IT Security Mini Blogposts

Categories

miniblog

• How to launch Command Prompt and powershell from MS Paint
• Ouch! Oracle Java licensing switches to employee count metric
• CactusCon 2023: BloodHound Unleashed
• F5 hat Schwachstelle in BigIP, ermöglicht Übernahme der Geräte
• Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)
• Relaying PetitPotam/printerbug gegen LDAPS (Resource-based Constrained Delegation)
• Lapsus Timeline Sitel/SYKES breach
• Nexus Dashboard Fabric Controller (aka DCNM) again w/ unauth web-to-root chain
• BadSectorLabs.com
• Spring Framework
• Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All
• CVE-2022-27666: Exploit esp6 modules in Linux kernel
• ABC-Code Execution for Veeam | CVE-2022-26503 , CVE-2022-26504, CVE-2022-26500
• A Spectre proof-of-concept for a Spectre-proof web
• Excel XLSB vs XLSX file format. The Pros and Cons of XLSB Files
• LDAP relays for initial foothold in dire situations
• Pwn2Own Tokyo 2020: Defeating the TP-Link AC1750 - CVE-2021-27246.
• Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
• Leak: Immunity CANVAS 7.26
• D-Link DAP-2020 PreAuthRCE - CVE-2021-27249, CVE-2021-27250
• CVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi
• Windows DNS Server unauth RCE - SIGRed - CVE2020-1350
• Exchange RCE - CVE-2021-26855 - ProxyLogon
• Spectre exploits in the "wild"
• The most common on premises vulnerabilities & misconfigurations - CNs
• AV Evasion via SysWhispers2 and more
• PPLDump Revival
• The Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys
• HTB: Late
• Pokémon Shellcode Loader
• Efficient Infrastructure Testing
• Analysing LastPass, Part 1
• Userland Execution of Binaries Directly from Python
• Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
• Pwning ManageEngine — From Endpoint to Exploit
• D/Invoke & GadgetToJScript
• Subdomain Enumeration Tool Face-off 2022
• widespread malware attack on github
• Palo Alto Firewall / VPN RCE with default Key
• Know Your AD Vulnerability: CVE-2022-26923
• Evilginx, meet BITB
• McAfee Agent könnte als Schlupfloch für Schadcode dienen
• AtomPePacker : A Highly Capable Pe Packer
• Living off the land, AD CS style
• Bitbucket Server and Data Center Advisory 2022-08-24
• But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
• Seventh Inferno vulnerability (some NETGEAR smart switches)
• Linux Kernel Exploit (CVE-2022-32250) with mqueue
• Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
• Securing Developer Tools: Argument Injection in Visual Studio Code
• Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
• Bypassing AppLocker by abusing HashInfo
• FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
• Replicant: Reproducing a Fault Injection Attack on the Trezor One
• Continuous access evaluation - Azure
• PXEThief - Pulling Passwords out of Configuration Manager
• Evading Detection: A Beginner's Guide to Obfuscation
• Emotet malware is back and rebuilding its botnet via TrickBot
• CVE-2022-35742 - Outlook DoS
• DirtyCred
• HTB: OpenSource
• What can we learn from leaked Insyde's BIOS for Intel Alder Lake
• Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
• Detecting and preventing LSASS credential dumping attacks
• Comparing Semgrep and CodeQL
• Capturing Detection Ideas to Improve Their Impact
• Killing Microsoft Defender for Endpoint - via MsMpLics.dll
• Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style
• TP-Link TL-WR840N EU v5 Remote Code Execution
• FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug - CVE-2022-23090
• Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)
• Critical Samba bug could let anyone become Domain Admin – patch now!
• VulnerabilitiesDataImport
• Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
• Researching Open Source apps for XSS to RCE flaws
• Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
• ShadowSpray - AD Shadowcredentials AtTack
• The secrets of Schneider Electric’s UMAS protocol
• Fun with PowerShell – Executing commands with DNS requests
• Blacksmith - Rowhammer bit flip attack
• Chromium based Browser SSL/TLS Error Bypass
• Zyxel authentication bypass patch analysis (CVE-2022-0342)
• GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7 - CVE-2022-1162.
• Ransomware Gang Abused Microsoft Certificates to Sign Malware
• Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
• Escalating from Logic App Contributor to Root Owner in Azure
• Traitor - Linux LPE
• Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
• Branch History Injection - SpectreV2-BHI
• CVE-2022-22005 Microsoft Sharepoint RCE - authenticated
• chrome://net-export
• Put an io_uring on it: Exploiting the Linux Kernel - CVE-2021-41073
• TLStorm - Three critical vulnerabilities discovered in APC Smart-UPS devices
• Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
• Masterpiece Video about DRAM. Low level!
• vmware-authd-EoP
• The Dirty Pipe Vulnerability
• 2021 Year In Review - The DFIR Report
• CVE-2022-24990: TerraMaster TOS unauthenticated remote command execution via PHP Object Instantiation
• Abusing Kerberos Constrained Delegation without Protocol Transition
• AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
• Obfuscating Malicious, Macro-Enabled Word Docs
• Security wall of S7CommPlus - Part 1
• HTB: Hancliffe
• Escaping privileged containers for fun
• Raidforum beschlagnahmt
• LSASS dumping in 2021/2022 - from memory - without C2
• Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
• The Discovery and Exploitation of CVE-2022-25636
• Google & Apache Found Vulnerable to GitHub Environment Injection
• Security tools showcased at Black Hat USA 2021
• #Conti playbook in a (google) translated, safe pdf:
• HTB: Proper
• Déjà vu-lnerability
• MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
• Get root on macOS 13.0.1 with CVE-2022-46689 - macOS Dirty Cow bug
• I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
• How to Hack APIs in 2021
• Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273)
• Fontuscator - Text Obfuscation with custom Font
• CVE-2022-46908 - SQLite --safe context bypass
• PostDump - C# Implementierung von Nanodump
• A JOURNEY TO PWN AND OWN THE SONOS ONE SPEAKER
• Messing with slash-proc
• An ACE Up the Sleeve:Designing Active Directory DACL Backdoors
• HTB Business CTF Write-ups
• DEF CON 29: Vulnerability Exchange: One Domain Account for More Than Exchange Server RCE
• CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
• Evading Detection: A Beginner's Guide to Obfuscation
• DEF CON 29 - Jacob Baines - Bring Your Own Print Driver Vulnerability
• A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
• CVE-2022-28672 - Foxit PDF Reader - Use after Free - Remote Code Execution Exploit
• The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users 
• Missing Bricks: Finding Security Holes in LEGO APIs
• NIST Retires SHA-1 Cryptographic Algorithm
• Spoofing Microsoft 365 Like It’s 1995
• StealthHook - A method for hooking a function without modifying memory protection
• CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
• Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)
• HTB: Devzat
• ACSESSED: Cross-tenant network bypass in Azure Cognitive Search
• Notice of Recent Security Incident - Lastpass
• Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
• SNMP… Strings Attached!
• Stealing Chrome cookies without a password
• Windows Privilege Escalation: Server Operator Group
• The Cyber Plumber's Handbook
• CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF
• Better Make Sure Your Password Manager Is Secure
• MSI Shenanigans. Part 1 – Offensive Capabilities Overview
• Okta says its GitHub account hacked, source code stolen
• 10 ways of gaining control over Azure function Apps
• Comparison of reverse image searching in popular search engines [OSINT hints]
• HTB: CrossFitTwo
• HTB: Epsilon
• Multiple vulnerabilities in FortiManager version 6.4.5
• OpenSSL - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
• CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability
• Exchange Server GetWacInfo Information Disclosure Vulnerability - CVE-2022-24463
• HTB: Ransom
• BITB - Browser templates for Browser In The Browser (BITB) attack
• Three Lessons From Threema: Analysis of a Secure Messenger
• CentOS 7 webpanel unauthenticated RCE - CVE-2022-44877
• The OWASSRF + TabShell exploit chain
• Fortinet music video "Firewall"
• Unauth RCE VEEAM - CVE-2022-26500 | CVE-2022-26501
• Decrypting Viscosity Passwords
• It’s Not You! Windows Security Logs Don’t Make Sense
• Maelstrom: Static OpSec Review
• A Detailed Guide on httpx
• Group3r - AD GPO Enumeration Tool
• ConPtyShell - Windows Reverse-Shell
• Circumventing Browser Security Mechanisms For SSRF
• Racing against the clock -- hitting a tiny kernel race window
• TCC ClickJacking
• Azure Dominance Paths - Attackmap
• Okta Service Hacked by Lapsus, Gained Superuser Access
• Initial Access - Right-To-Left Override [T1036.002]
• HTB: Stacked
• CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM
• Bypassing UAC in the most Complex Way Possible!
• SAM und SECURITY für normale Nutzer unter Windows 10 lesbar
• Active Directory Enumeration: PowerView
• Remote Potato - Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
• Azure AD Pass The Certificate - Lateral Movement in Azure
• SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718)
• Exploring Windows UAC Bypasses: Techniques and Detection Strategies
• Citrix Injection - DLL Injections via Ctx64Injector64
• TOOL: SharpRDP
• Tech-support-scams für infosec
• NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack
• Maelstrom: EDR Kernel Callbacks, Hooks, and Call Stacks
• Snaffler und Group3r inlineExecuteAssembly
• A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
• Shadow Credentials - AD
• Advanced-Process-Injection-Workshop by CyberWarFare Labs
• Chrome 0.5day - RCE
• Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
• GitLab <13.9.4 RCE via unsafe inline Kramdown options when rendering certain Wiki pages
• CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability
• Ubuntu OverlayFS - EoP
• HTTP/3 connection contamination: an upcoming threat?
• NAME:WRECK - IoT DNS Exploits
• From 0 to RCE: Cockpit CMS
• PulseSecure VPN RCE - Aktiv Angegriffen
• Finding Buried Treasure in Server Message Block (SMB)
• Named-Pipe-PTH - Lokale User impersonierung
• Lateral Movement – WebClient - Windows ADs
• Ubuntu Desktop Exploit - Pwn2Own 2021 Local Escalation of Privilege Category
• Process Ghosting - Windows
• persistence-info.github.io
• CVE-2021-42287/CVE-2021-42278 Weaponisation
• A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
• LOG4J2-3201 - Limit the protocols JNDI can use by default.
• Javascript RegEx bypass
• Relaying Kerberos only using native Windows
• Introducing BloodHound 4.1 — The Three Headed Hound
• 🔥Top 10 web hacking techniques of 2021🔥
• How Docker Made Me More Capable and the Host Less Secure - CVE-2021-41091
• Heap tricks never get old - Insomni'hack teaser 2022
• Object Overloading - Windows
• HOW TO HACK "THE MAINFRAME" ! (for real)
• QNAP removes backdoor account in NAS backup, disaster recovery app
• Microsoft Office Online Server Remote Code Execution
• Cyberchef
• Recognizing patterns in memory
• CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
• Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
• Introducing Decompiler Explorer
• Koh: The Token Stealer
• Retbleed: Arbitrary Speculative Code Execution with Return Instructions
• iscsicpl autoelevate DLL Search Order hijacking UAC Bypass 0day
• Fakesign Binaries to bypass AVs/EDR
• rundll32.exe keymgr.dll, KRShowKeyMgr - Read stored credentials
• A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
• I feel a draft. Opening the doors and windows - 0-click RCE on the Tesla Model3
• CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel
• Firejail: private-cwd leaks access to the entire filesystem #4780
• Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida
• Web App Pen Testing in an Angular Context
• Networking VMs for HTB
• SPN-jacking: An Edge Case in WriteSPN Abuse
• Workplace by Facebook | Unauthorized access to companies environment — $27,5k
• SiSyPHuS Win10: Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10
• Hacking the Furbo Dog Camera: Part I
• Anatomy of how you get pwned
• CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
• Detecting and annoying Burp users
• CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
• Introducing Pretender - Your New Sidekick for Relaying Attacks
• Ubuntu accountsservice CVE-2021-3939 (GHSL-2021-1011)
• Lansweeper lansweeper - Multiple Vulnerabilities
• Windows Server 2016 - EOL
• Issue 100: Platform certificates used to sign malware
• Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access
• Stalking inside of your Chromium Browser - Revisiting Remote Debugging
• Visual Studio Code: Remote Code Execution
• CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection
• Looting iOS App’s Cache.db
• Malware triage in 30 minutes or how to get infected when browsing google
• ChatGPT - OpenAI
• Openredirect www.google.com - Phishing
• Microsoft Defender for Identity Encrypted Password
• Web browsers drop mysterious company with ties to U.S. military contractor
• Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) - LPE Ubuntu
• FreeBSD-SA-22:15. Stack overflow in ping(8) - CVE-2022-23093
• Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 - CVE-2022-36431
• Car Hacking - SiriusXM Telemetry
• Outdated JavaScript engine leads to RCE in Foxit PDF Reader
• I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit
• Looting Microsoft Configuration Manager
• The art and science of modern hacking - Humblebundle
• Exactly what you’re looking for - Github Code Search allows RegEx
• A Confused Deputy Vulnerability in AWS AppSync
• macOS Sandbox Escape vulnerability via Terminal
• Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE-2021-38666)
• HTB: CarpeDiem
• SysmonEoP - CVE-2022-41120
• A phishing document signed by Microsoft – part 1
• SMTP Matching Abuse in Azure AD
• Android App Hacking Workshop
• Why is Exposing the Docker Socket a Really Bad Idea?
• Debugging Protected Processes
• Novel Pipeline Vulnerability Discovered; Rust  Found Vulnerable
• Pre-Auth RCE with CodeQL in Under 20 Minutes
• Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway
• CertPotato – Using ADCS to privesc from virtual and network service accounts to local system
• Sniffing SSH Passwords
• Internet Explorer 0-day exploited by North Korean actor APT37
• Issue 2346: Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP - CVE-2022-41057
• Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
• Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)
• Azure temporary passwords - Eingeschränkter Zeichenraum
• HardeningKitty and Windows 10 Hardening
• Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
• Citrix SSON Credential Leak
• CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
• [ENG] Creating a loader PoC using various languages
• Scavenger: Misuse Error Handling Leading To QEMU/KVM Escape
• CVE-2020-28018: Exim Use-after-free (UAF) leading to RCE
• Shodan 201: Rummaging Around The Internet
• Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack
• PlumHound Reporting Engine for BloodHoundAD
• Cool vulns don't live long - Netgear and Pwn2Own
• Secret Backdoors Found in German-made Auerswald VoIP System
• CVE-2022-22536 - SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22536
• Dumping Plaintext RDP credentials from svchost.exe
• Azure AD Certificate-Based Authentication now in Public Preview
• NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
• Never, Ever, Ever Use Pixelation for Redacting Text
• Where's the Interpreter!? (CVE-2021-30853) - MacOS Security Bypass
• From Backup Operator To Domain Admin
• Issue 2319: Cisco Jabber: XMPP Stanza Smuggling with stream:stream tag - CVE-2022-20917
• Advisory: Western Digital My Cloud Pro Series PR4100 RCE
• Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
• Cache Poisoning at Scale
• Responder and IPv6 attacks
• Lsass Shtinkering
• Building A Virtual Machine inside ChatGPT
• Hijacking GitHub Repositories by Deleting and Restoring Them
• How to mimic Kerberos protocol transition using reflective RBCD
• Top 10 web hacking techniques of 2021 - nominations open
• Issue 2223: Zoom: Buffer overflow when processing chat messages
• Enumeration and lateral movement in GCP environments
• Turning bad SSRF to good SSRF: Websphere Portal
• Converting C# Tools to PowerShell
• A defender’s view inside a DarkSide ransomware attack
• Write Windows Shellcode in Rust
• Driver-Based Attacks: Past and Present - BYOVD - Windows
• OfflineSAM Modification - Offline Attack Windows (Fremdbooten)
• Eliminating Dangling Elastic IP Takeovers with Ghostbuster
• Dropping Files on a Domain Controller Using CVE-2021-43893
• SCCM passwords & #mimikatz
• CVE‑2021‑1079 – NVIDIA GeForce Experience Command Execution
• HTB: AdmirerToo
• Public penetration testing reports
• CVE-2021-21551 - Dell Command Update via DBUtil_2_3
• MS-FSRVP abuse (ShadowCoerce)
• Fixing the Unfixable: Story of a Google Cloud SSRF
• 🔥KrbRelay - Kerberos relaying C#🔥
• Another Log4j on the fire: Unifi
• HTB: LogForge
• The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
• PHP LFI with Nginx Assistance
• Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs
• Dirty Vanity - Shellcode Execution via Process Forks
• Arbitrary Code Execution via v8 Javascript Engine
• HTB: Outdated
• Responsible Red Teaming - Operate with Honor - Free Course
• Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
• Issue 1252074: Security: ChromeOS root command persistence
• Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
• From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
• Windows Command-Line Obfuscation
• RemotePotato0
• HTB: Armageddon
• SuperSneakyExec - C# Shellcode Runner without PInvoke
• Diving into pre-created computer accounts
• SQL Injection in Wordpress core (CVE-2022–21661)
• The Mac Malware of 2021 👾
• Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
• EDR Parallel-asis through Analysis
• Insecure Comments - MS Office
• CVE-2021-20038 - SonicWall VPN RCE
• Microsoft Cybersecurity Reference Architectures
• HTB: EarlyAccess
• Microsoft is making it harder to steal Windows passwords from memory
• AD PKI #ESC8 in Kombination mit PetitPotam
• Exploited Windows zero-day lets JavaScript files bypass security warnings
• CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable
• Using OpenAI Chat to Generate Phishing Campaigns
• ReverseRDP_RCE - Windows RDP RCE auf Client
• Cisco Prime 3.9.1 - RCE
• Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)
• Steal Credentials & Bypass 2FA Using noVNC
• nrich - Shodan API Tool (Portscan)
• Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!
