPE unter macOS
- TCM DIscount - PMAT & PEH
- Cisco Nightmare. Pentesting Cisco networks like a devil.
- WordPress Core - Unauthenticated Blind SSRF
- Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)
- Metasploit Weekly Wrap-Up - BYOS: Bring your own stager
- CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
- New Attack Paths? AS Requested Service Tickets
- File URL Handler in Windows
- Sacrificing Suspended Processes
- The difference between signature-based and behavioural detections
- Relaying YubiKeys / PIVert Smartcards
- Microsoft Windows Shift F10 Bypass and Autopilot privilge escalation
- BHIS | Coercions and Relays – The First Cred is the Deepest with Gabriel Prud'homme | 1.5 Hours
- Jailbreak für John-Deere-Traktoren
- Save the Environment (Variable) - Windows DLL Highjacking
- AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
- Evil PLC Attack: Using a Controller as Predator Rather than Prey
- Hacking Zyxel IP cameras to gain a root shell
- Travis-CI - Leak of sensitive files
- monomorph - MD5 Hash Collision
- HTB: Retired
- Skype for Business Audit Part 2 - SKYPErimeterleak
- Introducing BloodHound 4.2 — The Azure Refactor
- BARK - BloodHound Attack Research Kit
- Microsoft Office 365 email encryption could expose message content
- PersistenceSniper
- The Unavoidable Pain Of Backups — Security Deep-Dive Into The Internals Of NetBackup
- Why the best kind of cybersecurity is Open Security
- PART 3: How I Met Your Beacon – Brute Ratel
- Regexploit: DoS-able Regular Expressions
- dotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been Easier
- Introducing the Azure Threat Research Matrix
- HTB: Perspective
- Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
- QNAP Poisoned XML Command Injection (Silently Patched)
- Exploits Explained: 5 Unusual Authentication Bypass Techniques
- Disposable Root Servers
- Toner Deaf – Printing your next persistence (Hexacon 2022)
- SharpEfsPotato
- Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
- LPE - Google Chrome / Edge Update Service - Windows 10 2009
- WAM BAM - Recovering Web Tokens From Office
- Relaying YubiKeys Part 2
- Dameware Mini: The Sleeper Hit of 2019?
- How Hash-Based Safe Browsing Works in Google Chrome
- unblob - Binwalk alternative
- CVE-2022-3368 - LPE Avira Security
- Controlling the Source: Abusing Source Code Management Systems
- Discovering Domains via a Timing Attack on Certificate Transparency
- Dancing on the architecture of VMware Workspace ONE Access (ENG)
- Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
- Dumping the Sonos One smart speaker
- Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments
- HTB: Overgraph
- Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark
- HardwareAllTheThings
- Killing AV with SysInternals
- Wireshark 4.0.0 Release Notes
- Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!
- You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications
- IBM Studie über Stress und Gesundheit für IR Mitarbeiter.
- Common Conditional Access Misconfigurations and Bypasses in Azure
- LPE - RHEL 8.1, 8.2, and 8.3
- Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
- Bypass Nummer 2 ..
- Securing Developer Tools: A New Supply Chain Attack on PHP
- HackTricks Cloud
- SystemInformer / ProcessHacker3
- Powershell Obfuskierung - YARA
- ZDI-CAN-18333 aka ProxyNotShell— the story of the claimed zero day in Microsoft Exchange
- ProxyNotShell
- horrifying-pdf-experiments
- Microsoft Patch Tuesday im April 2022 ist ernst zu nehmen!
- Code execution in Wireshark via non-http(s) schemes in URL fields
- Top 10 web hacking techniques of 2020
- WannaCry 2.0 incoming...
- HTB: Scrambled
- Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
- What I learnt from reading {COUNT}* {TOPIC} bug reports.
- When Athletic Abilities Just Aren't Enough - Scoreboard Hacking
- Kernel Driver Exploit: System Mechanic
- Virtual x86 - Run KolibriOS, Linux or Windows 98 in your browser.
- CVE-2022-2992 - Gitlab Remote Command Execution via Github import
- SSD Advisory – pfSense Post Auth RCE
- Burp Suite - solving E-mail and SMS TAN multi-factor authentication with Hackvertor custom tags
- Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
- Analyse: Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
- Dependency Confusion
legacy
- F5 hat Schwachstelle in BigIP, ermöglicht Übernahme der Geräte
- Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)
- Relaying PetitPotam/printerbug gegen LDAPS (Resource-based Constrained Delegation)
- Lapsus Timeline Sitel/SYKES breach
- Nexus Dashboard Fabric Controller (aka DCNM) again w/ unauth web-to-root chain
- BadSectorLabs.com
- Spring Framework
- Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All
- CVE-2022-27666: Exploit esp6 modules in Linux kernel
- ABC-Code Execution for Veeam | CVE-2022-26503 , CVE-2022-26504, CVE-2022-26500
- A Spectre proof-of-concept for a Spectre-proof web
- Excel XLSB vs XLSX file format. The Pros and Cons of XLSB Files
- LDAP relays for initial foothold in dire situations
- Pwn2Own Tokyo 2020: Defeating the TP-Link AC1750 - CVE-2021-27246.
- Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
- Leak: Immunity CANVAS 7.26
- D-Link DAP-2020 PreAuthRCE - CVE-2021-27249, CVE-2021-27250
- CVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi
- Windows DNS Server unauth RCE - SIGRed - CVE2020-1350
- Exchange RCE - CVE-2021-26855 - ProxyLogon
- Spectre exploits in the "wild"
- The most common on premises vulnerabilities & misconfigurations - CNs
- AV Evasion via SysWhispers2 and more
- PPLDump Revival
- The Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys
- HTB: Late
- Pokémon Shellcode Loader
- Efficient Infrastructure Testing
- Analysing LastPass, Part 1
- Userland Execution of Binaries Directly from Python
- Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
- Pwning ManageEngine — From Endpoint to Exploit
- D/Invoke & GadgetToJScript
- Subdomain Enumeration Tool Face-off 2022
- widespread malware attack on github
- Palo Alto Firewall / VPN RCE with default Key
- Know Your AD Vulnerability: CVE-2022-26923
- Evilginx, meet BITB
- McAfee Agent könnte als Schlupfloch für Schadcode dienen
- AtomPePacker : A Highly Capable Pe Packer
- Living off the land, AD CS style
- Bitbucket Server and Data Center Advisory 2022-08-24
- But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
- Seventh Inferno vulnerability (some NETGEAR smart switches)
- Linux Kernel Exploit (CVE-2022-32250) with mqueue
- Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
- Securing Developer Tools: Argument Injection in Visual Studio Code
- Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
- Bypassing AppLocker by abusing HashInfo
- FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
- Replicant: Reproducing a Fault Injection Attack on the Trezor One
- Continuous access evaluation - Azure
- PXEThief - Pulling Passwords out of Configuration Manager
- Evading Detection: A Beginner's Guide to Obfuscation
- Emotet malware is back and rebuilding its botnet via TrickBot
- CVE-2022-35742 - Outlook DoS
- DirtyCred
- HTB: OpenSource
- What can we learn from leaked Insyde's BIOS for Intel Alder Lake
- Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
- Detecting and preventing LSASS credential dumping attacks
- Comparing Semgrep and CodeQL
- Capturing Detection Ideas to Improve Their Impact
- Killing Microsoft Defender for Endpoint - via MsMpLics.dll
- Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style
- TP-Link TL-WR840N EU v5 Remote Code Execution
- FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug - CVE-2022-23090
- Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)
- Critical Samba bug could let anyone become Domain Admin – patch now!
- VulnerabilitiesDataImport
- Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
- Researching Open Source apps for XSS to RCE flaws
- Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
- ShadowSpray - AD Shadowcredentials AtTack
- The secrets of Schneider Electric’s UMAS protocol
- Fun with PowerShell – Executing commands with DNS requests
- Blacksmith - Rowhammer bit flip attack
- Chromium based Browser SSL/TLS Error Bypass
- Zyxel authentication bypass patch analysis (CVE-2022-0342)
- GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7 - CVE-2022-1162.
- Ransomware Gang Abused Microsoft Certificates to Sign Malware
- Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
- Escalating from Logic App Contributor to Root Owner in Azure
- Traitor - Linux LPE
- Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
- Branch History Injection - SpectreV2-BHI
- CVE-2022-22005 Microsoft Sharepoint RCE - authenticated
- chrome://net-export
- Put an io_uring on it: Exploiting the Linux Kernel - CVE-2021-41073
- TLStorm - Three critical vulnerabilities discovered in APC Smart-UPS devices
- Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
- Masterpiece Video about DRAM. Low level!