• HTB: Bolt
• ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images. - CVE-2021-22204
• The Curious Case of the Password Database - ManageEngine’s Password Manager Pro
• PNG Parser Differential - Apple <-> NonApple
• the XSS Rat - Course Material
• HTB: Attended
• Assessing Standalone Managed Service Accounts
• Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
• Precious Gemstones: The New Generation of Kerberos Attacks
• Yes, fun browser extensions can have vulnerabilities too!
• Blackswan Technical Writeup (PDF) - Windows LPE
• Want to try to decode SCCM passwords in SC_UserAccount table with #mimikatz ?
• A physical graffiti of LSASS: getting credentials from physical memory for fun and learning
• Honeysploit: Exploiting the Exploiters
• letme.go – A minimalistic Meterpreter stager written in Go
• Rogue Assembly Hunter
• HTB: Static
• RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
• AD CS
• VMWare Horizon anfällig für log4shell
• Statistik über Ransomware Ergebnisse
• INFRA:HALT
• Microsoft verbessert Schutz gegen Makros ab April
• ASR schützt LSASS Prozess gegen auslesen
• Follina — a Microsoft Office code execution vulnerability
• Windows 11 enthält kein WMIC mehr
• Stealing a few more GitHub Actions secrets
• Remote Code Execution in pfSense <= 2.5.2
• Rubeus 2.0
• Identifying Bugs in Router Firmware at Scale with Taint Analysis
• Variant analysis of the ‘Sequoia’ bug
• A pinch of XLL and a splash of rust has the potential to be a sharp combination
• AD CS – The Basics
• From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator
• Blackhat: Diving in to spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer.
• CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
• Blackhat: Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
• DEFCON : Response Smuggling: Pwning HTTP/1.1 Connections
• Blackhat: HTTP/2: The Sequel is Always Worse
• SameSite: Hax – Exploiting CSRF With The Default SameSite Policy
• 🔥Relaying Kerberos over DNS using krbrelayx and mitm6🔥
• Find You: Building a stealth AirTag clone
• Horde Webmail 5.2.22 - Account Takeover via Email
• The Ultimate Guide to Phishing
• Universal Privilege Escalation and Persistence – Printer
• The path to code execution in the era of EDR, Next-Gen AVs, and AMSI
• Graphischer UAC Bypass - msconfig
• From Stolen Laptop to Inside the Company Network
• Welcome to Bug Hunter University
• AWS ECR Public Vulnerability
• FindUncommonShares - AD SMB enumeration
• Linux kernel Use-After-Free (CVE-2021-23134) PoC.
• Microsoft Wont-Fix-List
• If anybody is bored - can you recreate #HiveNightmare in a 240 or less character PowerShell tweet?
• Fantastic Windows Logon types and Where to Find Credentials in Them
• Decrypting SMB3 Traffic with just a PCAP? Absolutely (maybe.)
• NTLM relaying to AD CS - On certificates, printers and a little hippo
• Blind exploits to rule WatchGuard firewalls
• New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
• macOS Red Teaming: Get Active Directory credentials from NoMAD
• Build your own WiFi Pineapple Tetra for $7!
• Kernel Pwning with eBPF: a Love Story
• Issue 2186: Exchange: AD Schema Misconfiguration Elevation of Privilege
• #printnightmare 4.x
• Issue 2228: Windows: EFSRPC Arbitrary File Upload EoP
• Windows cmd.exe - Ausführen von Dateien
• CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO
• CVE-2021-1499 - Cisco HyperFlex HX Data Platform RCE
• Issue 2254: Zoom: Remote Code Execution with XMPP Stanza Smuggling
• NAT Slipstreaming v2.0
• Moodle 2nd Order Sqli
• How to Analyze Malicious Microsoft Office Files
• Bluffy the AV Slayer - Convert shellcode into different formats.
• LAPSUS$ <-> NVIDA
• Triaging A Malicious Docker Container
• ContiLeaks
• SEKTOR7 Kurs-Rabatt
• JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library
• Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
• HTB: Object
• SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
• Rogue RDP – Revisiting Initial Access Methods
• Re-ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using.. Google.. Again
• Intro to Embedded RE Part 1: Tools and Series Overview
• Running Cobalt Strike BOFs from Python
• Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
• sheepl
• EFS RPC
• Fuzzing Windows RPC with RpcView
• HTB: TheNotebook
• Bypassing Windows 10 UAC with mock folders and DLL hijacking
• Hunt for the gMSA secrets - WIndows AD
• Microsoft Intune - Bypassing conditional access by faking device compliance.
• malware_training_vol1
• SAML XML Injection
• Fingerprint cloning: Myth or reality?
• Attack Surface Analysis - Part 2 - Custom Protocol Handlers
• HTB: Meta
• How I Met Your Beacon - x33fcon - Domchell
• Anti-Malware - Rewind - Panik Button bei Virusinfektionen
• Gitlab Project Import RCE Analysis (CVE-2022-2185)
• CVE-2021-22986 f5 big ip unauth rce
• Incident Response in AWS
• EoP - Windows mit Intune via Bitlocker Recovery Key
• LPE Windows 10 - CVE-2021-1732
• Trojan Source: Invisible Vulnerabilities
• CVE-2021-22205 - Gitlab RCE
• From Zero to Domain Admin - DFIR Report
• HTB: Explore
• MalAPI.io - Sammlung an Windows APIs die Malware benutzt
• CyberArk Endpoint Manager Local Privilege Escalation CVE-2021–44049.
• Phishing for AWS credentials via AWS SSO device code authentication
• SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
• Part 1 – SingPass RASP Analysis
• Abusing Google Drive's Email File Functionality
• Windows LPE - Windows 10 1909 to 20H2 and Server Core 2004/20H2 (CVE-2021-33739)
• ProtectMyTooling – Don’t detect tools, detect techniques
• CVE-2022-21970 - HTML Smuggeling Edge / Chrome
• Zooming in on Zero-click Exploits
• Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
• Local Privilege Escalation in all Windows Versions
• Dotnet’s default AES mode is vulnerable to padding oracle attacks
• HTB: Enterprise
• Microsoft resumes default blocking of Office macros after updating docs
• CVE-2022-1040 Sophos XG Firewall Authentication bypass
• Bypassing Image Load Kernel Callbacks
• Stranger Strings: An exploitable flaw in SQLite
• GrabAccess - Konboot Klon
• Certified Pre-OwnedAbusing Active Directory Certificate Services
• Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
• Make JDBC Attack Brilliant Again
• Gitlab: Clipboard DOM-based XSS.
• critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)
• Kerberos Relaying
• Breaking electron-store's encryption
• Harvesting Active Directory credentials via HTTP Request Smuggling
• BSI Phishing-Spiel
• ChaosDB: How we hacked thousands of Azure customers’ databases
• DD-WRT UPnP Buffer Overflow
• H2C Smuggling in the Wild
• TPM sniffing
• LinkSys EA6100 AC1200
• PDF als Transporter für Schadcode
• CVE-2021-42321 - Exchange RCE
• Windows installer LPE 0day
• Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology
• Terminal Server PRIV.ESC via RemotePotat0
• Is exploiting a null pointer deref for LPE just a pipe dream? - WIndows LPE
• Zero-Day Exploitation of Atlassian Confluence - CVE-2022-26134.
• Security issues related to the npm registry
• Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
• Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days
• AutoPoC - Validating the Lack of Validation in PoCs
• MS Defender Bypass durch umbenennen von procdump.exe
• Drupal insecure default leads to password reset poisoning
• SANS - Cheatsheets
• Nagios XI < 5.7.5 - 13 Nagios Vulnerabilities
• The trouble with Microsoft’s Troubleshooters
• Feral Terror - RCE in Netgear Switches
• 2021.1 IPU - Intel® VT-d Advisory
• Windows Drivers Reverse Engineering Methodology
• CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
• Persistent access to Burp’s Collaborator Session
• pay-what-you-can (min $5) on the following courses: External Pentest Playbook Windows PrivEsc Linux PrivEsc
• Creating Fully Undetectable Payload (FUD) with C
• GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
• Autodial(DLL)ing Your Way - Lateral Movement Windows
• The github.dev web-based editor
• Teil2: Managed Identity Attack Paths, Part 2: Logic Apps
• SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
• Responder DHCP in Version 3.0.7.0
• Zoom RCE from Pwn2Own 2021
• Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn
• Visual Studio Code Jupyter Notebook RCE
• Snakes on a Domain: An Analysis of a Python Malware Loader
• The dying knight in the shiny armour
• RC4 Is Still Considered Harmful
• AAD & M365 kill chain
• php-fpm-local-root - LPE
• CVE-2022-30781 Gitea RCE über die Migrate Funktion
• Linux sudo Heap Overflow < 1.9.5p1
• Attacking Azure & Azure AD, Part II
• Convert ldapdomaindump to Bloodhound
• HTB: Spooktrol
• All Access Pass: Five Trends with Initial Access Brokers
• SharpSystemTriggers - Cross User DCOM Authentication Trigger
• Schwachstelle in Citrix ADM
• DFSCoerce - NetNTLM Coerced Auth
• Lockbit Ransomware group - Samples
• Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
• Decrypting VEEAM Passwords
• CdpSvcLPE - WIndows LPE - Writeable SYSTEM path Dll Hijacking)
• XSS in the AWS Console
• Car hijacking swapping a single bit - Hardware SPI
• Discovering Zero-Day Vulnerabilities in McAfee Products (CVE-2021-31838)
• Responder's DHCP Poisoner
• Don't Ruck Us Too Hard - Owning Ruckus AP devices
• Abusing the Exchange Postmaster to Expose Email Spam & Malware Filters
• Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
• Your Microsoft Teams chats aren’t as private as you think..
• 9 OSINT Tools For Your Reconnaissance Needs
• Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
• Repurposing Real TTPs for use on Red Team Engagements
• SynLapse – Technical Details for Critical Azure Synapse Vulnerability
• Hertzbleed Attack
• Nextcloud - Attacker can obtain write access to any federated share/public link (CVE-2021-32654 & CVE-2021-32655)
• Cracking WiFi at Scale with One Simple Trick
• Pwn2Own Vancouver 2021 :: Microsoft Exchange Server Remote Code Execution
• HotPics 2021 - RCE via GhostScript
• %appdata% is a mistake – Introducing Invoke-DLLClone
• AWS WAF's Dangerous Defaults
• Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete?
• CVE-2022-21371 - Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
• Pwning 3CX Phone Management Backends from the Internet
• Solarwinds Web Help Desk: When the Helpdesk is too Helpful
• Recovering Randomly Generated Passwords
• 🔥pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)🔥
• Resource based constrained Delegation (RBCD) WebClient attack
• SharpProxyLogon
• This man thought opening a TXT file is fine, he thought wrong. macOS CVE-2019-8761
• The Power of SeImpersonation
• Man in the Terminal - Logger für Linux / Pathhijacking
• Breaking GitHub Private Pages for $35k
• RDCMan v2.8
• Evasive Phishing Techniques Threat Actors Use to Circumvent Defense Mechanisms
• Miracle - One Vulnerability To Rule Them All
• Retrieving AWS security credentials from the AWS console
• Attacking With WebView2 Applications
• No Passwords More Problems
• Anatomy and Disruption of Metasploit Shellcode
• Introducing iHide – A New Jailbreak Detection Bypass Tool
• ZDI-21-1053: Bypassing Windows Lock Screen
• Popular 'coa' NPM library hijacked to steal user passwords
• How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
• Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
• Automatically extracting static antivirus signatures
• Binary File Write via Microsoft Speech API
• Mitmproxy 9
• Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
• GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
• Safari is hot-linking images to semi-random websites
• Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
• Nighthawk 0.2.1 – Haunting Blue
• Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
• X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL 3.0.0 - 3.0.6
• Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
• Hacking Swagger-UI - from XSS to account takeovers
• Finding DOM Polyglot XSS in PayPal the Easy Way
• How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506]
• An EPYC escape: Case-study of a KVM breakout - CVE-2021-29657
• RCE 0-day that afftceted to GhostScript-9.50
• HTB: Unobtainium
• From RpcView to PetitPotam (Windows)
• RestrictedAdmin
• unauth RCE Western Digital PR4100 NAS - Your vulnerability is in another OEM!
• BleedingTooth - Linux Blueetooth Stack (BadVibes, BadKarma and BadChoice)
• Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter
• Analysis of CVE-2022-30136 “Windows Network File System Vulnerability“
• How I Got Pwned by My Cloud Costs
• Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
• Apache Tapestry - CVE-2021-27850 Exploit
• A supply-chainbreach: Taking over an Atlassian account
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• 🔥Trust me. PowerShell is not going to be the same again once you do this.🔥
• ProxyToken: An Authentication Bypass in Microsoft Exchange Server - CVE-2021-33766
• The Phantom Credentials of SCCM: Why the NAA Won’t Die
• Double PetitPotam - unauthenticated #petitpotam everywhere (not only for DCs)!
• Understanding Zigbee and Wireless Mesh Networking
• Phishing for NetNTLM Hashes
• Fuzzing RDP: Holding the Stick at Both Ends
• Blinding EDR On Windows
• PHP NULL Byte
• Backdooring Rust crates for fun and profit
• New Critical Vulnerabilities Found on Nucleus TCP/IP Stack
• Pentest tale - Dumping cleartext credentials from antivirus
• Rapidly Search and Hunt through Windows Event Logs
• Escalating XSS to Sainthood with Nagios - Nagios <
• Spoofing Calendar Invites Using .ics Files
• HTB: Nunchucks
• Riding the InfoRail to Exploit Ivanti Avalanche
• No Logs? No Problem! Incident Response without Windows Event Logs
• How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It
• XSS Phishing Payload - Snippet
• HTB: Union
• Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover
• WarCon 2022 – Modern Initial Access and Evasion Tactics
• Phishing Course
• Notepad++ Plugins for Persistence
• HTB: Anubis
• This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them
• Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
• BitLocker touch-device lockscreen bypass
• urlscan.io's SOAR spot: Chatty security tools leaking private data
• LOLBINed — Using Kaspersky Endpoint Security “KES” Installer to Execute Arbitrary Commands
• Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
• Gregor Samsa: Exploiting Java's XML Signature Verification - CVE-2022-34169 CVSS: 7.5
• HTB: Tentacle
• HTB: Gobox
• Pwn2Own’ing the TP-Link Archer A7 - CVE-2021-27246
• Automated 0-day discovery in 2021: Squashing the low-hanging fruit in widespread embedded software
• HTB: Moderators
• Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
• SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE
• Bypassing Signature-Based AV
• Pass the Cloud with a Cookie
• Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
• CVE-2021-26084 Remote Code Execution on Confluence Servers
• Windows - Infoleak (CVE-2021-24084)
• Phishing Users to Take a Test
• Hacking the Apple Webcam (again)
• BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
• CVE-2022-27666: Exploit esp6 modules in Linux kernel
• Sitecore Experience Platform Pre-Auth RCE
• RipZip
• HTB: Atom
• Adding a native sniffer to your implants: decomposing and recomposing PktMon
• CONTInuing the Bazar Ransomware Story
• TokenTactics
• HTML Maldoc Remote Macro Injection
• UDP Technology IP Camera vulnerabilities
• Google Chrome 0day/1day
• Rawsec's CyberSecurity Inventory
• Decompile Microsoft ASR Scripts
• Passwordspraying gegen Azure - aad-sso-enum-brute-spray
• Facebook email disclosure and account takeover
• PHP 7.0-8.0 disable_functions bypass [user_filter]
• Abusing Weak ACL on Certificate Templates.