- vmware-authd-EoP
- The Dirty Pipe Vulnerability
- 2021 Year In Review - The DFIR Report
- CVE-2022-24990: TerraMaster TOS unauthenticated remote command execution via PHP Object Instantiation
- Abusing Kerberos Constrained Delegation without Protocol Transition
- AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
- Obfuscating Malicious, Macro-Enabled Word Docs
- Security wall of S7CommPlus - Part 1
- HTB: Hancliffe
- Escaping privileged containers for fun
- Raidforum beschlagnahmt
- LSASS dumping in 2021/2022 - from memory - without C2
- Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
- The Discovery and Exploitation of CVE-2022-25636
- Google & Apache Found Vulnerable to GitHub Environment Injection
- Security tools showcased at Black Hat USA 2021
- #Conti playbook in a (google) translated, safe pdf:
- HTB: Proper
- Déjà vu-lnerability
- MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
- Get root on macOS 13.0.1 with CVE-2022-46689 - macOS Dirty Cow bug
- I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
- How to Hack APIs in 2021
- Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273)
- Fontuscator - Text Obfuscation with custom Font
- CVE-2022-46908 - SQLite --safe context bypass
- PostDump - C# Implementierung von Nanodump
- A JOURNEY TO PWN AND OWN THE SONOS ONE SPEAKER
- Messing with slash-proc
- An ACE Up the Sleeve:Designing Active Directory DACL Backdoors
- HTB Business CTF Write-ups
- DEF CON 29: Vulnerability Exchange: One Domain Account for More Than Exchange Server RCE
- CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
- Evading Detection: A Beginner's Guide to Obfuscation
- DEF CON 29 - Jacob Baines - Bring Your Own Print Driver Vulnerability
- A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
- CVE-2022-28672 - Foxit PDF Reader - Use after Free - Remote Code Execution Exploit
- The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users
- Missing Bricks: Finding Security Holes in LEGO APIs
- NIST Retires SHA-1 Cryptographic Algorithm
- Spoofing Microsoft 365 Like It’s 1995
- StealthHook - A method for hooking a function without modifying memory protection
- CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
- Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)
- HTB: Devzat
- ACSESSED: Cross-tenant network bypass in Azure Cognitive Search
- Notice of Recent Security Incident - Lastpass
- Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
- SNMP… Strings Attached!
- Stealing Chrome cookies without a password
- Windows Privilege Escalation: Server Operator Group
- The Cyber Plumber's Handbook
- CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF
- Better Make Sure Your Password Manager Is Secure
- MSI Shenanigans. Part 1 – Offensive Capabilities Overview
- Okta says its GitHub account hacked, source code stolen
- 10 ways of gaining control over Azure function Apps
- Comparison of reverse image searching in popular search engines [OSINT hints]
- HTB: CrossFitTwo
- HTB: Epsilon
- Multiple vulnerabilities in FortiManager version 6.4.5
- OpenSSL - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
- CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability
- Exchange Server GetWacInfo Information Disclosure Vulnerability - CVE-2022-24463
- HTB: Ransom
- BITB - Browser templates for Browser In The Browser (BITB) attack
- Three Lessons From Threema: Analysis of a Secure Messenger
- CentOS 7 webpanel unauthenticated RCE - CVE-2022-44877
- The OWASSRF + TabShell exploit chain
- Fortinet music video "Firewall"
- Unauth RCE VEEAM - CVE-2022-26500 | CVE-2022-26501
- Decrypting Viscosity Passwords
- It’s Not You! Windows Security Logs Don’t Make Sense
- Maelstrom: Static OpSec Review
- A Detailed Guide on httpx
- Group3r - AD GPO Enumeration Tool
- ConPtyShell - Windows Reverse-Shell
- Circumventing Browser Security Mechanisms For SSRF
- Racing against the clock -- hitting a tiny kernel race window
- TCC ClickJacking
- Azure Dominance Paths - Attackmap
- Okta Service Hacked by Lapsus, Gained Superuser Access
- Initial Access - Right-To-Left Override [T1036.002]
- HTB: Stacked
- CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM
- Bypassing UAC in the most Complex Way Possible!
- SAM und SECURITY für normale Nutzer unter Windows 10 lesbar
- Active Directory Enumeration: PowerView
- Remote Potato - Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
- Azure AD Pass The Certificate - Lateral Movement in Azure
- SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718)
- Exploring Windows UAC Bypasses: Techniques and Detection Strategies
- Citrix Injection - DLL Injections via Ctx64Injector64
- TOOL: SharpRDP
- Tech-support-scams für infosec
- NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack
- Maelstrom: EDR Kernel Callbacks, Hooks, and Call Stacks
- Snaffler und Group3r inlineExecuteAssembly
- A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
- Shadow Credentials - AD
- Advanced-Process-Injection-Workshop by CyberWarFare Labs
- Chrome 0.5day - RCE
- Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
- GitLab <13.9.4 RCE via unsafe inline Kramdown options when rendering certain Wiki pages
- CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability
- Ubuntu OverlayFS - EoP
- HTTP/3 connection contamination: an upcoming threat?
- NAME:WRECK - IoT DNS Exploits
- From 0 to RCE: Cockpit CMS
- PulseSecure VPN RCE - Aktiv Angegriffen
- Finding Buried Treasure in Server Message Block (SMB)
- Named-Pipe-PTH - Lokale User impersonierung
- Lateral Movement – WebClient - Windows ADs
- Ubuntu Desktop Exploit - Pwn2Own 2021 Local Escalation of Privilege Category
- Process Ghosting - Windows
- persistence-info.github.io
- CVE-2021-42287/CVE-2021-42278 Weaponisation
- A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
- LOG4J2-3201 - Limit the protocols JNDI can use by default.
- Javascript RegEx bypass
- Relaying Kerberos only using native Windows
- Introducing BloodHound 4.1 — The Three Headed Hound
- 🔥Top 10 web hacking techniques of 2021🔥
- How Docker Made Me More Capable and the Host Less Secure - CVE-2021-41091
- Heap tricks never get old - Insomni'hack teaser 2022
- Object Overloading - Windows
- HOW TO HACK "THE MAINFRAME" ! (for real)
- QNAP removes backdoor account in NAS backup, disaster recovery app
- Microsoft Office Online Server Remote Code Execution
- Cyberchef
- Recognizing patterns in memory
- CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
- Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
- Introducing Decompiler Explorer
- Koh: The Token Stealer
- Retbleed: Arbitrary Speculative Code Execution with Return Instructions
- iscsicpl autoelevate DLL Search Order hijacking UAC Bypass 0day
- Fakesign Binaries to bypass AVs/EDR
- rundll32.exe keymgr.dll, KRShowKeyMgr - Read stored credentials
- A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
- I feel a draft. Opening the doors and windows - 0-click RCE on the Tesla Model3
- CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel
- Firejail: private-cwd leaks access to the entire filesystem #4780
- Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida
- Web App Pen Testing in an Angular Context
- Networking VMs for HTB
- SPN-jacking: An Edge Case in WriteSPN Abuse
- Workplace by Facebook | Unauthorized access to companies environment — $27,5k
- SiSyPHuS Win10: Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10
- Hacking the Furbo Dog Camera: Part I
- Anatomy of how you get pwned
- CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
- Detecting and annoying Burp users
- CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
- Introducing Pretender - Your New Sidekick for Relaying Attacks
- Ubuntu accountsservice CVE-2021-3939 (GHSL-2021-1011)
- Lansweeper lansweeper - Multiple Vulnerabilities
- Windows Server 2016 - EOL
- Issue 100: Platform certificates used to sign malware
- Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access
- Stalking inside of your Chromium Browser - Revisiting Remote Debugging
- Visual Studio Code: Remote Code Execution
- CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection
- Looting iOS App’s Cache.db
- Malware triage in 30 minutes or how to get infected when browsing google
- ChatGPT - OpenAI
- Openredirect www.google.com - Phishing
- Microsoft Defender for Identity Encrypted Password
- Web browsers drop mysterious company with ties to U.S. military contractor
- Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) - LPE Ubuntu
- FreeBSD-SA-22:15. Stack overflow in ping(8) - CVE-2022-23093
- Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 - CVE-2022-36431
- Car Hacking - SiriusXM Telemetry
- Outdated JavaScript engine leads to RCE in Foxit PDF Reader
- I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit
- Looting Microsoft Configuration Manager
- The art and science of modern hacking - Humblebundle
- Exactly what you’re looking for - Github Code Search allows RegEx
- A Confused Deputy Vulnerability in AWS AppSync
- macOS Sandbox Escape vulnerability via Terminal
- Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE-2021-38666)
- HTB: CarpeDiem
- SysmonEoP - CVE-2022-41120
- A phishing document signed by Microsoft – part 1
- SMTP Matching Abuse in Azure AD
- Android App Hacking Workshop
- Why is Exposing the Docker Socket a Really Bad Idea?
- Debugging Protected Processes
- Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
- Pre-Auth RCE with CodeQL in Under 20 Minutes
- Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway
- CertPotato – Using ADCS to privesc from virtual and network service accounts to local system
- Sniffing SSH Passwords
- Internet Explorer 0-day exploited by North Korean actor APT37
- Issue 2346: Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP - CVE-2022-41057
- Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
- Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)
- Azure temporary passwords - Eingeschränkter Zeichenraum
- HardeningKitty and Windows 10 Hardening
- Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
- Citrix SSON Credential Leak
- CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
- [ENG] Creating a loader PoC using various languages
- Scavenger: Misuse Error Handling Leading To QEMU/KVM Escape
- CVE-2020-28018: Exim Use-after-free (UAF) leading to RCE
- Shodan 201: Rummaging Around The Internet
- Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack
- PlumHound Reporting Engine for BloodHoundAD
- Cool vulns don't live long - Netgear and Pwn2Own
- Secret Backdoors Found in German-made Auerswald VoIP System
- CVE-2022-22536 - SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22536
- Dumping Plaintext RDP credentials from svchost.exe
- Azure AD Certificate-Based Authentication now in Public Preview
- NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
- Never, Ever, Ever Use Pixelation for Redacting Text
- Where's the Interpreter!? (CVE-2021-30853) - MacOS Security Bypass
- From Backup Operator To Domain Admin
- Issue 2319: Cisco Jabber: XMPP Stanza Smuggling with stream:stream tag - CVE-2022-20917
- Advisory: Western Digital My Cloud Pro Series PR4100 RCE
- Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
- Cache Poisoning at Scale
- Responder and IPv6 attacks
- Lsass Shtinkering
- Building A Virtual Machine inside ChatGPT
- Hijacking GitHub Repositories by Deleting and Restoring Them
- How to mimic Kerberos protocol transition using reflective RBCD
- Top 10 web hacking techniques of 2021 - nominations open
- Issue 2223: Zoom: Buffer overflow when processing chat messages
- Enumeration and lateral movement in GCP environments
- Turning bad SSRF to good SSRF: Websphere Portal
- Converting C# Tools to PowerShell
- A defender’s view inside a DarkSide ransomware attack
- Write Windows Shellcode in Rust
- Driver-Based Attacks: Past and Present - BYOVD - Windows
- OfflineSAM Modification - Offline Attack Windows (Fremdbooten)
- Eliminating Dangling Elastic IP Takeovers with Ghostbuster
- Dropping Files on a Domain Controller Using CVE-2021-43893
- SCCM passwords & #mimikatz
- CVE‑2021‑1079 – NVIDIA GeForce Experience Command Execution
- HTB: AdmirerToo
- Public penetration testing reports
- CVE-2021-21551 - Dell Command Update via DBUtil_2_3
- MS-FSRVP abuse (ShadowCoerce)
- Fixing the Unfixable: Story of a Google Cloud SSRF
- 🔥KrbRelay - Kerberos relaying C#🔥
- Another Log4j on the fire: Unifi
- HTB: LogForge
- The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
- PHP LFI with Nginx Assistance
- Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs
- Dirty Vanity - Shellcode Execution via Process Forks
- Arbitrary Code Execution via v8 Javascript Engine
- HTB: Outdated
- Responsible Red Teaming - Operate with Honor - Free Course
- Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
- Issue 1252074: Security: ChromeOS root command persistence
- Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
- From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
- Windows Command-Line Obfuscation
- RemotePotato0
- HTB: Armageddon
- SuperSneakyExec - C# Shellcode Runner without PInvoke
- Diving into pre-created computer accounts
- SQL Injection in Wordpress core (CVE-2022–21661)
- The Mac Malware of 2021 👾
- Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
- EDR Parallel-asis through Analysis
- Insecure Comments - MS Office
- CVE-2021-20038 - SonicWall VPN RCE
- Microsoft Cybersecurity Reference Architectures
- HTB: EarlyAccess
- Microsoft is making it harder to steal Windows passwords from memory
- AD PKI #ESC8 in Kombination mit PetitPotam
- Exploited Windows zero-day lets JavaScript files bypass security warnings
- CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable
- Using OpenAI Chat to Generate Phishing Campaigns
- ReverseRDP_RCE - Windows RDP RCE auf Client
- Cisco Prime 3.9.1 - RCE
- Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)
- Steal Credentials & Bypass 2FA Using noVNC
- nrich - Shodan API Tool (Portscan)
- Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!
- HTB: Bolt
- ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images. - CVE-2021-22204
- The Curious Case of the Password Database - ManageEngine’s Password Manager Pro
- PNG Parser Differential - Apple <-> NonApple
- the XSS Rat - Course Material
- HTB: Attended
- Assessing Standalone Managed Service Accounts
- Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
- Precious Gemstones: The New Generation of Kerberos Attacks
- Yes, fun browser extensions can have vulnerabilities too!
- Blackswan Technical Writeup (PDF) - Windows LPE
- Want to try to decode SCCM passwords in SC_UserAccount table with #mimikatz ?
- A physical graffiti of LSASS: getting credentials from physical memory for fun and learning
- Honeysploit: Exploiting the Exploiters
- letme.go – A minimalistic Meterpreter stager written in Go
- Rogue Assembly Hunter
- HTB: Static
- RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
- AD CS
- VMWare Horizon anfällig für log4shell
- Statistik über Ransomware Ergebnisse
- INFRA:HALT
- Microsoft verbessert Schutz gegen Makros ab April
- ASR schützt LSASS Prozess gegen auslesen
- Follina — a Microsoft Office code execution vulnerability
- Windows 11 enthält kein WMIC mehr
- Stealing a few more GitHub Actions secrets
- Remote Code Execution in pfSense <= 2.5.2
- Rubeus 2.0
- Identifying Bugs in Router Firmware at Scale with Taint Analysis
- Variant analysis of the ‘Sequoia’ bug
- A pinch of XLL and a splash of rust has the potential to be a sharp combination
- AD CS – The Basics
- From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator
- Blackhat: Diving in to spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer.
- CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
- Blackhat: Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
- DEFCON : Response Smuggling: Pwning HTTP/1.1 Connections
- Blackhat: HTTP/2: The Sequel is Always Worse
- SameSite: Hax – Exploiting CSRF With The Default SameSite Policy
- 🔥Relaying Kerberos over DNS using krbrelayx and mitm6🔥
- Find You: Building a stealth AirTag clone
- Horde Webmail 5.2.22 - Account Takeover via Email
- The Ultimate Guide to Phishing
- Universal Privilege Escalation and Persistence – Printer
- The path to code execution in the era of EDR, Next-Gen AVs, and AMSI
- Graphischer UAC Bypass - msconfig
- From Stolen Laptop to Inside the Company Network
- Welcome to Bug Hunter University
- AWS ECR Public Vulnerability
- FindUncommonShares - AD SMB enumeration
- Linux kernel Use-After-Free (CVE-2021-23134) PoC.
- Microsoft Wont-Fix-List
- If anybody is bored - can you recreate #HiveNightmare in a 240 or less character PowerShell tweet?
- Fantastic Windows Logon types and Where to Find Credentials in Them
- Decrypting SMB3 Traffic with just a PCAP? Absolutely (maybe.)
- NTLM relaying to AD CS - On certificates, printers and a little hippo
- Blind exploits to rule WatchGuard firewalls
- New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
- macOS Red Teaming: Get Active Directory credentials from NoMAD
- Build your own WiFi Pineapple Tetra for $7!
- Kernel Pwning with eBPF: a Love Story
- Issue 2186: Exchange: AD Schema Misconfiguration Elevation of Privilege
- #printnightmare 4.x
- Issue 2228: Windows: EFSRPC Arbitrary File Upload EoP
- Windows cmd.exe - Ausführen von Dateien
- CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO
- CVE-2021-1499 - Cisco HyperFlex HX Data Platform RCE
- Issue 2254: Zoom: Remote Code Execution with XMPP Stanza Smuggling
- NAT Slipstreaming v2.0
- Moodle 2nd Order Sqli
- How to Analyze Malicious Microsoft Office Files
- Bluffy the AV Slayer - Convert shellcode into different formats.
- LAPSUS$ <-> NVIDA
- Triaging A Malicious Docker Container
- ContiLeaks
- SEKTOR7 Kurs-Rabatt
- JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library
- Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
- HTB: Object
- SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
- Rogue RDP – Revisiting Initial Access Methods
- Re-ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using.. Google.. Again
- Intro to Embedded RE Part 1: Tools and Series Overview
- Running Cobalt Strike BOFs from Python
- Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
- sheepl
- EFS RPC
- Fuzzing Windows RPC with RpcView
- HTB: TheNotebook
- Bypassing Windows 10 UAC with mock folders and DLL hijacking
- Hunt for the gMSA secrets - WIndows AD
- Microsoft Intune - Bypassing conditional access by faking device compliance.
- malware_training_vol1
- SAML XML Injection
- Fingerprint cloning: Myth or reality?