• Finden von Windows Registry Hives in virtuellen Festplatten - Needle
• A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows
• DeepSurface Security Advisory: LPE in Firefox on Windows
• HTB: Monitors
• Backdoor .NET assemblies with… dnSpy 🤔
• Phishing Email Database: Real Phishing Examples & Threats
• Windows - PowerShell Jobs
• LSASS Procdump
• Malicious Python Script Behaving Like a Rubber Ducky
• Azure AD introduction for red teamers
• Tianfu Cup - Exploit Conference
• Reverse engineering and decrypting CyberArk vault credential files
• Part-1&2 Dive into Zoom Applications
• Resetting Expired Passwords Remotely
• How the Kaseya VSA Zero Day Exploit Worked
• Bypass Bitlocker Preboot Authentication mit physischem Zugriff auf das Gerät
• SharpImpersonation Release
• Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings
• Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492)
• [CVE-2022-34918] A crack in the Linux firewall
• CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
• SysWhispers is dead, long live SysWhispers!
• Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
• Unrar Path Traversal Vulnerability affects Zimbra Mail
• CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
• FabricScape: Escaping Service Fabric and Taking Over the Cluster
• Beefproject - Beef
• ‘Demon’s Cries’ authentication bypass patched in Netgear switches
• Restoring (Recovering) PowerShell Scripts from Event Logs
• CVE-2021-22555: Turning into 10000$
• Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
• Bypassing Windows Hello Without Masks or Plastic Surgery
• CVE-2022-44142 - New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root
• HackTheBox: APT (Insane)
• Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
• PRINTING SHELLZ : HP Printer RCE für 150 Modelle
• URL Shorteners
• Password spraying and MFA bypasses in the modern security landscape
• Obsidian, Taming a Collective Consciousness
• OpenBMC: remote code execution in netipmid - IPMI
• SharpLink - C# Port der symboliclink-testing-tools von James Forshaw
• Revisiting a Credential Guard Bypass - Windows
• ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3
• Lateral Movement with Managed Identities of Azure Virtual Machines
• Attacking Active Directory: 0 to 0.9
• DIVD-2021-00011 - Kaseya VSA Limited Disclosure
• Filesec.io
• Bypassing Azure AD home tenant MFA and CA
• Certificates and Pwnage and Patches, Oh My!
• Do You Really Know About LSA Protection (RunAsPPL)?
• Kubesploit - C2 Kubernetes Framework
• alert() is dead, long live print()
• AV Evasion Part 3: Fibers
• #Pwn2Own - RCE in Zoom (0click)
• OffensiveAutoIt
• The Pen Testing Tools We’re Thankful for in 2021
• GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
• All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
• Exploiting CVE-2021-43267 - Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution
• PGSharp: Analysis of a Cheating App for PokemonGO
• HTB: PivotAPI
• Alert changes to sensitive AD groups using MDI
• F-Secure: Attack Detection Fundamentals 2021: Windows
• CVE: CVE-2022-26911 - Skype4Business authenticated arbitrary Fileread
• KeepassXC Read Password from Memory
• Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
• CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability
• Weaponizing and Abusing Hidden FunctionalitiesContained in Office Document Properties
• Webdriver Bugs
• Graphical Lures In The Age of Cybercrime.
• The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
• Using CVE-2021-40531 for RCE with Sketch - macOS
• Dumping and extracting the SpaceX Starlink User Terminal firmware
• KeeFarce Reborn - Keepass Export PWs
• Coercing NTLM Authentication from SCCM
• A tale of EDR bypass methods
• An Introduction to Fault Injection (Part 1/3)
• ProxyNotRelay - An Exchange Vulnerability Encore
• Accidental $70k Google Pixel Lock Screen Bypass - CVE-2022-20465
• xterm before patch 375 can enable an RCE under certain conditions - CVE-2022-45063
• AMSI-ETW-Patch - 1 Byte Memory patch
• LaZagne - Credentials recovery project
• Suborner: A Windows Bribery for Invisible Persistence
• A possibly overlooked GELSEMIUM artefact
• AMSI Unchained
• Social Engineering Your Way Into The Network
• Critical Vulnerabilities Discovered in Popular Automotive GPS Tracking Device (MiCODUS MV720)
• DEEPL - Prozess Dumper
• PrivacyTests.org - Übersicht der Anti-Tracking Features der Browser
• Pwn2Own -> Xxe2Rce - RCE in Rockwell Studio 5000 Logix Designer
• Kerberoast with OpSec
• How iOS Malware Can Spy on Users Silently
• Windows Quiz: Medium IL to High IL
• Master of Puppets Part II – How to tamper the EDR?
• Windows Relaying - I’m bringing relaying back: A comprehensive guide on relaying anno 2022
• Critical Flaws Discovered in Cisco Small Business RV Series Routers
• HTB: Pressed
• S4fuckMe2selfAndUAndU2proxy - A low dive into Kerberos delegations
• Solving DOM XSS Puzzles
• Sandboxing Antimalware Products for Fun and Profit
• Bloodhound "Spotlight"
• QNAP Pre-Auth CGI_Find_Parameter RCE
• executing an http stream as an .exe
• Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
• Go away BitLocker, you´re drunk
• HTB: Intelligence
• Popping iOS <=14.7 with IOMFB
• HOWTO: Microsoft Teams Proxy DLL Hijacking(Tutorial)
• GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI
• Facebook account takeover due to a wide platform bug in ajaxpipe responses
• CookieMonster - Tool
• The Invisible JavaScript Backdoor
• Thick Client Penetration Testing Methodology
• Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog
• This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others
• Windows 11 LPE
• Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
• Reset Passwords
• Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
• GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink
• Kaspersky Password Manager: All your passwords are belong to us
• Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
• Introducing ROADtools Token eXchange (roadtx) - Automating Azure AD authentication, Primary Refresh Token (ab)use and device registration
• Php-Internalog, Introspection Applied to 0day Research
• Lessons Learned from Cloning Windows Binaries and Code Signing Implants
• Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses
• BREAKING & ENTERING
• Linux Kernel Teaching
• Relaying to AD Certificate Services over RPC - ESC11
• Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
• A not-so-common and stupid privilege escalation
• UNORTHODOX LATERAL MOVEMENT:
• Account hijacking using "dirty dancing" in sign-in OAuth-flows
• Unicode Right-To-Left Override
• MSDT DLL Hijack UAC bypass
• Rooting Gryphon Routers via Shared VPN
• CVE-2022-21882 - LPE Windows
• Software Defined Radio, Part 6: Building a Cellphone IMSI Catcher (Stingray)
• [ENG] UUID Shellcode Execution Implementation in C# and DInvoke
• It’s all in the details: The curious case of an lsass dumper gone undetected
• Stealing passwords from infosec Mastodon - without bypassing CSP
• BloodHound Inner Workings & Limitations
• 50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)
• OffensiveVBA
• Using Kerberos for Authentication Relay Attacks
• Hacking Unifi Controller Passwords for Fun and WIFI
• WinRAR’s vulnerable trialware: when free software isn’t free
• SSD Advisory – Cisco "Secure" Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege
• Virtual Disks (VHD(x), ISO) erhalten MOTW
• BumbleBee Zeros in on Meterpreter
• Amazon once again lost control (for 3 hours) over the IP pool in a BGP Hijacking attack
• Ich habe deutsche Kommunen auf Schwachstellen überprüft
• Code execution as root via AT commands on the Quectel EG25-G modem
• reverse_ssh
• MS Defender Bypass comsvcs - mal wieder
• USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
• Phishing with Google Calendar
• A Symmetric Cipher Ransomware … YES!
• Grafana v8.x Arbitrary File Read - 0day
• Reflective Code Loading in Linux — A New Defense Evasion Technique in MITRE ATT&CK v10
• Windows 10 RCE: The exploit is in the link
• CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
• Android Rubberducky
• Introduction to Parent-Child Process Evasion
• HTB: Hathor
• Exploiting System Mechanic Driver
• Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
• Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette"
• Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
• Microsoft Internet Explorer 11 (protected mode off) & Adobe Acrobat Reader DC ActiveX
• From NtObjectManager to PetitPotam
• The past 10 years of Automotive Vulnerabilities
• A Diamond in the Ruff - Kerberos Diamond Tickets
• Possible RCE in OpenSSL 3.0.4
• HTB - Spider
• When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
• Game Of Active Directory v2 - GOAD v2 is out !
• WriteUp Webexploits
• The Art of Bypassing Kerberoast Detections with Orpheus
• Fuzzing and PR’ing: How We Found Bugs in a Popular Third-Party EtherNet/IP Protocol Stack
• SOCKS5 via RDP Dynamic Virtual Channel
• Exploiting Flipper Zero’s NFC file loader
• Nagios XI < 5.7.5 authenticated RCE
• Allow arbitrary URLs, expect arbitrary code execution
• Fetch Defender exclusions from Intune managed devices as non-admin user:
• Phishing With Google's Domain
• CVE-2021-25646 - Apache Druid < 20.1 authenticated RCE
• GoodHound - Bloodhound Enumeration Tool
• Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
• The Challenges of Fuzzing 5G Protocols
• Wordliste - weakpass_3a
• Azure Privilege Escalation via Service Principal Abuse
• AnyDesk Escalation of Privilege (CVE-2021-40854)
• Shellcode loader ScareCrow V3
• Windows - EDRHunt
• They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
• PrinterNightmate #4.x
• Exploit for CVE-2021-40449 (Win32k - LPE)
• CVE-2022–43781 - ATLASSIAN BitBucket RCE (Vietnamesisch)
• Exploit Development: Swimming In The (Kernel) Pool - Leveraging Pool Vulnerabilities From Low-Integrity Exploits, Part 1&2
• HTB: Breadcrumbs
• This shouldn't have happened: A vulnerability postmortem
• Azure Privilege Escalation via Azure API Permissions Abuse
• Former Ubiquiti employee charged with hacking and extorting company
• Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon
• VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability
• Google Project Zero pubished four Browser RCE 0day POC
• Printnightmare - Episode 3
• Rediscovering Epic Games 0-Days (Forever Unpatched?)
• Always Free Server Oracle Cloud
• Remote code execution in cdnjs of Cloudflare
• Microsoft Windows internals - Developer Notes
• 9 Post-Exploitation Tools for Your Next Penetration Test
• Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040
• Azure AD Kerberos authentication (Preview)
• A dive into Microsoft Defender for Identity
• Nighthawk Sample removed from VirusTotal because of Copyright
• Disrupting a PyPI Software Supply Chain Threat Actor
• Mind the Gap
• Recreating an ISO Payload for Fun and No Profit
• Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
• HTB: RouterSpace
• Coercer - Tool für erzwungene Anmeldungen von Maschinen Konten
• Honda bug lets a hacker unlock and start your car via replay attack
• Microsoft rolls back decision to block Office macros by default
• Protecting Windows Credentials against Network Attacks
• Defender Bypass - Dump LSASS comsvcs.dll
• [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
• Abusing forgotten permissions on computer objects in Active Directory
• Office Makros bleiben erhalten
• CME - Hashspider
• HTB: Pikaboo
• Subdomain Enumeration Guide 2021 📖
• RCE in NPM VSCode Extention - CVE2021-26700
• Github Exploits
• PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
• RCE für Windows via TTF CVE-2021-24093 Fixed-2021-Feb-9
• An Exploration of JSON Interoperability Vulnerabilities
• CVE-2020-8625: A Fifteen-Year-Old RCE Bug Returns in ISC BIND Server
• ESXI - VMware unauth RCE CVE-2021-21972
• Farming for Red Teams: Harvesting NetNTLM
• Windows User Profile Service 0day LPE - Windows 11
• CISCO anyconnect EoP - CVE-2021-1366
• CVE-2020-28243 SaltStack Minion Local Privilege Escalation
• Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
• Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
• Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
• Microsoft 365 OAuth Device Code Flow and Phishing
• Discovering Domains via a Timing Attack on Certificate Transparency
• Making HTTP header injection critical via response queue poisoning
• Chaos Computer Club hackt Video-Ident
• BumbleBee Roasts Its Way to Domain Admin
• Yanluowang ransomware group claims to have breached Cisco
• Yanluowang ransomware group claims to have breached Cisco
• 1Password Secret Retrieval — Methodology and Implementation
• Yanluowang ransomware group claims to have breached Cisco
• Yanluowang ransomware group claims to have breached Cisco
• Yanluowang ransomware group claims to have breached Cisco
• Skidaddle Skideldi - I just pwnd your PKI
• You're M̶u̶t̶e̶d̶ Rooted - Zoom LPE unter macOS
• Solving the Unredacter Challenge
• CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
• CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
• New Attack Paths? AS Requested Service Tickets
• The Unavoidable Pain Of Backups — Security Deep-Dive Into The Internals Of NetBackup
• Windows - First Installation Animation
• PersistenceSniper
• HTB: Perspective
• QNAP Poisoned XML Command Injection (Silently Patched)
• Toner Deaf – Printing your next persistence (Hexacon 2022)
• Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
• Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
• WAM BAM - Recovering Web Tokens From Office
• Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
• Kernel Driver Exploit: System Mechanic
• Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark
• Introducing the Windows 10 SMB Shadow Attack: Direct SMB Session Takeover
• Killing AV with SysInternals
• Bypass #2 ..
• Powershell Obfuskierung - YARA
• Powershell Obfuskierung - YARA
• horrifying-pdf-experiments
• Exchange RCE - CVE-2021-26855
• horrifying-pdf-experiments
• Giving JuicyPotato a second chance: JuicyPotatoNG
• Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
• Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
• HTB: Developer
• 1001 ways to PWN prod - A tale of 60 RCE in 60 minutes
• SSD Advisory – pfSense Post Auth RCE
• Aktueller Patch Tuesday ist ernst zu nehmen!
• BadSectorLabs.com
• Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
• Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
• Windows DNS Server RCE - SIGRed - CVE2020-1350
• AV Evasion via SysWhispers2 and more
• Pokémon Shellcode Loader
• Pokémon Shellcode Loader
• Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
• RCE in Adobe Acrobat Reader for android(CVE-2021-40724)
• Palo Alto Firewall / VPN RCE with default Key
• But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
• But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
• Securing Developer Tools: Argument Injection in Visual Studio Code
• Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
• FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
• FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
• FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
• DirtyCred
• What can we learn from leaked Insyde's BIOS for Intel Alder Lake
• Windows Security Updates for Hackers
• PXEThief - Pulling Passwords out of Configuration Manager
• Detecting and preventing LSASS credential dumping attacks
• Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
• ShadowSpray - AD Shadowcredentials AtTack
• Spring Framework
• Spring Framework
• Fun with PowerShell – Executing commands with DNS requests
• Chromium based Browser SSL/TLS Error Bypass
• Chromium based Browser SSL/TLS Error Bypass
• Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
• Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
• Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
• Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
• Branch History Injection - SpectreV2-BHI
• Masterpiece Video about DRAM. Low level!
• Masterpiece Video about DRAM. Low level!
• The Dirty Pipe Vulnerability
• The Dirty Pipe Vulnerability
• The Dirty Pipe Vulnerability¶
• vmware-authd-EoP
• AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
• ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
• If anybody is bored - can you recreate #HiveNightmare in a 240 or less character PowerShell tweet?
• The Discovery and Exploitation of CVE-2022-25636
• CVE-2022-46908 - SQLite --safe context bypass
• Security tools showcased at Black Hat USA 2021
• CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
• A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
• SNMP… Strings Attached!
• Stealing Chrome cookies without a password
• OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
• OpenSSL - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
• The Kerberos Key List Attack: The return of the Read Only Domain Controllers
• BITB - Browser templates for Browser In The Browser (BITB) attack
• Fortinet music video "Firewall"
• Unauth RCE VEEAM - CVE-2022-26500 | CVE-2022-26501
• Group3r - AD GPO Enumeration Tool
• Remote Potato - Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
• Snaffler und Group3r inlineExecuteAssembly
• Chrome 0.5day - RCE
• Chrome 0.5day - RCE
• MySQL Windows EoP
• Introducing BloodHound 4.1 — The Three Headed Hound
• HTB: Shibboleth
• Introducing BloodHound 4.1 — The Three Headed Hound
• How Docker Made Me More Capable and the Host Less Secure - CVE-2021-41091
• CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability
• CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
• Retbleed: Arbitrary Speculative Code Execution with Return Instructions
• Issue 100: Platform certificates used to sign malware
• Openredirect www.google.com - Phsihing
• Openredirect www.google.com - Phsihing
• Openredirect www.google.com - Phsihing
• Openredirect www.google.com - Phsihing
• HTB: 0xdf revisits
• FreeBSD-SA-22:15. Stack overflow in ping(8) - CVE-2022-23093
• Openredirect www.google.com - Phsihing
• ChatGPT - OpenAI
• Windows Server 2016 - EOL
• Internet Explorer 0-day exploited by North Korean actor APT37
• Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
• Citrix SSON Credential Leak
• CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
• CVE-2020-28018: Exim Use-after-free (UAF) leading to RCE
• Secret Backdoors Found in German-made Auerswald VoIP System
• Cloudflare Pages, part 1: The fellowship of the secret
• Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
• Dumping Plaintext RDP credentials from svchost.exe
• Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
• Azure AD Certificate-Based Authentication now in Public Preview
• Advisory: Western Digital My Cloud Pro Series PR4100 RCE
• Lsass Shtinkering
• 🔥KrbRelay - Kerberos relaying C#🔥
• KrbRelay - Kerberos relaying C#
• KrbRelay - Kerberos relaying C#
• CVE-2021-21551 - Dell Command Update via DBUtil_2_3
• CVE-2021-3929-3947 - QEMU VM Escape
• CVE-2021-21551 - Dell Command Update via DBUtil_2_3
• MS-FSRVP abuse (ShadowCoerce)
• Fixing the Unfixable: Story of a Google Cloud SSRF
• PHP LFI with Nginx Assistance
• Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
• RemotePotato0
• RemotePotato0
• RemotePotato0
• Insecure Comments - MS Office
• Insecure Comments - MS Office
• Unmanaged Code Execution with .NET Dynamic PInvoke
• Can it run Doom? -Can Doom run it? - Game Injection
• Microsoft is making it harder to steal Windows passwords from memory
• Using OpenAI Chat to Generate Phishing Campaigns
• ReverseRDP_RCE - Windows RDP RCE auf Client
• nrich - Shodan API Tool (Portscan)
• nrich - Shodan API Tool (Portscan)
• ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images. - CVE-2021-22204
• ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images.
• PNG Parser Differential - Apple <-> NonApple
• PNG Parser Differential - Apple <-> NonApple
• PNG Parser Differential - Apple <-> NonApple
• Managed Identity Attack Paths, Part 1: Automation Accounts
• From Backup Operator To Domain Admin
• Yes, fun browser extensions can have vulnerabilities too!
• Yes, fun browser extensions can have vulnerabilities too!
• AD CS
• Rubeus 2.0
• Remote Code Execution in pfSense <= 2.5.2
• HTTP/2: The Sequel is Always Worse
• Response Smuggling: Pwning HTTP/1.1 Connections
• Response Smuggling: Pwning HTTP/1.1 Connections
• Universal Privilege Escalation and Persistence – Printer
• Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
• Issue 2186: Exchange: AD Schema Misconfiguration Elevation of Privilege
• CVE-2021-1499 - Cisco HyperFlex HX Data Platform RCE
• ContiLeaks
• Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
• Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
• ACHTUNG
• Rogue RDP – Revisiting Initial Access Methods
• sheepl
• Fingerprint cloning: Myth or reality?
• Windows LPE - Windows 10 1909 to 20H2 and Server Core 2004/20H2 (CVE-2021-33739)
• HTB: Acute
• CVE-2022-21970 - HTML Smuggeling Edge / Chrome
• CVE-2022-21970 - HTML Smuggeling Edge / Chrome
• CVE-2022-21970 - HTML Smuggeling Edge / Chrome
• Kerberos Relaying
• Windows installer LPE 0day
• Windows installer LPE 0day
• Zero-Day Exploitation of Atlassian Confluence - CVE-2022-26134.
• CVE-2021-42321 - Exchange RCE
• Zero-Day Exploitation of Atlassian Confluence
• Security issues related to the npm registry
• DirSync: Leveraging Replication Get-Changes and Get-Changes-In-Filtered-Set
• MS Defender Bypass durch umbenennen von procdump.exe
• MS Defender Bypass
• MS Defender Bypass durch umbenennen von procdump.exe
• MS Defender Bypass durch umbenennen von procdump.exe
• MS Defender Bypass durch umbenennen von procdump.exe
• Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
• Autodial(DLL)ing Your Way - Lateral Movement Windows
• php-fpm-local-root - LPE
• AAD & M365 kill chain
• Attacking Azure & Azure AD, Part II
• SATisfying our way into remote code execution in the OPC UA industrial stack
• SharpSystemTriggers - Cross User DCOM Authentication Trigger
• DFSCoerce - NetNTLM Coerced Auth
• Lockbit Ransomware group - Samples
• SharpSystemTriggers - Cross User DCOM Authentication Trigger
• Hertzbleed Attack
• CVE-2021-26084 Remote Code Execution on Confluence Servers
• CVE-2022-21371 - Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• HTB: Talkative
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
• GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
• X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL 3.0.0 - 3.0.6
• X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL
• STARTTLS implementations in email clients & servers plagued by 40+ vulnerabilities
• RCE 0-day that afftceted to GhostScript-9.50
• Fun fact: Die Fuchsia ist nach einem berühmten Tübinger benannt.
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• Trust me. PowerShell is not going to be the same again once you do this.
• ProxyToken: An Authentication Bypass in Microsoft Exchange Server
• ProxyToken: An Authentication Bypass in Microsoft Exchange Server
• The Phantom Credentials of SCCM: Why the NAA Won’t Die
• The Phantom Credentials of SCCM: Why the NAA Won’t Die
• Blinding EDR On Windows
• F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive
• Blinding EDR On Windows
• Rapidly Search and Hunt through Windows Event Logs
• Rapidly Search and Hunt through Windows Event Logs
• Spoofing Calendar Invites Using .ics Files
• No Logs? No Problem! Incident Response without Windows Event Logs
• 🔥 urlscan.io's SOAR spot: Chatty security tools leaking private data 🔥
• Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
• Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
• Gregor Samsa: Exploiting Java's XML Signature Verification - CVE-2022-34169
• HTB: Gobox
• INFOCONDB - Sammlung von ITSec Konfernenzen
• CVE-2021-26084 Remote Code Execution on Confluence Servers
• CVE-2021-26084 Remote Code Execution on Confluence Servers
• Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
• Humblebundle:
• Phishing Users to Take a Test
• Google Chrome 0day/1day
• Adding a native sniffer to your implants: decomposing and recomposing PktMon
• Google Chrome 0day/1day
• Google Chrome 0day/1day
• Part-1 Dive into Zoom Applications
• The Elastic Container Project for Security Research
• The dark side of Microsoft Remote Procedure Call protocols
• How the Kaseya VSA Zero Day Exploit Worked
• Unrar Path Traversal Vulnerability affects Zimbra Mail
• Restoring (Recovering) PowerShell Scripts from Event Logs
• PRINTING SHELLZ : HP Printer RCE
• Certificates and Pwnage and Patches, Oh My!
• The Pen Testing Tools We’re Thankful for in 2021
• GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
• GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
• All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
• Exploiting CVE-2021-43267
• A New Attack Surface on MS Exchange Part 3 - ProxyShell!
• OffensiveAutoIt
• Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
• Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
• Accidental $70k Google Pixel Lock Screen Bypass - CVE-2022-20465
• Social Engineering Your Way Into The Network
• Sandboxing Antimalware Products for Fun and Profit
• Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
• BREAKING & ENTERING
• UNORTHODOX LATERAL MOVEMENT:
• Ich habe deutsche Kommunen auf Schwachstellen überprüft
• Sophos UTM Preauth RCE: A Deep Dive into CVE-2020-25223
• Ich habe deutsche Kommunen auf Schwachstellen überprüft
• Grafana v8.x Arbitrary File Read - 0day
• reverse_ssh
• MS Defender Bypass comsvcs - mal wieder
• Windows 10 RCE: The exploit is in the link
• Windows 10 RCE: The exploit is in the link
• SOCKS5 via RDP Dynamic Virtual Channel
• GoodHound - Bloodhound Enumeration Tool
• Relaying to AD Certificate Services over RPC - ESC11
• Windows Print Spooler Elevation of Privilege vulnerability (CVE-2021-1675) explained
• HTB: Schooled
• They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
• CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability
• CVE-2022–43781 - ATLASSIAN BitBucket RCE (Vietnamesisch)
• PrinterNightmate #4.x
• This shouldn't have happened: A vulnerability postmortem
• This shouldn't have happened: A vulnerability postmortem
• Always Free Server Oracle Cloud
• Defender Bypass - Dump LSASS
• [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
• PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
• Windows EoP via USB Device
• PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
• PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
• RCE für Windows via TTF
• RCE für Windows via TTF
• Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
• Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
• Microsoft 365 OAuth Device Code Flow and Phishing
• Microsoft 365 OAuth Device Code Flow and Phishing
• HTB: Minion
• DirSync: Leveraging Replication Get-Changes and Get-Changes-In-Filtered-Set
• Account Persistence – Certificates - Windows
• HTB: Talkative
• Windows EoP via USB Device
• Windows EoP via USB Device
• Spying on users using Remote Desktop Shadowing - Living off the Land
• File URL Handler in Windows
• File URL Handler in Windows
• Kali - 2021.3
• LPE - Google Chrome / Edge Update Service - Windows 10 2009
• The Cyber Plumber's Handbook
• CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
• Spying on users using Remote Desktop Shadowing - Living off the Land
• Outdated JavaScript engine leads to RCE in Foxit PDF Reader
• Outdated JavaScript engine leads to RCE in Foxit PDF Reader
• SMTP Matching Abuse in Azure AD
• SMTP Matching Abuse in Azure AD
• Exploited Windows zero-day lets JavaScript files bypass security warnings
• The Curious Case of the Password Database
• Follina — a Microsoft Office code execution vulnerability
• Follina — a Microsoft Office code execution vulnerability
• CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
• SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
• Google Chrome NTP XSS via Google Search CSRF
• SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
• Harvesting Active Directory credentials via HTTP Request Smuggling
• BloodHound Inner Workings & Limitations
• BloodHound Inner Workings & Limitations
• CVE-2022-30781 Gitea RCE über die Migrate Funktion
• Phishing for NetNTLM Hashes
• Revisiting a Credential Guard Bypass - Windows
• Phishing With Google's Domain
• Windows User Profile Service 0day LPE
• HTB - Spider
• tinkershell - LPE
• CME - Hashspider
• CME - Hashspider
• CME - Hashspider
• Can it run Doom? -Can Doom run it? - Game Injection
• Déjà vu-lnerability
• Déjà vu-lnerability
• Déjà vu-lnerability
• Déjà vu-lnerability
• Linux sudo Heap Overflow < 1.9.4p2
• lsarelayx - NTLM Relaying unter Windows
• Linux sudo Heap Overflow < 1.9.5p1
• CVE-2021-25646 - Apache Druid < 20.1 authenticated RCE
• BIGIP Adwanced WAF & ASM RCE < 16.0.1.1 - CVE-2021-22992
• Giving JuicyPotato a second chance: JuicyPotatoNG
• Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
• Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)
• Infosec Blogs: Our Cup Runneth Over
• Backdooring and hijacking Azure AD accounts by abusing external identities
• The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
• ÆPIC Leak
• OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
• Capability Abstraction Case Study: Detecting Malicious Boot Configuration Modifications
• Undermining Microsoft Teams Security by Mining Tokens
• Making HTTP header injection critical via response queue poisoning
• Chaos Computer Club hackt Video-Ident
• Windows Containers: Host Registry Virtual Registry Provider Bypass EoP - CVE-2021-26864
• HTB: StreamIO
• Issue 2128: Windows Containers: AppSilo Object Manager Root Directory EoP
• HTB: Scanned
• Solving the Unredacter Challenge
• Living-Off-the-Blindspot - Operating into EDRs’ blindspot
• INTEL : Lord of the Ring(s): Side Channel Attacks on theCPU On-Chip Ring Interconnect Are Practical
• Kali - 2021.3
• BumbleBee Roasts Its Way to Domain Admin
• Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
• Yanluowang ransomware group claims to have breached Cisco
• Skidaddle Skideldi - I just pwnd your PKI
• Taking Kerberos to the next Level - Blackhat USA 2022 - James Forshaw - Nick Landers
• Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
• Phreaking 2.0Abusing Microsoft Teams Direct Routing
• How I Hacked my Car
• Hijack Libs
• RBCD on SPN-less users
• Oh, Behave! Figuring Out User Behavior (Windows Activity)
• Process injection: breaking all macOS security layers with a single vulnerability
• Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
• You're M̶u̶t̶e̶d̶ Rooted - Zoom LPE unter macOS
• TCM DIscount - PMAT & PEH
• Cisco Nightmare. Pentesting Cisco networks like a devil.
• WordPress Core - Unauthenticated Blind SSRF
• Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)
• Metasploit Weekly Wrap-Up - BYOS: Bring your own stager
• CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
• New Attack Paths? AS Requested Service Tickets
• File URL Handler in Windows
• Sacrificing Suspended Processes
• The difference between signature-based and behavioural detections
• Relaying YubiKeys / PIVert Smartcards
• Microsoft Windows Shift F10 Bypass and Autopilot privilge escalation
• BHIS | Coercions and Relays – The First Cred is the Deepest with Gabriel Prud'homme | 1.5 Hours
• Jailbreak für John-Deere-Traktoren
• Save the Environment (Variable) - Windows DLL Highjacking
• AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
• Evil PLC Attack: Using a Controller as Predator Rather than Prey
• Hacking Zyxel IP cameras to gain a root shell
• Travis-CI - Leak of sensitive files
• monomorph - MD5 Hash Collision
• HTB: Retired
• Skype for Business Audit Part 2 - SKYPErimeterleak
• Introducing BloodHound 4.2 — The Azure Refactor
• BARK - BloodHound Attack Research Kit
• Microsoft Office 365 email encryption could expose message content
• PersistenceSniper
• The Unavoidable Pain Of Backups — Security Deep-Dive Into The Internals Of NetBackup
• Why the best kind of cybersecurity is Open Security
• PART 3: How I Met Your Beacon – Brute Ratel
• Regexploit: DoS-able Regular Expressions
• dotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been Easier
• Introducing the Azure Threat Research Matrix
• HTB: Perspective
• Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
• QNAP Poisoned XML Command Injection (Silently Patched)
• Exploits Explained: 5 Unusual Authentication Bypass Techniques
• Disposable Root Servers
• Toner Deaf – Printing your next persistence (Hexacon 2022)
• SharpEfsPotato
• Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
• LPE - Google Chrome / Edge Update Service - Windows 10 2009
• WAM BAM - Recovering Web Tokens From Office
• Relaying YubiKeys Part 2
• Dameware Mini: The Sleeper Hit of 2019?
• How Hash-Based Safe Browsing Works in Google Chrome
• unblob - Binwalk alternative
• CVE-2022-3368 - LPE Avira Security
• Controlling the Source: Abusing Source Code Management Systems
• Discovering Domains via a Timing Attack on Certificate Transparency
• Dancing on the architecture of VMware Workspace ONE Access (ENG)
• Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
• Dumping the Sonos One smart speaker
• Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments
• HTB: Overgraph
• Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark
• HardwareAllTheThings
• Killing AV with SysInternals
• Wireshark 4.0.0 Release Notes
• Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!
• You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications
• IBM Studie über Stress und Gesundheit für IR Mitarbeiter.
• Common Conditional Access Misconfigurations and Bypasses in Azure
• LPE - RHEL 8.1, 8.2, and 8.3
• Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
• Bypass Nummer 2 ..
• Securing Developer Tools: A New Supply Chain Attack on PHP
• HackTricks Cloud
• SystemInformer / ProcessHacker3
• Powershell Obfuskierung - YARA
• ZDI-CAN-18333 aka ProxyNotShell— the story of the claimed zero day in Microsoft Exchange
• ProxyNotShell
• horrifying-pdf-experiments
• Microsoft Patch Tuesday im April 2022 ist ernst zu nehmen!
• Code execution in Wireshark via non-http(s) schemes in URL fields
• Top 10 web hacking techniques of 2020
• WannaCry 2.0 incoming...
• HTB: Scrambled
• Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
• What I learnt from reading {COUNT}* {TOPIC} bug reports.
• When Athletic Abilities Just Aren't Enough - Scoreboard Hacking
• Kernel Driver Exploit: System Mechanic
• Virtual x86 - Run KolibriOS, Linux or Windows 98 in your browser.