- Attack Surface Analysis - Part 2 - Custom Protocol Handlers
- HTB: Meta
- How I Met Your Beacon - x33fcon - Domchell
- Anti-Malware - Rewind - Panik Button bei Virusinfektionen
- Gitlab Project Import RCE Analysis (CVE-2022-2185)
- CVE-2021-22986 f5 big ip unauth rce
- Incident Response in AWS
- EoP - Windows mit Intune via Bitlocker Recovery Key
- LPE Windows 10 - CVE-2021-1732
- Trojan Source: Invisible Vulnerabilities
- CVE-2021-22205 - Gitlab RCE
- From Zero to Domain Admin - DFIR Report
- HTB: Explore
- MalAPI.io - Sammlung an Windows APIs die Malware benutzt
- CyberArk Endpoint Manager Local Privilege Escalation CVE-2021–44049.
- Phishing for AWS credentials via AWS SSO device code authentication
- SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
- Part 1 – SingPass RASP Analysis
- Abusing Google Drive's Email File Functionality
- Windows LPE - Windows 10 1909 to 20H2 and Server Core 2004/20H2 (CVE-2021-33739)
- ProtectMyTooling – Don’t detect tools, detect techniques
- CVE-2022-21970 - HTML Smuggeling Edge / Chrome
- Zooming in on Zero-click Exploits
- Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
- Local Privilege Escalation in all Windows Versions
- Dotnet’s default AES mode is vulnerable to padding oracle attacks
- HTB: Enterprise
- Microsoft resumes default blocking of Office macros after updating docs
- CVE-2022-1040 Sophos XG Firewall Authentication bypass
- Bypassing Image Load Kernel Callbacks
- Stranger Strings: An exploitable flaw in SQLite
- GrabAccess - Konboot Klon
- Certified Pre-OwnedAbusing Active Directory Certificate Services
- Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
- Make JDBC Attack Brilliant Again
- Gitlab: Clipboard DOM-based XSS.
- critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)
- Kerberos Relaying
- Breaking electron-store's encryption
- Harvesting Active Directory credentials via HTTP Request Smuggling
- BSI Phishing-Spiel
- ChaosDB: How we hacked thousands of Azure customers’ databases
- DD-WRT UPnP Buffer Overflow
- H2C Smuggling in the Wild
- TPM sniffing
- LinkSys EA6100 AC1200
- PDF als Transporter für Schadcode
- CVE-2021-42321 - Exchange RCE
- Windows installer LPE 0day
- Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology
- Terminal Server PRIV.ESC via RemotePotat0
- Is exploiting a null pointer deref for LPE just a pipe dream? - WIndows LPE
- Zero-Day Exploitation of Atlassian Confluence - CVE-2022-26134.
- Security issues related to the npm registry
- Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
- Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days
- AutoPoC - Validating the Lack of Validation in PoCs
- MS Defender Bypass durch umbenennen von procdump.exe
- Drupal insecure default leads to password reset poisoning
- SANS - Cheatsheets
- Nagios XI < 5.7.5 - 13 Nagios Vulnerabilities
- The trouble with Microsoft’s Troubleshooters
- Feral Terror - RCE in Netgear Switches
- 2021.1 IPU - Intel® VT-d Advisory
- Windows Drivers Reverse Engineering Methodology
- CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
- Persistent access to Burp’s Collaborator Session
- pay-what-you-can (min $5) on the following courses: External Pentest Playbook Windows PrivEsc Linux PrivEsc
- Creating Fully Undetectable Payload (FUD) with C
- GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
- Autodial(DLL)ing Your Way - Lateral Movement Windows
- The github.dev web-based editor
- Teil2: Managed Identity Attack Paths, Part 2: Logic Apps
- SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
- Responder DHCP in Version 3.0.7.0
- Zoom RCE from Pwn2Own 2021
- Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn
- Visual Studio Code Jupyter Notebook RCE
- Snakes on a Domain: An Analysis of a Python Malware Loader
- The dying knight in the shiny armour
- RC4 Is Still Considered Harmful
- AAD & M365 kill chain
- php-fpm-local-root - LPE
- CVE-2022-30781 Gitea RCE über die Migrate Funktion
- Linux sudo Heap Overflow < 1.9.5p1
- Attacking Azure & Azure AD, Part II
- Convert ldapdomaindump to Bloodhound
- HTB: Spooktrol
- All Access Pass: Five Trends with Initial Access Brokers
- SharpSystemTriggers - Cross User DCOM Authentication Trigger
- Schwachstelle in Citrix ADM
- DFSCoerce - NetNTLM Coerced Auth
- Lockbit Ransomware group - Samples
- Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
- Decrypting VEEAM Passwords
- CdpSvcLPE - WIndows LPE - Writeable SYSTEM path Dll Hijacking)
- XSS in the AWS Console
- Car hijacking swapping a single bit - Hardware SPI
- Discovering Zero-Day Vulnerabilities in McAfee Products (CVE-2021-31838)
- Responder's DHCP Poisoner
- Don't Ruck Us Too Hard - Owning Ruckus AP devices
- Abusing the Exchange Postmaster to Expose Email Spam & Malware Filters
- Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
- Your Microsoft Teams chats aren’t as private as you think..
- 9 OSINT Tools For Your Reconnaissance Needs
- Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
- Repurposing Real TTPs for use on Red Team Engagements
- SynLapse – Technical Details for Critical Azure Synapse Vulnerability
- Hertzbleed Attack
- Nextcloud - Attacker can obtain write access to any federated share/public link (CVE-2021-32654 & CVE-2021-32655)
- Cracking WiFi at Scale with One Simple Trick
- Pwn2Own Vancouver 2021 :: Microsoft Exchange Server Remote Code Execution
- HotPics 2021 - RCE via GhostScript
- %appdata% is a mistake – Introducing Invoke-DLLClone
- AWS WAF's Dangerous Defaults
- Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete?
- CVE-2022-21371 - Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
- Pwning 3CX Phone Management Backends from the Internet
- Solarwinds Web Help Desk: When the Helpdesk is too Helpful
- Recovering Randomly Generated Passwords
- 🔥pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)🔥
- Resource based constrained Delegation (RBCD) WebClient attack
- SharpProxyLogon
- This man thought opening a TXT file is fine, he thought wrong. macOS CVE-2019-8761
- The Power of SeImpersonation
- Man in the Terminal - Logger für Linux / Pathhijacking
- Breaking GitHub Private Pages for $35k
- RDCMan v2.8
- Evasive Phishing Techniques Threat Actors Use to Circumvent Defense Mechanisms
- Miracle - One Vulnerability To Rule Them All
- Retrieving AWS security credentials from the AWS console
- Attacking With WebView2 Applications
- No Passwords More Problems
- Anatomy and Disruption of Metasploit Shellcode
- Introducing iHide – A New Jailbreak Detection Bypass Tool
- ZDI-21-1053: Bypassing Windows Lock Screen
- Popular 'coa' NPM library hijacked to steal user passwords
- How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
- Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
- Automatically extracting static antivirus signatures
- Binary File Write via Microsoft Speech API
- Mitmproxy 9
- Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
- GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
- Safari is hot-linking images to semi-random websites
- Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
- Nighthawk 0.2.1 – Haunting Blue
- Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
- X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL 3.0.0 - 3.0.6
- Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
- Hacking Swagger-UI - from XSS to account takeovers
- Finding DOM Polyglot XSS in PayPal the Easy Way
- How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506]
- An EPYC escape: Case-study of a KVM breakout - CVE-2021-29657
- RCE 0-day that afftceted to GhostScript-9.50
- HTB: Unobtainium
- From RpcView to PetitPotam (Windows)
- RestrictedAdmin
- unauth RCE Western Digital PR4100 NAS - Your vulnerability is in another OEM!
- BleedingTooth - Linux Blueetooth Stack (BadVibes, BadKarma and BadChoice)
- Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter
- Analysis of CVE-2022-30136 “Windows Network File System Vulnerability“
- How I Got Pwned by My Cloud Costs
- Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
- Apache Tapestry - CVE-2021-27850 Exploit
- A supply-chainbreach: Taking over an Atlassian account
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- 🔥Trust me. PowerShell is not going to be the same again once you do this.🔥
- ProxyToken: An Authentication Bypass in Microsoft Exchange Server - CVE-2021-33766
- The Phantom Credentials of SCCM: Why the NAA Won’t Die
- Double PetitPotam - unauthenticated #petitpotam everywhere (not only for DCs)!
- Understanding Zigbee and Wireless Mesh Networking
- Phishing for NetNTLM Hashes
- Fuzzing RDP: Holding the Stick at Both Ends
- Blinding EDR On Windows
- PHP NULL Byte
- Backdooring Rust crates for fun and profit
- New Critical Vulnerabilities Found on Nucleus TCP/IP Stack
- Pentest tale - Dumping cleartext credentials from antivirus
- Rapidly Search and Hunt through Windows Event Logs
- Escalating XSS to Sainthood with Nagios - Nagios <
- Spoofing Calendar Invites Using .ics Files
- HTB: Nunchucks
- Riding the InfoRail to Exploit Ivanti Avalanche
- No Logs? No Problem! Incident Response without Windows Event Logs
- How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It
- XSS Phishing Payload - Snippet
- HTB: Union
- Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover
- WarCon 2022 – Modern Initial Access and Evasion Tactics
- Phishing Course
- Notepad++ Plugins for Persistence
- HTB: Anubis
- This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them
- Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
- BitLocker touch-device lockscreen bypass
- urlscan.io's SOAR spot: Chatty security tools leaking private data
- LOLBINed — Using Kaspersky Endpoint Security “KES” Installer to Execute Arbitrary Commands
- Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
- Gregor Samsa: Exploiting Java's XML Signature Verification - CVE-2022-34169 CVSS: 7.5
- HTB: Tentacle
- HTB: Gobox
- Pwn2Own’ing the TP-Link Archer A7 - CVE-2021-27246
- Automated 0-day discovery in 2021: Squashing the low-hanging fruit in widespread embedded software
- HTB: Moderators
- Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
- SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE
- Bypassing Signature-Based AV
- Pass the Cloud with a Cookie
- Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
- CVE-2021-26084 Remote Code Execution on Confluence Servers
- Windows - Infoleak (CVE-2021-24084)
- Phishing Users to Take a Test
- Hacking the Apple Webcam (again)
- BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
- CVE-2022-27666: Exploit esp6 modules in Linux kernel
- Sitecore Experience Platform Pre-Auth RCE
- RipZip
- HTB: Atom
- Adding a native sniffer to your implants: decomposing and recomposing PktMon
- CONTInuing the Bazar Ransomware Story
- TokenTactics
- HTML Maldoc Remote Macro Injection
- UDP Technology IP Camera vulnerabilities
- Google Chrome 0day/1day
- Rawsec's CyberSecurity Inventory
- Decompile Microsoft ASR Scripts
- Passwordspraying gegen Azure - aad-sso-enum-brute-spray
- Facebook email disclosure and account takeover
- PHP 7.0-8.0 disable_functions bypass [user_filter]
- Abusing Weak ACL on Certificate Templates.
- Finden von Windows Registry Hives in virtuellen Festplatten - Needle
- A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows
- DeepSurface Security Advisory: LPE in Firefox on Windows
- HTB: Monitors
- Backdoor .NET assemblies with… dnSpy 🤔
- Phishing Email Database: Real Phishing Examples & Threats
- Windows - PowerShell Jobs
- LSASS Procdump
- Malicious Python Script Behaving Like a Rubber Ducky
- Azure AD introduction for red teamers
- Tianfu Cup - Exploit Conference
- Reverse engineering and decrypting CyberArk vault credential files
- Part-1&2 Dive into Zoom Applications
- Resetting Expired Passwords Remotely
- How the Kaseya VSA Zero Day Exploit Worked
- Bypass Bitlocker Preboot Authentication mit physischem Zugriff auf das Gerät
- SharpImpersonation Release
- Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings
- Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492)
- [CVE-2022-34918] A crack in the Linux firewall
- CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
- SysWhispers is dead, long live SysWhispers!
- Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
- Unrar Path Traversal Vulnerability affects Zimbra Mail
- CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
- FabricScape: Escaping Service Fabric and Taking Over the Cluster
- Beefproject - Beef
- ‘Demon’s Cries’ authentication bypass patched in Netgear switches
- Restoring (Recovering) PowerShell Scripts from Event Logs
- CVE-2021-22555: Turning into 10000$
- Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
- Bypassing Windows Hello Without Masks or Plastic Surgery
- CVE-2022-44142 - New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root
- HackTheBox: APT (Insane)
- Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
- PRINTING SHELLZ : HP Printer RCE für 150 Modelle
- URL Shorteners
- Password spraying and MFA bypasses in the modern security landscape
- Obsidian, Taming a Collective Consciousness
- OpenBMC: remote code execution in netipmid - IPMI
- SharpLink - C# Port der symboliclink-testing-tools von James Forshaw
- Revisiting a Credential Guard Bypass - Windows
- ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3
- Lateral Movement with Managed Identities of Azure Virtual Machines
- Attacking Active Directory: 0 to 0.9
- DIVD-2021-00011 - Kaseya VSA Limited Disclosure
- Filesec.io
- Bypassing Azure AD home tenant MFA and CA
- Certificates and Pwnage and Patches, Oh My!
- Do You Really Know About LSA Protection (RunAsPPL)?
- Kubesploit - C2 Kubernetes Framework
- alert() is dead, long live print()
- AV Evasion Part 3: Fibers
- #Pwn2Own - RCE in Zoom (0click)
- OffensiveAutoIt
- The Pen Testing Tools We’re Thankful for in 2021
- GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
- All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
- Exploiting CVE-2021-43267 - Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution
- PGSharp: Analysis of a Cheating App for PokemonGO
- HTB: PivotAPI
- Alert changes to sensitive AD groups using MDI
- F-Secure: Attack Detection Fundamentals 2021: Windows
- CVE: CVE-2022-26911 - Skype4Business authenticated arbitrary Fileread
- KeepassXC Read Password from Memory
- Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
- CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability
- Weaponizing and Abusing Hidden FunctionalitiesContained in Office Document Properties
- Webdriver Bugs
- Graphical Lures In The Age of Cybercrime.
- The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
- Using CVE-2021-40531 for RCE with Sketch - macOS
- Dumping and extracting the SpaceX Starlink User Terminal firmware
- KeeFarce Reborn - Keepass Export PWs
- Coercing NTLM Authentication from SCCM
- A tale of EDR bypass methods
- An Introduction to Fault Injection (Part 1/3)
- ProxyNotRelay - An Exchange Vulnerability Encore
- Accidental $70k Google Pixel Lock Screen Bypass - CVE-2022-20465
- xterm before patch 375 can enable an RCE under certain conditions - CVE-2022-45063
- AMSI-ETW-Patch - 1 Byte Memory patch
- LaZagne - Credentials recovery project
- Suborner: A Windows Bribery for Invisible Persistence
- A possibly overlooked GELSEMIUM artefact
- AMSI Unchained
- Social Engineering Your Way Into The Network
- Critical Vulnerabilities Discovered in Popular Automotive GPS Tracking Device (MiCODUS MV720)
- DEEPL - Prozess Dumper
- PrivacyTests.org - Übersicht der Anti-Tracking Features der Browser
- Pwn2Own -> Xxe2Rce - RCE in Rockwell Studio 5000 Logix Designer
- Kerberoast with OpSec
- How iOS Malware Can Spy on Users Silently
- Windows Quiz: Medium IL to High IL
- Master of Puppets Part II – How to tamper the EDR?
- Windows Relaying - I’m bringing relaying back: A comprehensive guide on relaying anno 2022
- Critical Flaws Discovered in Cisco Small Business RV Series Routers
- HTB: Pressed
- S4fuckMe2selfAndUAndU2proxy - A low dive into Kerberos delegations
- Solving DOM XSS Puzzles
- Sandboxing Antimalware Products for Fun and Profit
- Bloodhound "Spotlight"
- QNAP Pre-Auth CGI_Find_Parameter RCE
- executing an http stream as an .exe
- Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
- Go away BitLocker, you´re drunk
- HTB: Intelligence
- Popping iOS <=14.7 with IOMFB
- HOWTO: Microsoft Teams Proxy DLL Hijacking(Tutorial)
- GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI
- Facebook account takeover due to a wide platform bug in ajaxpipe responses
- CookieMonster - Tool
- The Invisible JavaScript Backdoor
- Thick Client Penetration Testing Methodology
- Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog
- This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others
- Windows 11 LPE
- Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
- Reset Passwords
- Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
- GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink
- Kaspersky Password Manager: All your passwords are belong to us
- Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
- Introducing ROADtools Token eXchange (roadtx) - Automating Azure AD authentication, Primary Refresh Token (ab)use and device registration
- Php-Internalog, Introspection Applied to 0day Research
- Lessons Learned from Cloning Windows Binaries and Code Signing Implants
- Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses
- BREAKING & ENTERING
- Linux Kernel Teaching
- Relaying to AD Certificate Services over RPC - ESC11
- Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
- A not-so-common and stupid privilege escalation
- UNORTHODOX LATERAL MOVEMENT:
- Account hijacking using "dirty dancing" in sign-in OAuth-flows
- Unicode Right-To-Left Override
- MSDT DLL Hijack UAC bypass
- Rooting Gryphon Routers via Shared VPN
- CVE-2022-21882 - LPE Windows
- Software Defined Radio, Part 6: Building a Cellphone IMSI Catcher (Stingray)
- [ENG] UUID Shellcode Execution Implementation in C# and DInvoke
- It’s all in the details: The curious case of an lsass dumper gone undetected
- Stealing passwords from infosec Mastodon - without bypassing CSP
- BloodHound Inner Workings & Limitations
- 50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)
- OffensiveVBA
- Using Kerberos for Authentication Relay Attacks
- Hacking Unifi Controller Passwords for Fun and WIFI
- WinRAR’s vulnerable trialware: when free software isn’t free
- SSD Advisory – Cisco "Secure" Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege
- Virtual Disks (VHD(x), ISO) erhalten MOTW
- BumbleBee Zeros in on Meterpreter
- Amazon once again lost control (for 3 hours) over the IP pool in a BGP Hijacking attack
- Ich habe deutsche Kommunen auf Schwachstellen überprüft
- Code execution as root via AT commands on the Quectel EG25-G modem
- reverse_ssh
- MS Defender Bypass comsvcs - mal wieder
- USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
- Phishing with Google Calendar
- A Symmetric Cipher Ransomware … YES!