• CVE-2022-2992 - Gitlab Remote Command Execution via Github import
• SSD Advisory – pfSense Post Auth RCE
• Burp Suite - solving E-mail and SMS TAN multi-factor authentication with Hackvertor custom tags
• Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
• Analyse: Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
• Dependency Confusion

legacy

• F5 hat Schwachstelle in BigIP, ermöglicht Übernahme der Geräte
• Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)
• Relaying PetitPotam/printerbug gegen LDAPS (Resource-based Constrained Delegation)
• Lapsus Timeline Sitel/SYKES breach
• Nexus Dashboard Fabric Controller (aka DCNM) again w/ unauth web-to-root chain
• BadSectorLabs.com
• Spring Framework
• Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All
• CVE-2022-27666: Exploit esp6 modules in Linux kernel
• ABC-Code Execution for Veeam | CVE-2022-26503 , CVE-2022-26504, CVE-2022-26500
• A Spectre proof-of-concept for a Spectre-proof web
• Excel XLSB vs XLSX file format. The Pros and Cons of XLSB Files
• LDAP relays for initial foothold in dire situations
• Pwn2Own Tokyo 2020: Defeating the TP-Link AC1750 - CVE-2021-27246.
• Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
• Leak: Immunity CANVAS 7.26
• D-Link DAP-2020 PreAuthRCE - CVE-2021-27249, CVE-2021-27250
• CVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi
• Windows DNS Server unauth RCE - SIGRed - CVE2020-1350
• Exchange RCE - CVE-2021-26855 - ProxyLogon
• Spectre exploits in the "wild"
• The most common on premises vulnerabilities & misconfigurations - CNs
• AV Evasion via SysWhispers2 and more
• PPLDump Revival
• The Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys
• HTB: Late
• Pokémon Shellcode Loader
• Efficient Infrastructure Testing
• Analysing LastPass, Part 1
• Userland Execution of Binaries Directly from Python
• Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
• Pwning ManageEngine — From Endpoint to Exploit
• D/Invoke & GadgetToJScript
• Subdomain Enumeration Tool Face-off 2022
• widespread malware attack on github
• Palo Alto Firewall / VPN RCE with default Key
• Know Your AD Vulnerability: CVE-2022-26923
• Evilginx, meet BITB
• McAfee Agent könnte als Schlupfloch für Schadcode dienen
• AtomPePacker : A Highly Capable Pe Packer
• Living off the land, AD CS style
• Bitbucket Server and Data Center Advisory 2022-08-24
• But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
• Seventh Inferno vulnerability (some NETGEAR smart switches)
• Linux Kernel Exploit (CVE-2022-32250) with mqueue
• Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
• Securing Developer Tools: Argument Injection in Visual Studio Code
• Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
• Bypassing AppLocker by abusing HashInfo
• FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
• Replicant: Reproducing a Fault Injection Attack on the Trezor One
• Continuous access evaluation - Azure
• PXEThief - Pulling Passwords out of Configuration Manager
• Evading Detection: A Beginner's Guide to Obfuscation
• Emotet malware is back and rebuilding its botnet via TrickBot
• CVE-2022-35742 - Outlook DoS
• DirtyCred
• HTB: OpenSource
• What can we learn from leaked Insyde's BIOS for Intel Alder Lake
• Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
• Detecting and preventing LSASS credential dumping attacks
• Comparing Semgrep and CodeQL
• Capturing Detection Ideas to Improve Their Impact
• Killing Microsoft Defender for Endpoint - via MsMpLics.dll
• Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style
• TP-Link TL-WR840N EU v5 Remote Code Execution
• FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug - CVE-2022-23090
• Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)
• Critical Samba bug could let anyone become Domain Admin – patch now!
• VulnerabilitiesDataImport
• Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
• Researching Open Source apps for XSS to RCE flaws
• Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
• ShadowSpray - AD Shadowcredentials AtTack
• The secrets of Schneider Electric’s UMAS protocol
• Fun with PowerShell – Executing commands with DNS requests
• Blacksmith - Rowhammer bit flip attack
• Chromium based Browser SSL/TLS Error Bypass
• Zyxel authentication bypass patch analysis (CVE-2022-0342)
• GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7 - CVE-2022-1162.
• Ransomware Gang Abused Microsoft Certificates to Sign Malware
• Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
• Escalating from Logic App Contributor to Root Owner in Azure
• Traitor - Linux LPE
• Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
• Branch History Injection - SpectreV2-BHI
• CVE-2022-22005 Microsoft Sharepoint RCE - authenticated
• chrome://net-export
• Put an io_uring on it: Exploiting the Linux Kernel - CVE-2021-41073
• TLStorm - Three critical vulnerabilities discovered in APC Smart-UPS devices
• Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
• Masterpiece Video about DRAM. Low level!
• vmware-authd-EoP
• The Dirty Pipe Vulnerability
• 2021 Year In Review - The DFIR Report
• CVE-2022-24990: TerraMaster TOS unauthenticated remote command execution via PHP Object Instantiation
• Abusing Kerberos Constrained Delegation without Protocol Transition
• AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
• Obfuscating Malicious, Macro-Enabled Word Docs
• Security wall of S7CommPlus - Part 1
• HTB: Hancliffe
• Escaping privileged containers for fun
• Raidforum beschlagnahmt
• LSASS dumping in 2021/2022 - from memory - without C2
• Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
• The Discovery and Exploitation of CVE-2022-25636
• Google & Apache Found Vulnerable to GitHub Environment Injection
• Security tools showcased at Black Hat USA 2021
• #Conti playbook in a (google) translated, safe pdf:
• HTB: Proper
• Déjà vu-lnerability
• MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
• Get root on macOS 13.0.1 with CVE-2022-46689 - macOS Dirty Cow bug
• I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
• How to Hack APIs in 2021
• Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273)
• Fontuscator - Text Obfuscation with custom Font
• CVE-2022-46908 - SQLite --safe context bypass
• PostDump - C# Implementierung von Nanodump
• A JOURNEY TO PWN AND OWN THE SONOS ONE SPEAKER
• Messing with slash-proc
• An ACE Up the Sleeve:Designing Active Directory DACL Backdoors
• HTB Business CTF Write-ups
• DEF CON 29: Vulnerability Exchange: One Domain Account for More Than Exchange Server RCE
• CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
• Evading Detection: A Beginner's Guide to Obfuscation
• DEF CON 29 - Jacob Baines - Bring Your Own Print Driver Vulnerability
• A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
• CVE-2022-28672 - Foxit PDF Reader - Use after Free - Remote Code Execution Exploit
• The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users 
• Missing Bricks: Finding Security Holes in LEGO APIs
• NIST Retires SHA-1 Cryptographic Algorithm
• Spoofing Microsoft 365 Like It’s 1995
• StealthHook - A method for hooking a function without modifying memory protection
• CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
• Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)
• HTB: Devzat
• ACSESSED: Cross-tenant network bypass in Azure Cognitive Search
• Notice of Recent Security Incident - Lastpass
• Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
• SNMP… Strings Attached!
• Stealing Chrome cookies without a password
• Windows Privilege Escalation: Server Operator Group
• The Cyber Plumber's Handbook
• CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF
• Better Make Sure Your Password Manager Is Secure
• MSI Shenanigans. Part 1 – Offensive Capabilities Overview
• Okta says its GitHub account hacked, source code stolen
• 10 ways of gaining control over Azure function Apps
• Comparison of reverse image searching in popular search engines [OSINT hints]
• HTB: CrossFitTwo
• HTB: Epsilon
• Multiple vulnerabilities in FortiManager version 6.4.5
• OpenSSL - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
• CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability
• Exchange Server GetWacInfo Information Disclosure Vulnerability - CVE-2022-24463
• HTB: Ransom
• BITB - Browser templates for Browser In The Browser (BITB) attack
• Three Lessons From Threema: Analysis of a Secure Messenger
• CentOS 7 webpanel unauthenticated RCE - CVE-2022-44877
• The OWASSRF + TabShell exploit chain
• Fortinet music video "Firewall"
• Unauth RCE VEEAM - CVE-2022-26500 | CVE-2022-26501
• Decrypting Viscosity Passwords
• It’s Not You! Windows Security Logs Don’t Make Sense
• Maelstrom: Static OpSec Review
• A Detailed Guide on httpx
• Group3r - AD GPO Enumeration Tool
• ConPtyShell - Windows Reverse-Shell
• Circumventing Browser Security Mechanisms For SSRF
• Racing against the clock -- hitting a tiny kernel race window
• TCC ClickJacking
• Azure Dominance Paths - Attackmap
• Okta Service Hacked by Lapsus, Gained Superuser Access
• Initial Access - Right-To-Left Override [T1036.002]
• HTB: Stacked
• CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM
• Bypassing UAC in the most Complex Way Possible!
• SAM und SECURITY für normale Nutzer unter Windows 10 lesbar
• Active Directory Enumeration: PowerView
• Remote Potato - Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
• Azure AD Pass The Certificate - Lateral Movement in Azure
• SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718)
• Exploring Windows UAC Bypasses: Techniques and Detection Strategies
• Citrix Injection - DLL Injections via Ctx64Injector64
• TOOL: SharpRDP
• Tech-support-scams für infosec
• NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack
• Maelstrom: EDR Kernel Callbacks, Hooks, and Call Stacks
• Snaffler und Group3r inlineExecuteAssembly
• A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
• Shadow Credentials - AD
• Advanced-Process-Injection-Workshop by CyberWarFare Labs
• Chrome 0.5day - RCE
• Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
• GitLab <13.9.4 RCE via unsafe inline Kramdown options when rendering certain Wiki pages
• CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability
• Ubuntu OverlayFS - EoP
• HTTP/3 connection contamination: an upcoming threat?
• NAME:WRECK - IoT DNS Exploits
• From 0 to RCE: Cockpit CMS
• PulseSecure VPN RCE - Aktiv Angegriffen
• Finding Buried Treasure in Server Message Block (SMB)
• Named-Pipe-PTH - Lokale User impersonierung
• Lateral Movement – WebClient - Windows ADs
• Ubuntu Desktop Exploit - Pwn2Own 2021 Local Escalation of Privilege Category
• Process Ghosting - Windows
• persistence-info.github.io
• CVE-2021-42287/CVE-2021-42278 Weaponisation
• A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
• LOG4J2-3201 - Limit the protocols JNDI can use by default.
• Javascript RegEx bypass
• Relaying Kerberos only using native Windows
• Introducing BloodHound 4.1 — The Three Headed Hound
• 🔥Top 10 web hacking techniques of 2021🔥
• How Docker Made Me More Capable and the Host Less Secure - CVE-2021-41091
• Heap tricks never get old - Insomni'hack teaser 2022
• Object Overloading - Windows
• HOW TO HACK "THE MAINFRAME" ! (for real)
• QNAP removes backdoor account in NAS backup, disaster recovery app
• Microsoft Office Online Server Remote Code Execution
• Cyberchef
• Recognizing patterns in memory
• CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
• Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
• Introducing Decompiler Explorer
• Koh: The Token Stealer
• Retbleed: Arbitrary Speculative Code Execution with Return Instructions
• iscsicpl autoelevate DLL Search Order hijacking UAC Bypass 0day
• Fakesign Binaries to bypass AVs/EDR
• rundll32.exe keymgr.dll, KRShowKeyMgr - Read stored credentials
• A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
• I feel a draft. Opening the doors and windows - 0-click RCE on the Tesla Model3
• CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel
• Firejail: private-cwd leaks access to the entire filesystem #4780
• Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida
• Web App Pen Testing in an Angular Context
• Networking VMs for HTB
• SPN-jacking: An Edge Case in WriteSPN Abuse
• Workplace by Facebook | Unauthorized access to companies environment — $27,5k
• SiSyPHuS Win10: Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10
• Hacking the Furbo Dog Camera: Part I
• Anatomy of how you get pwned
• CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
• Detecting and annoying Burp users
• CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
• Introducing Pretender - Your New Sidekick for Relaying Attacks
• Ubuntu accountsservice CVE-2021-3939 (GHSL-2021-1011)
• Lansweeper lansweeper - Multiple Vulnerabilities
• Windows Server 2016 - EOL
• Issue 100: Platform certificates used to sign malware
• Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access
• Stalking inside of your Chromium Browser - Revisiting Remote Debugging
• Visual Studio Code: Remote Code Execution
• CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection
• Looting iOS App’s Cache.db
• Malware triage in 30 minutes or how to get infected when browsing google
• ChatGPT - OpenAI
• Openredirect www.google.com - Phishing
• Microsoft Defender for Identity Encrypted Password
• Web browsers drop mysterious company with ties to U.S. military contractor
• Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) - LPE Ubuntu
• FreeBSD-SA-22:15. Stack overflow in ping(8) - CVE-2022-23093
• Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 - CVE-2022-36431
• Car Hacking - SiriusXM Telemetry
• Outdated JavaScript engine leads to RCE in Foxit PDF Reader
• I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit
• Looting Microsoft Configuration Manager
• The art and science of modern hacking - Humblebundle
• Exactly what you’re looking for - Github Code Search allows RegEx
• A Confused Deputy Vulnerability in AWS AppSync
• macOS Sandbox Escape vulnerability via Terminal
• Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE-2021-38666)
• HTB: CarpeDiem
• SysmonEoP - CVE-2022-41120
• A phishing document signed by Microsoft – part 1
• SMTP Matching Abuse in Azure AD
• Android App Hacking Workshop
• Why is Exposing the Docker Socket a Really Bad Idea?
• Debugging Protected Processes
• Novel Pipeline Vulnerability Discovered; Rust  Found Vulnerable
• Pre-Auth RCE with CodeQL in Under 20 Minutes
• Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway
• CertPotato – Using ADCS to privesc from virtual and network service accounts to local system
• Sniffing SSH Passwords
• Internet Explorer 0-day exploited by North Korean actor APT37
• Issue 2346: Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP - CVE-2022-41057
• Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
• Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)
• Azure temporary passwords - Eingeschränkter Zeichenraum
• HardeningKitty and Windows 10 Hardening
• Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
• Citrix SSON Credential Leak
• CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
• [ENG] Creating a loader PoC using various languages
• Scavenger: Misuse Error Handling Leading To QEMU/KVM Escape
• CVE-2020-28018: Exim Use-after-free (UAF) leading to RCE
• Shodan 201: Rummaging Around The Internet
• Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack
• PlumHound Reporting Engine for BloodHoundAD
• Cool vulns don't live long - Netgear and Pwn2Own
• Secret Backdoors Found in German-made Auerswald VoIP System
• CVE-2022-22536 - SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22536
• Dumping Plaintext RDP credentials from svchost.exe
• Azure AD Certificate-Based Authentication now in Public Preview
• NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
• Never, Ever, Ever Use Pixelation for Redacting Text
• Where's the Interpreter!? (CVE-2021-30853) - MacOS Security Bypass
• From Backup Operator To Domain Admin
• Issue 2319: Cisco Jabber: XMPP Stanza Smuggling with stream:stream tag - CVE-2022-20917
• Advisory: Western Digital My Cloud Pro Series PR4100 RCE
• Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
• Cache Poisoning at Scale
• Responder and IPv6 attacks
• Lsass Shtinkering
• Building A Virtual Machine inside ChatGPT
• Hijacking GitHub Repositories by Deleting and Restoring Them
• How to mimic Kerberos protocol transition using reflective RBCD
• Top 10 web hacking techniques of 2021 - nominations open
• Issue 2223: Zoom: Buffer overflow when processing chat messages
• Enumeration and lateral movement in GCP environments
• Turning bad SSRF to good SSRF: Websphere Portal
• Converting C# Tools to PowerShell
• A defender’s view inside a DarkSide ransomware attack
• Write Windows Shellcode in Rust
• Driver-Based Attacks: Past and Present - BYOVD - Windows
• OfflineSAM Modification - Offline Attack Windows (Fremdbooten)
• Eliminating Dangling Elastic IP Takeovers with Ghostbuster
• Dropping Files on a Domain Controller Using CVE-2021-43893
• SCCM passwords & #mimikatz
• CVE‑2021‑1079 – NVIDIA GeForce Experience Command Execution
• HTB: AdmirerToo
• Public penetration testing reports
• CVE-2021-21551 - Dell Command Update via DBUtil_2_3
• MS-FSRVP abuse (ShadowCoerce)
• Fixing the Unfixable: Story of a Google Cloud SSRF
• 🔥KrbRelay - Kerberos relaying C#🔥
• Another Log4j on the fire: Unifi
• HTB: LogForge
• The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
• PHP LFI with Nginx Assistance
• Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs
• Dirty Vanity - Shellcode Execution via Process Forks
• Arbitrary Code Execution via v8 Javascript Engine
• HTB: Outdated
• Responsible Red Teaming - Operate with Honor - Free Course
• Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
• Issue 1252074: Security: ChromeOS root command persistence
• Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
• From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
• Windows Command-Line Obfuscation
• RemotePotato0
• HTB: Armageddon
• SuperSneakyExec - C# Shellcode Runner without PInvoke
• Diving into pre-created computer accounts
• SQL Injection in Wordpress core (CVE-2022–21661)
• The Mac Malware of 2021 👾
• Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
• EDR Parallel-asis through Analysis
• Insecure Comments - MS Office
• CVE-2021-20038 - SonicWall VPN RCE
• Microsoft Cybersecurity Reference Architectures
• HTB: EarlyAccess
• Microsoft is making it harder to steal Windows passwords from memory
• AD PKI #ESC8 in Kombination mit PetitPotam
• Exploited Windows zero-day lets JavaScript files bypass security warnings
• CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable
• Using OpenAI Chat to Generate Phishing Campaigns
• ReverseRDP_RCE - Windows RDP RCE auf Client
• Cisco Prime 3.9.1 - RCE
• Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)
• Steal Credentials & Bypass 2FA Using noVNC
• nrich - Shodan API Tool (Portscan)
• Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!