- Grafana v8.x Arbitrary File Read - 0day
- Reflective Code Loading in Linux — A New Defense Evasion Technique in MITRE ATT&CK v10
- Windows 10 RCE: The exploit is in the link
- CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
- Android Rubberducky
- Introduction to Parent-Child Process Evasion
- HTB: Hathor
- Exploiting System Mechanic Driver
- Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
- Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette"
- Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
- Microsoft Internet Explorer 11 (protected mode off) & Adobe Acrobat Reader DC ActiveX
- From NtObjectManager to PetitPotam
- The past 10 years of Automotive Vulnerabilities
- A Diamond in the Ruff - Kerberos Diamond Tickets
- Possible RCE in OpenSSL 3.0.4
- HTB - Spider
- When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
- Game Of Active Directory v2 - GOAD v2 is out !
- WriteUp Webexploits
- The Art of Bypassing Kerberoast Detections with Orpheus
- Fuzzing and PR’ing: How We Found Bugs in a Popular Third-Party EtherNet/IP Protocol Stack
- SOCKS5 via RDP Dynamic Virtual Channel
- Exploiting Flipper Zero’s NFC file loader
- Nagios XI < 5.7.5 authenticated RCE
- Allow arbitrary URLs, expect arbitrary code execution
- Fetch Defender exclusions from Intune managed devices as non-admin user:
- Phishing With Google's Domain
- CVE-2021-25646 - Apache Druid < 20.1 authenticated RCE
- GoodHound - Bloodhound Enumeration Tool
- Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
- The Challenges of Fuzzing 5G Protocols
- Wordliste - weakpass_3a
- Azure Privilege Escalation via Service Principal Abuse
- AnyDesk Escalation of Privilege (CVE-2021-40854)
- Shellcode loader ScareCrow V3
- Windows - EDRHunt
- They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
- PrinterNightmate #4.x
- Exploit for CVE-2021-40449 (Win32k - LPE)
- CVE-2022–43781 - ATLASSIAN BitBucket RCE (Vietnamesisch)
- Exploit Development: Swimming In The (Kernel) Pool - Leveraging Pool Vulnerabilities From Low-Integrity Exploits, Part 1&2
- HTB: Breadcrumbs
- This shouldn't have happened: A vulnerability postmortem
- Azure Privilege Escalation via Azure API Permissions Abuse
- Former Ubiquiti employee charged with hacking and extorting company
- Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon
- VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability
- Google Project Zero pubished four Browser RCE 0day POC
- Printnightmare - Episode 3
- Rediscovering Epic Games 0-Days (Forever Unpatched?)
- Always Free Server Oracle Cloud
- Remote code execution in cdnjs of Cloudflare
- Microsoft Windows internals - Developer Notes
- 9 Post-Exploitation Tools for Your Next Penetration Test
- Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040
- Azure AD Kerberos authentication (Preview)
- A dive into Microsoft Defender for Identity
- Nighthawk Sample removed from VirusTotal because of Copyright
- Disrupting a PyPI Software Supply Chain Threat Actor
- Mind the Gap
- Recreating an ISO Payload for Fun and No Profit
- Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
- HTB: RouterSpace
- Coercer - Tool für erzwungene Anmeldungen von Maschinen Konten
- Honda bug lets a hacker unlock and start your car via replay attack
- Microsoft rolls back decision to block Office macros by default
- Protecting Windows Credentials against Network Attacks
- Defender Bypass - Dump LSASS comsvcs.dll
- [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
- Abusing forgotten permissions on computer objects in Active Directory
- Office Makros bleiben erhalten
- CME - Hashspider
- HTB: Pikaboo
- Subdomain Enumeration Guide 2021 📖
- RCE in NPM VSCode Extention - CVE2021-26700
- Github Exploits
- PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
- RCE für Windows via TTF CVE-2021-24093 Fixed-2021-Feb-9
- An Exploration of JSON Interoperability Vulnerabilities
- CVE-2020-8625: A Fifteen-Year-Old RCE Bug Returns in ISC BIND Server
- ESXI - VMware unauth RCE CVE-2021-21972
- Farming for Red Teams: Harvesting NetNTLM
- Windows User Profile Service 0day LPE - Windows 11
- CISCO anyconnect EoP - CVE-2021-1366
- CVE-2020-28243 SaltStack Minion Local Privilege Escalation
- Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
- Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
- Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
- Microsoft 365 OAuth Device Code Flow and Phishing
- Discovering Domains via a Timing Attack on Certificate Transparency
- Making HTTP header injection critical via response queue poisoning
- Chaos Computer Club hackt Video-Ident
- BumbleBee Roasts Its Way to Domain Admin
- Yanluowang ransomware group claims to have breached Cisco
- Yanluowang ransomware group claims to have breached Cisco
- 1Password Secret Retrieval — Methodology and Implementation
- Yanluowang ransomware group claims to have breached Cisco
- Yanluowang ransomware group claims to have breached Cisco
- Yanluowang ransomware group claims to have breached Cisco
- Skidaddle Skideldi - I just pwnd your PKI
- You're M̶u̶t̶e̶d̶ Rooted - Zoom LPE unter macOS
- Solving the Unredacter Challenge
- CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
- CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
- New Attack Paths? AS Requested Service Tickets
- The Unavoidable Pain Of Backups — Security Deep-Dive Into The Internals Of NetBackup
- Windows - First Installation Animation
- PersistenceSniper
- HTB: Perspective
- QNAP Poisoned XML Command Injection (Silently Patched)
- Toner Deaf – Printing your next persistence (Hexacon 2022)
- Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
- Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
- WAM BAM - Recovering Web Tokens From Office
- Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
- Kernel Driver Exploit: System Mechanic
- Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark
- Introducing the Windows 10 SMB Shadow Attack: Direct SMB Session Takeover
- Killing AV with SysInternals
- Bypass #2 ..
- Powershell Obfuskierung - YARA
- Powershell Obfuskierung - YARA
- horrifying-pdf-experiments
- Exchange RCE - CVE-2021-26855
- horrifying-pdf-experiments
- Giving JuicyPotato a second chance: JuicyPotatoNG
- Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
- Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
- HTB: Developer
- 1001 ways to PWN prod - A tale of 60 RCE in 60 minutes
- SSD Advisory – pfSense Post Auth RCE
- Aktueller Patch Tuesday ist ernst zu nehmen!
- BadSectorLabs.com
- Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
- Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
- Windows DNS Server RCE - SIGRed - CVE2020-1350
- AV Evasion via SysWhispers2 and more
- Pokémon Shellcode Loader
- Pokémon Shellcode Loader
- Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
- RCE in Adobe Acrobat Reader for android(CVE-2021-40724)
- Palo Alto Firewall / VPN RCE with default Key
- But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
- But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
- Securing Developer Tools: Argument Injection in Visual Studio Code
- Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
- FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
- FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
- FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
- DirtyCred
- What can we learn from leaked Insyde's BIOS for Intel Alder Lake
- Windows Security Updates for Hackers
- PXEThief - Pulling Passwords out of Configuration Manager
- Detecting and preventing LSASS credential dumping attacks
- Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
- ShadowSpray - AD Shadowcredentials AtTack
- Spring Framework
- Spring Framework
- Fun with PowerShell – Executing commands with DNS requests
- Chromium based Browser SSL/TLS Error Bypass
- Chromium based Browser SSL/TLS Error Bypass
- Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
- Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
- Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
- Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
- Branch History Injection - SpectreV2-BHI
- Masterpiece Video about DRAM. Low level!
- Masterpiece Video about DRAM. Low level!
- The Dirty Pipe Vulnerability
- The Dirty Pipe Vulnerability
- The Dirty Pipe Vulnerability¶
- vmware-authd-EoP
- AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
- ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
- If anybody is bored - can you recreate #HiveNightmare in a 240 or less character PowerShell tweet?
- The Discovery and Exploitation of CVE-2022-25636
- CVE-2022-46908 - SQLite --safe context bypass
- Security tools showcased at Black Hat USA 2021
- CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
- A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
- SNMP… Strings Attached!
- Stealing Chrome cookies without a password
- OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
- OpenSSL - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
- The Kerberos Key List Attack: The return of the Read Only Domain Controllers
- BITB - Browser templates for Browser In The Browser (BITB) attack
- Fortinet music video "Firewall"
- Unauth RCE VEEAM - CVE-2022-26500 | CVE-2022-26501
- Group3r - AD GPO Enumeration Tool
- Remote Potato - Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
- Snaffler und Group3r inlineExecuteAssembly
- Chrome 0.5day - RCE
- Chrome 0.5day - RCE
- MySQL Windows EoP
- Introducing BloodHound 4.1 — The Three Headed Hound
- HTB: Shibboleth
- Introducing BloodHound 4.1 — The Three Headed Hound
- How Docker Made Me More Capable and the Host Less Secure - CVE-2021-41091
- CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
- Retbleed: Arbitrary Speculative Code Execution with Return Instructions
- Issue 100: Platform certificates used to sign malware
- Openredirect www.google.com - Phsihing
- Openredirect www.google.com - Phsihing
- Openredirect www.google.com - Phsihing
- Openredirect www.google.com - Phsihing
- HTB: 0xdf revisits
- FreeBSD-SA-22:15. Stack overflow in ping(8) - CVE-2022-23093
- Openredirect www.google.com - Phsihing
- ChatGPT - OpenAI
- Windows Server 2016 - EOL
- Internet Explorer 0-day exploited by North Korean actor APT37
- Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
- Citrix SSON Credential Leak
- CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
- CVE-2020-28018: Exim Use-after-free (UAF) leading to RCE
- Secret Backdoors Found in German-made Auerswald VoIP System
- Cloudflare Pages, part 1: The fellowship of the secret
- Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
- Dumping Plaintext RDP credentials from svchost.exe
- Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
- Azure AD Certificate-Based Authentication now in Public Preview
- Advisory: Western Digital My Cloud Pro Series PR4100 RCE
- Lsass Shtinkering
- 🔥KrbRelay - Kerberos relaying C#🔥
- KrbRelay - Kerberos relaying C#
- KrbRelay - Kerberos relaying C#
- CVE-2021-21551 - Dell Command Update via DBUtil_2_3
- CVE-2021-3929-3947 - QEMU VM Escape
- CVE-2021-21551 - Dell Command Update via DBUtil_2_3
- MS-FSRVP abuse (ShadowCoerce)
- Fixing the Unfixable: Story of a Google Cloud SSRF
- PHP LFI with Nginx Assistance
- Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
- RemotePotato0
- RemotePotato0
- RemotePotato0
- Insecure Comments - MS Office
- Insecure Comments - MS Office
- Unmanaged Code Execution with .NET Dynamic PInvoke
- Can it run Doom? -Can Doom run it? - Game Injection
- Microsoft is making it harder to steal Windows passwords from memory
- Using OpenAI Chat to Generate Phishing Campaigns
- ReverseRDP_RCE - Windows RDP RCE auf Client
- nrich - Shodan API Tool (Portscan)
- nrich - Shodan API Tool (Portscan)
- ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images. - CVE-2021-22204
- ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images.
- PNG Parser Differential - Apple <-> NonApple
- PNG Parser Differential - Apple <-> NonApple
- PNG Parser Differential - Apple <-> NonApple
- Managed Identity Attack Paths, Part 1: Automation Accounts
- From Backup Operator To Domain Admin
- Yes, fun browser extensions can have vulnerabilities too!
- Yes, fun browser extensions can have vulnerabilities too!
- AD CS
- Rubeus 2.0
- Remote Code Execution in pfSense <= 2.5.2
- HTTP/2: The Sequel is Always Worse
- Response Smuggling: Pwning HTTP/1.1 Connections
- Response Smuggling: Pwning HTTP/1.1 Connections
- Universal Privilege Escalation and Persistence – Printer
- Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
- Issue 2186: Exchange: AD Schema Misconfiguration Elevation of Privilege
- CVE-2021-1499 - Cisco HyperFlex HX Data Platform RCE
- ContiLeaks
- Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
- Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
- ACHTUNG
- Rogue RDP – Revisiting Initial Access Methods
- sheepl
- Fingerprint cloning: Myth or reality?
- Windows LPE - Windows 10 1909 to 20H2 and Server Core 2004/20H2 (CVE-2021-33739)
- HTB: Acute
- CVE-2022-21970 - HTML Smuggeling Edge / Chrome
- CVE-2022-21970 - HTML Smuggeling Edge / Chrome
- CVE-2022-21970 - HTML Smuggeling Edge / Chrome
- Kerberos Relaying
- Windows installer LPE 0day
- Windows installer LPE 0day
- Zero-Day Exploitation of Atlassian Confluence - CVE-2022-26134.
- CVE-2021-42321 - Exchange RCE
- Zero-Day Exploitation of Atlassian Confluence
- Security issues related to the npm registry
- DirSync: Leveraging Replication Get-Changes and Get-Changes-In-Filtered-Set
- MS Defender Bypass durch umbenennen von procdump.exe
- MS Defender Bypass
- MS Defender Bypass durch umbenennen von procdump.exe
- MS Defender Bypass durch umbenennen von procdump.exe
- MS Defender Bypass durch umbenennen von procdump.exe
- Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
- Autodial(DLL)ing Your Way - Lateral Movement Windows
- php-fpm-local-root - LPE
- AAD & M365 kill chain
- Attacking Azure & Azure AD, Part II
- SATisfying our way into remote code execution in the OPC UA industrial stack
- SharpSystemTriggers - Cross User DCOM Authentication Trigger
- DFSCoerce - NetNTLM Coerced Auth
- Lockbit Ransomware group - Samples
- SharpSystemTriggers - Cross User DCOM Authentication Trigger
- Hertzbleed Attack
- CVE-2021-26084 Remote Code Execution on Confluence Servers
- CVE-2022-21371 - Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- HTB: Talkative
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
- GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
- X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL 3.0.0 - 3.0.6
- X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL
- STARTTLS implementations in email clients & servers plagued by 40+ vulnerabilities
- RCE 0-day that afftceted to GhostScript-9.50
- Fun fact: Die Fuchsia ist nach einem berühmten Tübinger benannt.
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
- Trust me. PowerShell is not going to be the same again once you do this.
- ProxyToken: An Authentication Bypass in Microsoft Exchange Server
- ProxyToken: An Authentication Bypass in Microsoft Exchange Server
- The Phantom Credentials of SCCM: Why the NAA Won’t Die
- The Phantom Credentials of SCCM: Why the NAA Won’t Die
- Blinding EDR On Windows
- F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive
- Blinding EDR On Windows
- Rapidly Search and Hunt through Windows Event Logs
- Rapidly Search and Hunt through Windows Event Logs
- Spoofing Calendar Invites Using .ics Files
- No Logs? No Problem! Incident Response without Windows Event Logs
- 🔥 urlscan.io's SOAR spot: Chatty security tools leaking private data 🔥
- Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
- Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
- Gregor Samsa: Exploiting Java's XML Signature Verification - CVE-2022-34169
- HTB: Gobox
- INFOCONDB - Sammlung von ITSec Konfernenzen
- CVE-2021-26084 Remote Code Execution on Confluence Servers
- CVE-2021-26084 Remote Code Execution on Confluence Servers
- Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
- Humblebundle:
- Phishing Users to Take a Test
- Google Chrome 0day/1day
- Adding a native sniffer to your implants: decomposing and recomposing PktMon
- Google Chrome 0day/1day
- Google Chrome 0day/1day
- Part-1 Dive into Zoom Applications
- The Elastic Container Project for Security Research
- The dark side of Microsoft Remote Procedure Call protocols
- How the Kaseya VSA Zero Day Exploit Worked
- Unrar Path Traversal Vulnerability affects Zimbra Mail
- Restoring (Recovering) PowerShell Scripts from Event Logs
- PRINTING SHELLZ : HP Printer RCE
- Certificates and Pwnage and Patches, Oh My!
- The Pen Testing Tools We’re Thankful for in 2021
- GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
- GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
- All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
- Exploiting CVE-2021-43267
- A New Attack Surface on MS Exchange Part 3 - ProxyShell!