• HTB: Bolt
• ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images. - CVE-2021-22204
• The Curious Case of the Password Database - ManageEngine’s Password Manager Pro
• PNG Parser Differential - Apple <-> NonApple
• the XSS Rat - Course Material
• HTB: Attended
• Assessing Standalone Managed Service Accounts
• Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
• Precious Gemstones: The New Generation of Kerberos Attacks
• Yes, fun browser extensions can have vulnerabilities too!
• Blackswan Technical Writeup (PDF) - Windows LPE
• Want to try to decode SCCM passwords in SC_UserAccount table with #mimikatz ?
• A physical graffiti of LSASS: getting credentials from physical memory for fun and learning
• Honeysploit: Exploiting the Exploiters
• letme.go – A minimalistic Meterpreter stager written in Go
• Rogue Assembly Hunter
• HTB: Static
• RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
• AD CS
• VMWare Horizon anfällig für log4shell
• Statistik über Ransomware Ergebnisse
• INFRA:HALT
• Microsoft verbessert Schutz gegen Makros ab April
• ASR schützt LSASS Prozess gegen auslesen
• Follina — a Microsoft Office code execution vulnerability
• Windows 11 enthält kein WMIC mehr
• Stealing a few more GitHub Actions secrets
• Remote Code Execution in pfSense <= 2.5.2
• Rubeus 2.0
• Identifying Bugs in Router Firmware at Scale with Taint Analysis
• Variant analysis of the ‘Sequoia’ bug
• A pinch of XLL and a splash of rust has the potential to be a sharp combination
• AD CS – The Basics
• From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator
• Blackhat: Diving in to spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer.
• CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
• Blackhat: Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
• DEFCON : Response Smuggling: Pwning HTTP/1.1 Connections
• Blackhat: HTTP/2: The Sequel is Always Worse
• SameSite: Hax – Exploiting CSRF With The Default SameSite Policy
• 🔥Relaying Kerberos over DNS using krbrelayx and mitm6🔥
• Find You: Building a stealth AirTag clone
• Horde Webmail 5.2.22 - Account Takeover via Email
• The Ultimate Guide to Phishing
• Universal Privilege Escalation and Persistence – Printer
• The path to code execution in the era of EDR, Next-Gen AVs, and AMSI
• Graphischer UAC Bypass - msconfig
• From Stolen Laptop to Inside the Company Network
• Welcome to Bug Hunter University
• AWS ECR Public Vulnerability
• FindUncommonShares - AD SMB enumeration
• Linux kernel Use-After-Free (CVE-2021-23134) PoC.
• Microsoft Wont-Fix-List
• If anybody is bored - can you recreate #HiveNightmare in a 240 or less character PowerShell tweet?
• Fantastic Windows Logon types and Where to Find Credentials in Them
• Decrypting SMB3 Traffic with just a PCAP? Absolutely (maybe.)
• NTLM relaying to AD CS - On certificates, printers and a little hippo
• Blind exploits to rule WatchGuard firewalls
• New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
• macOS Red Teaming: Get Active Directory credentials from NoMAD
• Build your own WiFi Pineapple Tetra for $7!
• Kernel Pwning with eBPF: a Love Story
• Issue 2186: Exchange: AD Schema Misconfiguration Elevation of Privilege
• #printnightmare 4.x
• Issue 2228: Windows: EFSRPC Arbitrary File Upload EoP
• Windows cmd.exe - Ausführen von Dateien
• CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO
• CVE-2021-1499 - Cisco HyperFlex HX Data Platform RCE
• Issue 2254: Zoom: Remote Code Execution with XMPP Stanza Smuggling
• NAT Slipstreaming v2.0
• Moodle 2nd Order Sqli
• How to Analyze Malicious Microsoft Office Files
• Bluffy the AV Slayer - Convert shellcode into different formats.
• LAPSUS$ <-> NVIDA
• Triaging A Malicious Docker Container
• ContiLeaks
• SEKTOR7 Kurs-Rabatt
• JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library
• Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
• HTB: Object
• SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
• Rogue RDP – Revisiting Initial Access Methods
• Re-ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using.. Google.. Again
• Intro to Embedded RE Part 1: Tools and Series Overview
• Running Cobalt Strike BOFs from Python
• Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
• sheepl
• EFS RPC
• Fuzzing Windows RPC with RpcView
• HTB: TheNotebook
• Bypassing Windows 10 UAC with mock folders and DLL hijacking
• Hunt for the gMSA secrets - WIndows AD
• Microsoft Intune - Bypassing conditional access by faking device compliance.
• malware_training_vol1
• SAML XML Injection
• Fingerprint cloning: Myth or reality?
• Attack Surface Analysis - Part 2 - Custom Protocol Handlers
• HTB: Meta
• How I Met Your Beacon - x33fcon - Domchell
• Anti-Malware - Rewind - Panik Button bei Virusinfektionen
• Gitlab Project Import RCE Analysis (CVE-2022-2185)
• CVE-2021-22986 f5 big ip unauth rce
• Incident Response in AWS
• EoP - Windows mit Intune via Bitlocker Recovery Key
• LPE Windows 10 - CVE-2021-1732
• Trojan Source: Invisible Vulnerabilities
• CVE-2021-22205 - Gitlab RCE
• From Zero to Domain Admin - DFIR Report
• HTB: Explore
• MalAPI.io - Sammlung an Windows APIs die Malware benutzt
• CyberArk Endpoint Manager Local Privilege Escalation CVE-2021–44049.
• Phishing for AWS credentials via AWS SSO device code authentication
• SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
• Part 1 – SingPass RASP Analysis
• Abusing Google Drive's Email File Functionality
• Windows LPE - Windows 10 1909 to 20H2 and Server Core 2004/20H2 (CVE-2021-33739)
• ProtectMyTooling – Don’t detect tools, detect techniques
• CVE-2022-21970 - HTML Smuggeling Edge / Chrome
• Zooming in on Zero-click Exploits
• Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
• Local Privilege Escalation in all Windows Versions
• Dotnet’s default AES mode is vulnerable to padding oracle attacks
• HTB: Enterprise
• Microsoft resumes default blocking of Office macros after updating docs
• CVE-2022-1040 Sophos XG Firewall Authentication bypass
• Bypassing Image Load Kernel Callbacks
• Stranger Strings: An exploitable flaw in SQLite
• GrabAccess - Konboot Klon
• Certified Pre-OwnedAbusing Active Directory Certificate Services
• Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
• Make JDBC Attack Brilliant Again
• Gitlab: Clipboard DOM-based XSS.
• critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)
• Kerberos Relaying
• Breaking electron-store's encryption
• Harvesting Active Directory credentials via HTTP Request Smuggling
• BSI Phishing-Spiel
• ChaosDB: How we hacked thousands of Azure customers’ databases
• DD-WRT UPnP Buffer Overflow
• H2C Smuggling in the Wild
• TPM sniffing
• LinkSys EA6100 AC1200
• PDF als Transporter für Schadcode
• CVE-2021-42321 - Exchange RCE
• Windows installer LPE 0day
• Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology
• Terminal Server PRIV.ESC via RemotePotat0
• Is exploiting a null pointer deref for LPE just a pipe dream? - WIndows LPE
• Zero-Day Exploitation of Atlassian Confluence - CVE-2022-26134.
• Security issues related to the npm registry
• Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
• Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days
• AutoPoC - Validating the Lack of Validation in PoCs
• MS Defender Bypass durch umbenennen von procdump.exe
• Drupal insecure default leads to password reset poisoning
• SANS - Cheatsheets
• Nagios XI < 5.7.5 - 13 Nagios Vulnerabilities
• The trouble with Microsoft’s Troubleshooters
• Feral Terror - RCE in Netgear Switches
• 2021.1 IPU - Intel® VT-d Advisory
• Windows Drivers Reverse Engineering Methodology
• CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
• Persistent access to Burp’s Collaborator Session
• pay-what-you-can (min $5) on the following courses: External Pentest Playbook Windows PrivEsc Linux PrivEsc
• Creating Fully Undetectable Payload (FUD) with C
• GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
• Autodial(DLL)ing Your Way - Lateral Movement Windows
• The github.dev web-based editor
• Teil2: Managed Identity Attack Paths, Part 2: Logic Apps
• SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
• Responder DHCP in Version 3.0.7.0
• Zoom RCE from Pwn2Own 2021
• Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn
• Visual Studio Code Jupyter Notebook RCE
• Snakes on a Domain: An Analysis of a Python Malware Loader
• The dying knight in the shiny armour
• RC4 Is Still Considered Harmful
• AAD & M365 kill chain
• php-fpm-local-root - LPE
• CVE-2022-30781 Gitea RCE über die Migrate Funktion
• Linux sudo Heap Overflow < 1.9.5p1
• Attacking Azure & Azure AD, Part II
• Convert ldapdomaindump to Bloodhound
• HTB: Spooktrol
• All Access Pass: Five Trends with Initial Access Brokers
• SharpSystemTriggers - Cross User DCOM Authentication Trigger
• Schwachstelle in Citrix ADM
• DFSCoerce - NetNTLM Coerced Auth
• Lockbit Ransomware group - Samples
• Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
• Decrypting VEEAM Passwords
• CdpSvcLPE - WIndows LPE - Writeable SYSTEM path Dll Hijacking)
• XSS in the AWS Console
• Car hijacking swapping a single bit - Hardware SPI
• Discovering Zero-Day Vulnerabilities in McAfee Products (CVE-2021-31838)
• Responder's DHCP Poisoner
• Don't Ruck Us Too Hard - Owning Ruckus AP devices
• Abusing the Exchange Postmaster to Expose Email Spam & Malware Filters
• Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
• Your Microsoft Teams chats aren’t as private as you think..
• 9 OSINT Tools For Your Reconnaissance Needs
• Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
• Repurposing Real TTPs for use on Red Team Engagements
• SynLapse – Technical Details for Critical Azure Synapse Vulnerability
• Hertzbleed Attack
• Nextcloud - Attacker can obtain write access to any federated share/public link (CVE-2021-32654 & CVE-2021-32655)
• Cracking WiFi at Scale with One Simple Trick
• Pwn2Own Vancouver 2021 :: Microsoft Exchange Server Remote Code Execution
• HotPics 2021 - RCE via GhostScript
• %appdata% is a mistake – Introducing Invoke-DLLClone
• AWS WAF's Dangerous Defaults
• Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete?
• CVE-2022-21371 - Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
• Pwning 3CX Phone Management Backends from the Internet
• Solarwinds Web Help Desk: When the Helpdesk is too Helpful
• Recovering Randomly Generated Passwords
• 🔥pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)🔥
• Resource based constrained Delegation (RBCD) WebClient attack
• SharpProxyLogon
• This man thought opening a TXT file is fine, he thought wrong. macOS CVE-2019-8761
• The Power of SeImpersonation
• Man in the Terminal - Logger für Linux / Pathhijacking
• Breaking GitHub Private Pages for $35k
• RDCMan v2.8
• Evasive Phishing Techniques Threat Actors Use to Circumvent Defense Mechanisms
• Miracle - One Vulnerability To Rule Them All
• Retrieving AWS security credentials from the AWS console
• Attacking With WebView2 Applications
• No Passwords More Problems
• Anatomy and Disruption of Metasploit Shellcode
• Introducing iHide – A New Jailbreak Detection Bypass Tool
• ZDI-21-1053: Bypassing Windows Lock Screen
• Popular 'coa' NPM library hijacked to steal user passwords
• How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
• Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
• Automatically extracting static antivirus signatures
• Binary File Write via Microsoft Speech API
• Mitmproxy 9
• Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
• GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
• Safari is hot-linking images to semi-random websites
• Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
• Nighthawk 0.2.1 – Haunting Blue
• Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
• X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL 3.0.0 - 3.0.6
• Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
• Hacking Swagger-UI - from XSS to account takeovers
• Finding DOM Polyglot XSS in PayPal the Easy Way
• How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506]
• An EPYC escape: Case-study of a KVM breakout - CVE-2021-29657
• RCE 0-day that afftceted to GhostScript-9.50
• HTB: Unobtainium
• From RpcView to PetitPotam (Windows)
• RestrictedAdmin
• unauth RCE Western Digital PR4100 NAS - Your vulnerability is in another OEM!
• BleedingTooth - Linux Blueetooth Stack (BadVibes, BadKarma and BadChoice)
• Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter
• Analysis of CVE-2022-30136 “Windows Network File System Vulnerability“
• How I Got Pwned by My Cloud Costs
• Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
• Apache Tapestry - CVE-2021-27850 Exploit
• A supply-chainbreach: Taking over an Atlassian account
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• 🔥Trust me. PowerShell is not going to be the same again once you do this.🔥
• ProxyToken: An Authentication Bypass in Microsoft Exchange Server - CVE-2021-33766
• The Phantom Credentials of SCCM: Why the NAA Won’t Die
• Double PetitPotam - unauthenticated #petitpotam everywhere (not only for DCs)!
• Understanding Zigbee and Wireless Mesh Networking
• Phishing for NetNTLM Hashes
• Fuzzing RDP: Holding the Stick at Both Ends
• Blinding EDR On Windows
• PHP NULL Byte
• Backdooring Rust crates for fun and profit
• New Critical Vulnerabilities Found on Nucleus TCP/IP Stack
• Pentest tale - Dumping cleartext credentials from antivirus
• Rapidly Search and Hunt through Windows Event Logs
• Escalating XSS to Sainthood with Nagios - Nagios <
• Spoofing Calendar Invites Using .ics Files
• HTB: Nunchucks
• Riding the InfoRail to Exploit Ivanti Avalanche
• No Logs? No Problem! Incident Response without Windows Event Logs
• How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It
• XSS Phishing Payload - Snippet
• HTB: Union
• Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover
• WarCon 2022 – Modern Initial Access and Evasion Tactics
• Phishing Course
• Notepad++ Plugins for Persistence
• HTB: Anubis
• This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them
• Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
• BitLocker touch-device lockscreen bypass
• urlscan.io's SOAR spot: Chatty security tools leaking private data
• LOLBINed — Using Kaspersky Endpoint Security “KES” Installer to Execute Arbitrary Commands
• Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
• Gregor Samsa: Exploiting Java's XML Signature Verification - CVE-2022-34169 CVSS: 7.5
• HTB: Tentacle
• HTB: Gobox
• Pwn2Own’ing the TP-Link Archer A7 - CVE-2021-27246
• Automated 0-day discovery in 2021: Squashing the low-hanging fruit in widespread embedded software
• HTB: Moderators
• Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
• SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE
• Bypassing Signature-Based AV
• Pass the Cloud with a Cookie
• Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
• CVE-2021-26084 Remote Code Execution on Confluence Servers
• Windows - Infoleak (CVE-2021-24084)
• Phishing Users to Take a Test
• Hacking the Apple Webcam (again)
• BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
• CVE-2022-27666: Exploit esp6 modules in Linux kernel
• Sitecore Experience Platform Pre-Auth RCE
• RipZip
• HTB: Atom
• Adding a native sniffer to your implants: decomposing and recomposing PktMon
• CONTInuing the Bazar Ransomware Story
• TokenTactics
• HTML Maldoc Remote Macro Injection
• UDP Technology IP Camera vulnerabilities
• Google Chrome 0day/1day
• Rawsec's CyberSecurity Inventory
• Decompile Microsoft ASR Scripts
• Passwordspraying gegen Azure - aad-sso-enum-brute-spray
• Facebook email disclosure and account takeover
• PHP 7.0-8.0 disable_functions bypass [user_filter]
• Abusing Weak ACL on Certificate Templates.