- OffensiveAutoIt
- Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
- Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
- Accidental $70k Google Pixel Lock Screen Bypass - CVE-2022-20465
- Social Engineering Your Way Into The Network
- Sandboxing Antimalware Products for Fun and Profit
- Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
- BREAKING & ENTERING
- UNORTHODOX LATERAL MOVEMENT:
- Ich habe deutsche Kommunen auf Schwachstellen überprüft
- Sophos UTM Preauth RCE: A Deep Dive into CVE-2020-25223
- Ich habe deutsche Kommunen auf Schwachstellen überprüft
- Grafana v8.x Arbitrary File Read - 0day
- reverse_ssh
- MS Defender Bypass comsvcs - mal wieder
- Windows 10 RCE: The exploit is in the link
- Windows 10 RCE: The exploit is in the link
- SOCKS5 via RDP Dynamic Virtual Channel
- GoodHound - Bloodhound Enumeration Tool
- Relaying to AD Certificate Services over RPC - ESC11
- Windows Print Spooler Elevation of Privilege vulnerability (CVE-2021-1675) explained
- HTB: Schooled
- They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
- CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability
- CVE-2022–43781 - ATLASSIAN BitBucket RCE (Vietnamesisch)
- PrinterNightmate #4.x
- This shouldn't have happened: A vulnerability postmortem
- This shouldn't have happened: A vulnerability postmortem
- Always Free Server Oracle Cloud
- Defender Bypass - Dump LSASS
- [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
- PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
- Windows EoP via USB Device
- PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
- PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
- RCE für Windows via TTF
- RCE für Windows via TTF
- Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
- Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
- Microsoft 365 OAuth Device Code Flow and Phishing
- Microsoft 365 OAuth Device Code Flow and Phishing
- HTB: Minion
- DirSync: Leveraging Replication Get-Changes and Get-Changes-In-Filtered-Set
- Account Persistence – Certificates - Windows
- HTB: Talkative
- Windows EoP via USB Device
- Windows EoP via USB Device
- Spying on users using Remote Desktop Shadowing - Living off the Land
- File URL Handler in Windows
- File URL Handler in Windows
- Kali - 2021.3
- LPE - Google Chrome / Edge Update Service - Windows 10 2009
- The Cyber Plumber's Handbook
- CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
- Spying on users using Remote Desktop Shadowing - Living off the Land
- Outdated JavaScript engine leads to RCE in Foxit PDF Reader
- Outdated JavaScript engine leads to RCE in Foxit PDF Reader
- SMTP Matching Abuse in Azure AD
- SMTP Matching Abuse in Azure AD
- Exploited Windows zero-day lets JavaScript files bypass security warnings
- The Curious Case of the Password Database
- Follina — a Microsoft Office code execution vulnerability
- Follina — a Microsoft Office code execution vulnerability
- CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
- SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
- Google Chrome NTP XSS via Google Search CSRF
- SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
- Harvesting Active Directory credentials via HTTP Request Smuggling
- BloodHound Inner Workings & Limitations
- BloodHound Inner Workings & Limitations
- CVE-2022-30781 Gitea RCE über die Migrate Funktion
- Phishing for NetNTLM Hashes
- Revisiting a Credential Guard Bypass - Windows
- Phishing With Google's Domain
- Windows User Profile Service 0day LPE
- HTB - Spider
- tinkershell - LPE
- CME - Hashspider
- CME - Hashspider
- CME - Hashspider
- Can it run Doom? -Can Doom run it? - Game Injection
- Déjà vu-lnerability
- Déjà vu-lnerability
- Déjà vu-lnerability
- Déjà vu-lnerability
- Linux sudo Heap Overflow < 1.9.4p2
- lsarelayx - NTLM Relaying unter Windows
- Linux sudo Heap Overflow < 1.9.5p1
- CVE-2021-25646 - Apache Druid < 20.1 authenticated RCE
- BIGIP Adwanced WAF & ASM RCE < 16.0.1.1 - CVE-2021-22992
- Giving JuicyPotato a second chance: JuicyPotatoNG
- Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
- Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)
- Infosec Blogs: Our Cup Runneth Over
- Backdooring and hijacking Azure AD accounts by abusing external identities
- The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
- ÆPIC Leak
- OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
- Capability Abstraction Case Study: Detecting Malicious Boot Configuration Modifications
- Undermining Microsoft Teams Security by Mining Tokens
- Making HTTP header injection critical via response queue poisoning
- Chaos Computer Club hackt Video-Ident
- Windows Containers: Host Registry Virtual Registry Provider Bypass EoP - CVE-2021-26864
- HTB: StreamIO
- Issue 2128: Windows Containers: AppSilo Object Manager Root Directory EoP
- HTB: Scanned
- Solving the Unredacter Challenge
- Living-Off-the-Blindspot - Operating into EDRs’ blindspot
- INTEL : Lord of the Ring(s): Side Channel Attacks on theCPU On-Chip Ring Interconnect Are Practical
- Kali - 2021.3
- BumbleBee Roasts Its Way to Domain Admin
- Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
- Yanluowang ransomware group claims to have breached Cisco
- Skidaddle Skideldi - I just pwnd your PKI
- Taking Kerberos to the next Level - Blackhat USA 2022 - James Forshaw - Nick Landers
- Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
- Phreaking 2.0Abusing Microsoft Teams Direct Routing
- How I Hacked my Car
- Hijack Libs
- RBCD on SPN-less users
- Oh, Behave! Figuring Out User Behavior (Windows Activity)
- Process injection: breaking all macOS security layers with a single vulnerability
- Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
- You're M̶u̶t̶e̶d̶ Rooted - Zoom LPE unter macOS
- TCM DIscount - PMAT & PEH
- Cisco Nightmare. Pentesting Cisco networks like a devil.
- WordPress Core - Unauthenticated Blind SSRF
- Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)
- Metasploit Weekly Wrap-Up - BYOS: Bring your own stager
- CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
- New Attack Paths? AS Requested Service Tickets
- File URL Handler in Windows
- Sacrificing Suspended Processes
- The difference between signature-based and behavioural detections
- Relaying YubiKeys / PIVert Smartcards
- Microsoft Windows Shift F10 Bypass and Autopilot privilge escalation
- BHIS | Coercions and Relays – The First Cred is the Deepest with Gabriel Prud'homme | 1.5 Hours
- Jailbreak für John-Deere-Traktoren
- Save the Environment (Variable) - Windows DLL Highjacking
- AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
- Evil PLC Attack: Using a Controller as Predator Rather than Prey
- Hacking Zyxel IP cameras to gain a root shell
- Travis-CI - Leak of sensitive files
- monomorph - MD5 Hash Collision
- HTB: Retired
- Skype for Business Audit Part 2 - SKYPErimeterleak
- Introducing BloodHound 4.2 — The Azure Refactor
- BARK - BloodHound Attack Research Kit
- Microsoft Office 365 email encryption could expose message content
- PersistenceSniper
- The Unavoidable Pain Of Backups — Security Deep-Dive Into The Internals Of NetBackup
- Why the best kind of cybersecurity is Open Security
- PART 3: How I Met Your Beacon – Brute Ratel
- Regexploit: DoS-able Regular Expressions
- dotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been Easier
- Introducing the Azure Threat Research Matrix
- HTB: Perspective
- Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
- QNAP Poisoned XML Command Injection (Silently Patched)
- Exploits Explained: 5 Unusual Authentication Bypass Techniques
- Disposable Root Servers
- Toner Deaf – Printing your next persistence (Hexacon 2022)
- SharpEfsPotato
- Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
- LPE - Google Chrome / Edge Update Service - Windows 10 2009
- WAM BAM - Recovering Web Tokens From Office
- Relaying YubiKeys Part 2
- Dameware Mini: The Sleeper Hit of 2019?
- How Hash-Based Safe Browsing Works in Google Chrome
- unblob - Binwalk alternative
- CVE-2022-3368 - LPE Avira Security
- Controlling the Source: Abusing Source Code Management Systems
- Discovering Domains via a Timing Attack on Certificate Transparency
- Dancing on the architecture of VMware Workspace ONE Access (ENG)
- Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
- Dumping the Sonos One smart speaker
- Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments
- HTB: Overgraph
- Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark
- HardwareAllTheThings
- Killing AV with SysInternals
- Wireshark 4.0.0 Release Notes
- Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!
- You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications
- IBM Studie über Stress und Gesundheit für IR Mitarbeiter.
- Common Conditional Access Misconfigurations and Bypasses in Azure
- LPE - RHEL 8.1, 8.2, and 8.3
- Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
- Bypass Nummer 2 ..
- Securing Developer Tools: A New Supply Chain Attack on PHP
- HackTricks Cloud
- SystemInformer / ProcessHacker3
- Powershell Obfuskierung - YARA
- ZDI-CAN-18333 aka ProxyNotShell— the story of the claimed zero day in Microsoft Exchange
- ProxyNotShell
- horrifying-pdf-experiments
- Microsoft Patch Tuesday im April 2022 ist ernst zu nehmen!
- Code execution in Wireshark via non-http(s) schemes in URL fields
- Top 10 web hacking techniques of 2020
- WannaCry 2.0 incoming...
- HTB: Scrambled
- Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
- What I learnt from reading {COUNT}* {TOPIC} bug reports.
- When Athletic Abilities Just Aren't Enough - Scoreboard Hacking
- Kernel Driver Exploit: System Mechanic
- Virtual x86 - Run KolibriOS, Linux or Windows 98 in your browser.
- CVE-2022-2992 - Gitlab Remote Command Execution via Github import
- SSD Advisory – pfSense Post Auth RCE
- Burp Suite - solving E-mail and SMS TAN multi-factor authentication with Hackvertor custom tags
- Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
- Analyse: Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
- Dependency Confusion
blog