• Finden von Windows Registry Hives in virtuellen Festplatten - Needle
• A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows
• DeepSurface Security Advisory: LPE in Firefox on Windows
• HTB: Monitors
• Backdoor .NET assemblies with… dnSpy 🤔
• Phishing Email Database: Real Phishing Examples & Threats
• Windows - PowerShell Jobs
• LSASS Procdump
• Malicious Python Script Behaving Like a Rubber Ducky
• Azure AD introduction for red teamers
• Tianfu Cup - Exploit Conference
• Reverse engineering and decrypting CyberArk vault credential files
• Part-1&2 Dive into Zoom Applications
• Resetting Expired Passwords Remotely
• How the Kaseya VSA Zero Day Exploit Worked
• Bypass Bitlocker Preboot Authentication mit physischem Zugriff auf das Gerät
• SharpImpersonation Release
• Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings
• Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492)
• [CVE-2022-34918] A crack in the Linux firewall
• CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
• SysWhispers is dead, long live SysWhispers!
• Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
• Unrar Path Traversal Vulnerability affects Zimbra Mail
• CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
• FabricScape: Escaping Service Fabric and Taking Over the Cluster
• Beefproject - Beef
• ‘Demon’s Cries’ authentication bypass patched in Netgear switches
• Restoring (Recovering) PowerShell Scripts from Event Logs
• CVE-2021-22555: Turning into 10000$
• Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
• Bypassing Windows Hello Without Masks or Plastic Surgery
• CVE-2022-44142 - New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root
• HackTheBox: APT (Insane)
• Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
• PRINTING SHELLZ : HP Printer RCE für 150 Modelle
• URL Shorteners
• Password spraying and MFA bypasses in the modern security landscape
• Obsidian, Taming a Collective Consciousness
• OpenBMC: remote code execution in netipmid - IPMI
• SharpLink - C# Port der symboliclink-testing-tools von James Forshaw
• Revisiting a Credential Guard Bypass - Windows
• ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3
• Lateral Movement with Managed Identities of Azure Virtual Machines
• Attacking Active Directory: 0 to 0.9
• DIVD-2021-00011 - Kaseya VSA Limited Disclosure
• Filesec.io
• Bypassing Azure AD home tenant MFA and CA
• Certificates and Pwnage and Patches, Oh My!
• Do You Really Know About LSA Protection (RunAsPPL)?
• Kubesploit - C2 Kubernetes Framework
• alert() is dead, long live print()
• AV Evasion Part 3: Fibers
• #Pwn2Own - RCE in Zoom (0click)
• OffensiveAutoIt
• The Pen Testing Tools We’re Thankful for in 2021
• GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
• All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
• Exploiting CVE-2021-43267 - Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution
• PGSharp: Analysis of a Cheating App for PokemonGO
• HTB: PivotAPI
• Alert changes to sensitive AD groups using MDI
• F-Secure: Attack Detection Fundamentals 2021: Windows
• CVE: CVE-2022-26911 - Skype4Business authenticated arbitrary Fileread
• KeepassXC Read Password from Memory
• Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
• CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability
• Weaponizing and Abusing Hidden FunctionalitiesContained in Office Document Properties
• Webdriver Bugs
• Graphical Lures In The Age of Cybercrime.
• The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
• Using CVE-2021-40531 for RCE with Sketch - macOS
• Dumping and extracting the SpaceX Starlink User Terminal firmware
• KeeFarce Reborn - Keepass Export PWs
• Coercing NTLM Authentication from SCCM
• A tale of EDR bypass methods
• An Introduction to Fault Injection (Part 1/3)
• ProxyNotRelay - An Exchange Vulnerability Encore
• Accidental $70k Google Pixel Lock Screen Bypass - CVE-2022-20465
• xterm before patch 375 can enable an RCE under certain conditions - CVE-2022-45063
• AMSI-ETW-Patch - 1 Byte Memory patch
• LaZagne - Credentials recovery project
• Suborner: A Windows Bribery for Invisible Persistence
• A possibly overlooked GELSEMIUM artefact
• AMSI Unchained
• Social Engineering Your Way Into The Network
• Critical Vulnerabilities Discovered in Popular Automotive GPS Tracking Device (MiCODUS MV720)
• DEEPL - Prozess Dumper
• PrivacyTests.org - Übersicht der Anti-Tracking Features der Browser
• Pwn2Own -> Xxe2Rce - RCE in Rockwell Studio 5000 Logix Designer
• Kerberoast with OpSec
• How iOS Malware Can Spy on Users Silently
• Windows Quiz: Medium IL to High IL
• Master of Puppets Part II – How to tamper the EDR?
• Windows Relaying - I’m bringing relaying back: A comprehensive guide on relaying anno 2022
• Critical Flaws Discovered in Cisco Small Business RV Series Routers
• HTB: Pressed
• S4fuckMe2selfAndUAndU2proxy - A low dive into Kerberos delegations
• Solving DOM XSS Puzzles
• Sandboxing Antimalware Products for Fun and Profit
• Bloodhound "Spotlight"
• QNAP Pre-Auth CGI_Find_Parameter RCE
• executing an http stream as an .exe
• Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
• Go away BitLocker, you´re drunk
• HTB: Intelligence
• Popping iOS <=14.7 with IOMFB
• HOWTO: Microsoft Teams Proxy DLL Hijacking(Tutorial)
• GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI
• Facebook account takeover due to a wide platform bug in ajaxpipe responses
• CookieMonster - Tool
• The Invisible JavaScript Backdoor
• Thick Client Penetration Testing Methodology
• Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog
• This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others
• Windows 11 LPE
• Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
• Reset Passwords
• Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
• GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink
• Kaspersky Password Manager: All your passwords are belong to us
• Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
• Introducing ROADtools Token eXchange (roadtx) - Automating Azure AD authentication, Primary Refresh Token (ab)use and device registration
• Php-Internalog, Introspection Applied to 0day Research
• Lessons Learned from Cloning Windows Binaries and Code Signing Implants
• Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses
• BREAKING & ENTERING
• Linux Kernel Teaching
• Relaying to AD Certificate Services over RPC - ESC11
• Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
• A not-so-common and stupid privilege escalation
• UNORTHODOX LATERAL MOVEMENT:
• Account hijacking using "dirty dancing" in sign-in OAuth-flows
• Unicode Right-To-Left Override
• MSDT DLL Hijack UAC bypass
• Rooting Gryphon Routers via Shared VPN
• CVE-2022-21882 - LPE Windows
• Software Defined Radio, Part 6: Building a Cellphone IMSI Catcher (Stingray)
• [ENG] UUID Shellcode Execution Implementation in C# and DInvoke
• It’s all in the details: The curious case of an lsass dumper gone undetected
• Stealing passwords from infosec Mastodon - without bypassing CSP
• BloodHound Inner Workings & Limitations
• 50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)
• OffensiveVBA
• Using Kerberos for Authentication Relay Attacks
• Hacking Unifi Controller Passwords for Fun and WIFI
• WinRAR’s vulnerable trialware: when free software isn’t free
• SSD Advisory – Cisco "Secure" Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege
• Virtual Disks (VHD(x), ISO) erhalten MOTW
• BumbleBee Zeros in on Meterpreter
• Amazon once again lost control (for 3 hours) over the IP pool in a BGP Hijacking attack
• Ich habe deutsche Kommunen auf Schwachstellen überprüft
• Code execution as root via AT commands on the Quectel EG25-G modem
• reverse_ssh
• MS Defender Bypass comsvcs - mal wieder
• USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
• Phishing with Google Calendar
• A Symmetric Cipher Ransomware … YES!
• Grafana v8.x Arbitrary File Read - 0day
• Reflective Code Loading in Linux — A New Defense Evasion Technique in MITRE ATT&CK v10
• Windows 10 RCE: The exploit is in the link
• CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
• Android Rubberducky
• Introduction to Parent-Child Process Evasion
• HTB: Hathor
• Exploiting System Mechanic Driver
• Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
• Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette"
• Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
• Microsoft Internet Explorer 11 (protected mode off) & Adobe Acrobat Reader DC ActiveX
• From NtObjectManager to PetitPotam
• The past 10 years of Automotive Vulnerabilities
• A Diamond in the Ruff - Kerberos Diamond Tickets
• Possible RCE in OpenSSL 3.0.4
• HTB - Spider
• When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
• Game Of Active Directory v2 - GOAD v2 is out !
• WriteUp Webexploits
• The Art of Bypassing Kerberoast Detections with Orpheus
• Fuzzing and PR’ing: How We Found Bugs in a Popular Third-Party EtherNet/IP Protocol Stack
• SOCKS5 via RDP Dynamic Virtual Channel
• Exploiting Flipper Zero’s NFC file loader
• Nagios XI < 5.7.5 authenticated RCE
• Allow arbitrary URLs, expect arbitrary code execution
• Fetch Defender exclusions from Intune managed devices as non-admin user:
• Phishing With Google's Domain
• CVE-2021-25646 - Apache Druid < 20.1 authenticated RCE
• GoodHound - Bloodhound Enumeration Tool
• Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
• The Challenges of Fuzzing 5G Protocols
• Wordliste - weakpass_3a
• Azure Privilege Escalation via Service Principal Abuse
• AnyDesk Escalation of Privilege (CVE-2021-40854)
• Shellcode loader ScareCrow V3
• Windows - EDRHunt
• They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
• PrinterNightmate #4.x
• Exploit for CVE-2021-40449 (Win32k - LPE)
• CVE-2022–43781 - ATLASSIAN BitBucket RCE (Vietnamesisch)
• Exploit Development: Swimming In The (Kernel) Pool - Leveraging Pool Vulnerabilities From Low-Integrity Exploits, Part 1&2
• HTB: Breadcrumbs
• This shouldn't have happened: A vulnerability postmortem
• Azure Privilege Escalation via Azure API Permissions Abuse
• Former Ubiquiti employee charged with hacking and extorting company
• Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon
• VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability
• Google Project Zero pubished four Browser RCE 0day POC
• Printnightmare - Episode 3
• Rediscovering Epic Games 0-Days (Forever Unpatched?)
• Always Free Server Oracle Cloud
• Remote code execution in cdnjs of Cloudflare
• Microsoft Windows internals - Developer Notes
• 9 Post-Exploitation Tools for Your Next Penetration Test
• Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040
• Azure AD Kerberos authentication (Preview)
• A dive into Microsoft Defender for Identity
• Nighthawk Sample removed from VirusTotal because of Copyright
• Disrupting a PyPI Software Supply Chain Threat Actor
• Mind the Gap
• Recreating an ISO Payload for Fun and No Profit
• Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
• HTB: RouterSpace
• Coercer - Tool für erzwungene Anmeldungen von Maschinen Konten
• Honda bug lets a hacker unlock and start your car via replay attack
• Microsoft rolls back decision to block Office macros by default
• Protecting Windows Credentials against Network Attacks
• Defender Bypass - Dump LSASS comsvcs.dll
• [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
• Abusing forgotten permissions on computer objects in Active Directory
• Office Makros bleiben erhalten
• CME - Hashspider
• HTB: Pikaboo
• Subdomain Enumeration Guide 2021 📖
• RCE in NPM VSCode Extention - CVE2021-26700
• Github Exploits
• PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
• RCE für Windows via TTF CVE-2021-24093 Fixed-2021-Feb-9
• An Exploration of JSON Interoperability Vulnerabilities
• CVE-2020-8625: A Fifteen-Year-Old RCE Bug Returns in ISC BIND Server
• ESXI - VMware unauth RCE CVE-2021-21972
• Farming for Red Teams: Harvesting NetNTLM
• Windows User Profile Service 0day LPE - Windows 11
• CISCO anyconnect EoP - CVE-2021-1366
• CVE-2020-28243 SaltStack Minion Local Privilege Escalation
• Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
• Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
• Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
• Microsoft 365 OAuth Device Code Flow and Phishing
• Discovering Domains via a Timing Attack on Certificate Transparency
• Making HTTP header injection critical via response queue poisoning
• Chaos Computer Club hackt Video-Ident
• BumbleBee Roasts Its Way to Domain Admin
• Yanluowang ransomware group claims to have breached Cisco
• Yanluowang ransomware group claims to have breached Cisco
• 1Password Secret Retrieval — Methodology and Implementation
• Yanluowang ransomware group claims to have breached Cisco
• Yanluowang ransomware group claims to have breached Cisco
• Yanluowang ransomware group claims to have breached Cisco
• Skidaddle Skideldi - I just pwnd your PKI
• You're M̶u̶t̶e̶d̶ Rooted - Zoom LPE unter macOS
• Solving the Unredacter Challenge
• CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
• CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
• New Attack Paths? AS Requested Service Tickets
• The Unavoidable Pain Of Backups — Security Deep-Dive Into The Internals Of NetBackup
• Windows - First Installation Animation
• PersistenceSniper
• HTB: Perspective
• QNAP Poisoned XML Command Injection (Silently Patched)
• Toner Deaf – Printing your next persistence (Hexacon 2022)
• Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
• Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
• WAM BAM - Recovering Web Tokens From Office
• Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
• Kernel Driver Exploit: System Mechanic
• Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark
• Introducing the Windows 10 SMB Shadow Attack: Direct SMB Session Takeover
• Killing AV with SysInternals
• Bypass #2 ..
• Powershell Obfuskierung - YARA
• Powershell Obfuskierung - YARA
• horrifying-pdf-experiments
• Exchange RCE - CVE-2021-26855
• horrifying-pdf-experiments
• Giving JuicyPotato a second chance: JuicyPotatoNG
• Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
• Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
• HTB: Developer
• 1001 ways to PWN prod - A tale of 60 RCE in 60 minutes
• SSD Advisory – pfSense Post Auth RCE
• Aktueller Patch Tuesday ist ernst zu nehmen!
• BadSectorLabs.com
• Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
• Dell EMC OpenManage Server Administrator Authentication Bypass - CVE-2021-21513
• Windows DNS Server RCE - SIGRed - CVE2020-1350
• AV Evasion via SysWhispers2 and more
• Pokémon Shellcode Loader
• Pokémon Shellcode Loader
• Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
• RCE in Adobe Acrobat Reader for android(CVE-2021-40724)
• Palo Alto Firewall / VPN RCE with default Key
• But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
• But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
• Securing Developer Tools: Argument Injection in Visual Studio Code
• Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
• FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
• FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
• FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
• DirtyCred
• What can we learn from leaked Insyde's BIOS for Intel Alder Lake
• Windows Security Updates for Hackers
• PXEThief - Pulling Passwords out of Configuration Manager
• Detecting and preventing LSASS credential dumping attacks
• Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
• ShadowSpray - AD Shadowcredentials AtTack
• Spring Framework
• Spring Framework
• Fun with PowerShell – Executing commands with DNS requests
• Chromium based Browser SSL/TLS Error Bypass
• Chromium based Browser SSL/TLS Error Bypass
• Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
• Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
• Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
• Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
• Branch History Injection - SpectreV2-BHI
• Masterpiece Video about DRAM. Low level!
• Masterpiece Video about DRAM. Low level!
• The Dirty Pipe Vulnerability
• The Dirty Pipe Vulnerability
• The Dirty Pipe Vulnerability¶
• vmware-authd-EoP
• AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
• ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
• If anybody is bored - can you recreate #HiveNightmare in a 240 or less character PowerShell tweet?
• The Discovery and Exploitation of CVE-2022-25636
• CVE-2022-46908 - SQLite --safe context bypass
• Security tools showcased at Black Hat USA 2021
• CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
• A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
• SNMP… Strings Attached!
• Stealing Chrome cookies without a password
• OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
• OpenSSL - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
• The Kerberos Key List Attack: The return of the Read Only Domain Controllers
• BITB - Browser templates for Browser In The Browser (BITB) attack
• Fortinet music video "Firewall"
• Unauth RCE VEEAM - CVE-2022-26500 | CVE-2022-26501
• Group3r - AD GPO Enumeration Tool
• Remote Potato - Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
• Snaffler und Group3r inlineExecuteAssembly
• Chrome 0.5day - RCE
• Chrome 0.5day - RCE
• MySQL Windows EoP
• Introducing BloodHound 4.1 — The Three Headed Hound
• HTB: Shibboleth
• Introducing BloodHound 4.1 — The Three Headed Hound
• How Docker Made Me More Capable and the Host Less Secure - CVE-2021-41091
• CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability
• CVE-2021-43240 - NTFS Set Short Name Elevation of Privilege Vulnerability
• Retbleed: Arbitrary Speculative Code Execution with Return Instructions
• Issue 100: Platform certificates used to sign malware
• Openredirect www.google.com - Phsihing
• Openredirect www.google.com - Phsihing
• Openredirect www.google.com - Phsihing
• Openredirect www.google.com - Phsihing
• HTB: 0xdf revisits
• FreeBSD-SA-22:15. Stack overflow in ping(8) - CVE-2022-23093
• Openredirect www.google.com - Phsihing
• ChatGPT - OpenAI
• Windows Server 2016 - EOL
• Internet Explorer 0-day exploited by North Korean actor APT37
• Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!
• Citrix SSON Credential Leak
• CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability
• CVE-2020-28018: Exim Use-after-free (UAF) leading to RCE
• Secret Backdoors Found in German-made Auerswald VoIP System
• Cloudflare Pages, part 1: The fellowship of the secret
• Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
• Dumping Plaintext RDP credentials from svchost.exe
• Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first
• Azure AD Certificate-Based Authentication now in Public Preview
• Advisory: Western Digital My Cloud Pro Series PR4100 RCE
• Lsass Shtinkering
• 🔥KrbRelay - Kerberos relaying C#🔥
• KrbRelay - Kerberos relaying C#
• KrbRelay - Kerberos relaying C#
• CVE-2021-21551 - Dell Command Update via DBUtil_2_3
• CVE-2021-3929-3947 - QEMU VM Escape
• CVE-2021-21551 - Dell Command Update via DBUtil_2_3
• MS-FSRVP abuse (ShadowCoerce)
• Fixing the Unfixable: Story of a Google Cloud SSRF
• PHP LFI with Nginx Assistance
• Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
• RemotePotato0
• RemotePotato0
• RemotePotato0
• Insecure Comments - MS Office
• Insecure Comments - MS Office
• Unmanaged Code Execution with .NET Dynamic PInvoke
• Can it run Doom? -Can Doom run it? - Game Injection
• Microsoft is making it harder to steal Windows passwords from memory
• Using OpenAI Chat to Generate Phishing Campaigns
• ReverseRDP_RCE - Windows RDP RCE auf Client
• nrich - Shodan API Tool (Portscan)
• nrich - Shodan API Tool (Portscan)
• ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images. - CVE-2021-22204
• ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for >arbitrary code execution when parsing malicious images.
• PNG Parser Differential - Apple <-> NonApple
• PNG Parser Differential - Apple <-> NonApple
• PNG Parser Differential - Apple <-> NonApple
• Managed Identity Attack Paths, Part 1: Automation Accounts
• From Backup Operator To Domain Admin
• Yes, fun browser extensions can have vulnerabilities too!
• Yes, fun browser extensions can have vulnerabilities too!
• AD CS
• Rubeus 2.0
• Remote Code Execution in pfSense <= 2.5.2
• HTTP/2: The Sequel is Always Worse
• Response Smuggling: Pwning HTTP/1.1 Connections
• Response Smuggling: Pwning HTTP/1.1 Connections
• Universal Privilege Escalation and Persistence – Printer
• Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
• Issue 2186: Exchange: AD Schema Misconfiguration Elevation of Privilege
• CVE-2021-1499 - Cisco HyperFlex HX Data Platform RCE
• ContiLeaks
• Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
• Little #printnightmare (ep 4.3) upgrade : user-to-system as a service
• ACHTUNG
• Rogue RDP – Revisiting Initial Access Methods
• sheepl
• Fingerprint cloning: Myth or reality?
• Windows LPE - Windows 10 1909 to 20H2 and Server Core 2004/20H2 (CVE-2021-33739)
• HTB: Acute
• CVE-2022-21970 - HTML Smuggeling Edge / Chrome
• CVE-2022-21970 - HTML Smuggeling Edge / Chrome
• CVE-2022-21970 - HTML Smuggeling Edge / Chrome
• Kerberos Relaying
• Windows installer LPE 0day
• Windows installer LPE 0day
• Zero-Day Exploitation of Atlassian Confluence - CVE-2022-26134.
• CVE-2021-42321 - Exchange RCE
• Zero-Day Exploitation of Atlassian Confluence
• Security issues related to the npm registry
• DirSync: Leveraging Replication Get-Changes and Get-Changes-In-Filtered-Set
• MS Defender Bypass durch umbenennen von procdump.exe
• MS Defender Bypass
• MS Defender Bypass durch umbenennen von procdump.exe
• MS Defender Bypass durch umbenennen von procdump.exe
• MS Defender Bypass durch umbenennen von procdump.exe
• Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
• Autodial(DLL)ing Your Way - Lateral Movement Windows
• php-fpm-local-root - LPE
• AAD & M365 kill chain
• Attacking Azure & Azure AD, Part II
• SATisfying our way into remote code execution in the OPC UA industrial stack
• SharpSystemTriggers - Cross User DCOM Authentication Trigger
• DFSCoerce - NetNTLM Coerced Auth
• Lockbit Ransomware group - Samples
• SharpSystemTriggers - Cross User DCOM Authentication Trigger
• Hertzbleed Attack
• CVE-2021-26084 Remote Code Execution on Confluence Servers
• CVE-2022-21371 - Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• HTB: Talkative
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
• pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
• GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
• X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL 3.0.0 - 3.0.6
• X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) - OpenSSL
• STARTTLS implementations in email clients & servers plagued by 40+ vulnerabilities
• RCE 0-day that afftceted to GhostScript-9.50
• Fun fact: Die Fuchsia ist nach einem berühmten Tübinger benannt.
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
• Trust me. PowerShell is not going to be the same again once you do this.
• ProxyToken: An Authentication Bypass in Microsoft Exchange Server
• ProxyToken: An Authentication Bypass in Microsoft Exchange Server
• The Phantom Credentials of SCCM: Why the NAA Won’t Die
• The Phantom Credentials of SCCM: Why the NAA Won’t Die
• Blinding EDR On Windows
• F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive
• Blinding EDR On Windows
• Rapidly Search and Hunt through Windows Event Logs
• Rapidly Search and Hunt through Windows Event Logs
• Spoofing Calendar Invites Using .ics Files
• No Logs? No Problem! Incident Response without Windows Event Logs
• 🔥 urlscan.io's SOAR spot: Chatty security tools leaking private data 🔥
• Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
• Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
• Gregor Samsa: Exploiting Java's XML Signature Verification - CVE-2022-34169
• HTB: Gobox
• INFOCONDB - Sammlung von ITSec Konfernenzen
• CVE-2021-26084 Remote Code Execution on Confluence Servers
• CVE-2021-26084 Remote Code Execution on Confluence Servers
• Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
• Humblebundle:
• Phishing Users to Take a Test
• Google Chrome 0day/1day
• Adding a native sniffer to your implants: decomposing and recomposing PktMon
• Google Chrome 0day/1day
• Google Chrome 0day/1day
• Part-1 Dive into Zoom Applications
• The Elastic Container Project for Security Research
• The dark side of Microsoft Remote Procedure Call protocols
• How the Kaseya VSA Zero Day Exploit Worked
• Unrar Path Traversal Vulnerability affects Zimbra Mail
• Restoring (Recovering) PowerShell Scripts from Event Logs
• PRINTING SHELLZ : HP Printer RCE
• Certificates and Pwnage and Patches, Oh My!
• The Pen Testing Tools We’re Thankful for in 2021
• GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
• GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
• All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
• Exploiting CVE-2021-43267
• A New Attack Surface on MS Exchange Part 3 - ProxyShell!
• OffensiveAutoIt
• Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
• Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
• Accidental $70k Google Pixel Lock Screen Bypass - CVE-2022-20465
• Social Engineering Your Way Into The Network
• Sandboxing Antimalware Products for Fun and Profit
• Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
• BREAKING & ENTERING
• UNORTHODOX LATERAL MOVEMENT:
• Ich habe deutsche Kommunen auf Schwachstellen überprüft
• Sophos UTM Preauth RCE: A Deep Dive into CVE-2020-25223
• Ich habe deutsche Kommunen auf Schwachstellen überprüft
• Grafana v8.x Arbitrary File Read - 0day
• reverse_ssh
• MS Defender Bypass comsvcs - mal wieder
• Windows 10 RCE: The exploit is in the link
• Windows 10 RCE: The exploit is in the link
• SOCKS5 via RDP Dynamic Virtual Channel
• GoodHound - Bloodhound Enumeration Tool
• Relaying to AD Certificate Services over RPC - ESC11
• Windows Print Spooler Elevation of Privilege vulnerability (CVE-2021-1675) explained
• HTB: Schooled
• They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
• CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability
• CVE-2022–43781 - ATLASSIAN BitBucket RCE (Vietnamesisch)
• PrinterNightmate #4.x
• This shouldn't have happened: A vulnerability postmortem
• This shouldn't have happened: A vulnerability postmortem
• Always Free Server Oracle Cloud
• Defender Bypass - Dump LSASS
• [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
• PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
• Windows EoP via USB Device
• PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
• PrivEsc: Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012
• RCE für Windows via TTF
• RCE für Windows via TTF
• Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
• Executing Code In Context Of A Trusted Agent (Part 1) - Windows Defender Antivirus
• Microsoft 365 OAuth Device Code Flow and Phishing
• Microsoft 365 OAuth Device Code Flow and Phishing
• HTB: Minion
• DirSync: Leveraging Replication Get-Changes and Get-Changes-In-Filtered-Set
• Account Persistence – Certificates - Windows
• HTB: Talkative
• Windows EoP via USB Device
• Windows EoP via USB Device
• Spying on users using Remote Desktop Shadowing - Living off the Land
• File URL Handler in Windows
• File URL Handler in Windows
• Kali - 2021.3
• LPE - Google Chrome / Edge Update Service - Windows 10 2009
• The Cyber Plumber's Handbook
• CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
• Spying on users using Remote Desktop Shadowing - Living off the Land
• Outdated JavaScript engine leads to RCE in Foxit PDF Reader
• Outdated JavaScript engine leads to RCE in Foxit PDF Reader
• SMTP Matching Abuse in Azure AD
• SMTP Matching Abuse in Azure AD
• Exploited Windows zero-day lets JavaScript files bypass security warnings
• The Curious Case of the Password Database
• Follina — a Microsoft Office code execution vulnerability
• Follina — a Microsoft Office code execution vulnerability
• CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
• SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
• Google Chrome NTP XSS via Google Search CSRF
• SID filter as security boundary between domains? (Part 5) - Golden GMSA trust attack - from child to parent
• Harvesting Active Directory credentials via HTTP Request Smuggling
• BloodHound Inner Workings & Limitations
• BloodHound Inner Workings & Limitations
• CVE-2022-30781 Gitea RCE über die Migrate Funktion
• Phishing for NetNTLM Hashes
• Revisiting a Credential Guard Bypass - Windows
• Phishing With Google's Domain
• Windows User Profile Service 0day LPE
• HTB - Spider
• tinkershell - LPE
• CME - Hashspider
• CME - Hashspider
• CME - Hashspider
• Can it run Doom? -Can Doom run it? - Game Injection
• Déjà vu-lnerability
• Déjà vu-lnerability
• Déjà vu-lnerability
• Déjà vu-lnerability
• Linux sudo Heap Overflow < 1.9.4p2
• lsarelayx - NTLM Relaying unter Windows
• Linux sudo Heap Overflow < 1.9.5p1
• CVE-2021-25646 - Apache Druid < 20.1 authenticated RCE
• BIGIP Adwanced WAF & ASM RCE < 16.0.1.1 - CVE-2021-22992
• Giving JuicyPotato a second chance: JuicyPotatoNG
• Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
• Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)
• Infosec Blogs: Our Cup Runneth Over
• Backdooring and hijacking Azure AD accounts by abusing external identities
• The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
• ÆPIC Leak
• OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
• Capability Abstraction Case Study: Detecting Malicious Boot Configuration Modifications
• Undermining Microsoft Teams Security by Mining Tokens
• Making HTTP header injection critical via response queue poisoning
• Chaos Computer Club hackt Video-Ident
• Windows Containers: Host Registry Virtual Registry Provider Bypass EoP - CVE-2021-26864
• HTB: StreamIO
• Issue 2128: Windows Containers: AppSilo Object Manager Root Directory EoP
• HTB: Scanned
• Solving the Unredacter Challenge
• Living-Off-the-Blindspot - Operating into EDRs’ blindspot
• INTEL : Lord of the Ring(s): Side Channel Attacks on theCPU On-Chip Ring Interconnect Are Practical
• Kali - 2021.3
• BumbleBee Roasts Its Way to Domain Admin
• Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
• Yanluowang ransomware group claims to have breached Cisco
• Skidaddle Skideldi - I just pwnd your PKI
• Taking Kerberos to the next Level - Blackhat USA 2022 - James Forshaw - Nick Landers
• Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
• Phreaking 2.0Abusing Microsoft Teams Direct Routing
• How I Hacked my Car
• Hijack Libs
• RBCD on SPN-less users
• Oh, Behave! Figuring Out User Behavior (Windows Activity)
• Process injection: breaking all macOS security layers with a single vulnerability
• Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
• You're M̶u̶t̶e̶d̶ Rooted - Zoom LPE unter macOS
• TCM DIscount - PMAT & PEH
• Cisco Nightmare. Pentesting Cisco networks like a devil.
• WordPress Core - Unauthenticated Blind SSRF
• Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)
• Metasploit Weekly Wrap-Up - BYOS: Bring your own stager
• CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
• New Attack Paths? AS Requested Service Tickets
• File URL Handler in Windows
• Sacrificing Suspended Processes
• The difference between signature-based and behavioural detections
• Relaying YubiKeys / PIVert Smartcards
• Microsoft Windows Shift F10 Bypass and Autopilot privilge escalation
• BHIS | Coercions and Relays – The First Cred is the Deepest with Gabriel Prud'homme | 1.5 Hours
• Jailbreak für John-Deere-Traktoren
• Save the Environment (Variable) - Windows DLL Highjacking
• AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
• Evil PLC Attack: Using a Controller as Predator Rather than Prey
• Hacking Zyxel IP cameras to gain a root shell
• Travis-CI - Leak of sensitive files
• monomorph - MD5 Hash Collision
• HTB: Retired
• Skype for Business Audit Part 2 - SKYPErimeterleak
• Introducing BloodHound 4.2 — The Azure Refactor
• BARK - BloodHound Attack Research Kit
• Microsoft Office 365 email encryption could expose message content
• PersistenceSniper
• The Unavoidable Pain Of Backups — Security Deep-Dive Into The Internals Of NetBackup
• Why the best kind of cybersecurity is Open Security
• PART 3: How I Met Your Beacon – Brute Ratel
• Regexploit: DoS-able Regular Expressions
• dotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been Easier
• Introducing the Azure Threat Research Matrix
• HTB: Perspective
• Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
• QNAP Poisoned XML Command Injection (Silently Patched)
• Exploits Explained: 5 Unusual Authentication Bypass Techniques
• Disposable Root Servers
• Toner Deaf – Printing your next persistence (Hexacon 2022)
• SharpEfsPotato
• Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
• LPE - Google Chrome / Edge Update Service - Windows 10 2009
• WAM BAM - Recovering Web Tokens From Office
• Relaying YubiKeys Part 2
• Dameware Mini: The Sleeper Hit of 2019?
• How Hash-Based Safe Browsing Works in Google Chrome
• unblob - Binwalk alternative
• CVE-2022-3368 - LPE Avira Security
• Controlling the Source: Abusing Source Code Management Systems
• Discovering Domains via a Timing Attack on Certificate Transparency
• Dancing on the architecture of VMware Workspace ONE Access (ENG)
• Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
• Dumping the Sonos One smart speaker
• Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments
• HTB: Overgraph
• Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark
• HardwareAllTheThings
• Killing AV with SysInternals
• Wireshark 4.0.0 Release Notes
• Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!
• You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications
• IBM Studie über Stress und Gesundheit für IR Mitarbeiter.
• Common Conditional Access Misconfigurations and Bypasses in Azure
• LPE - RHEL 8.1, 8.2, and 8.3
• Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
• Bypass Nummer 2 ..
• Securing Developer Tools: A New Supply Chain Attack on PHP
• HackTricks Cloud
• SystemInformer / ProcessHacker3
• Powershell Obfuskierung - YARA
• ZDI-CAN-18333 aka ProxyNotShell— the story of the claimed zero day in Microsoft Exchange
• ProxyNotShell
• horrifying-pdf-experiments
• Microsoft Patch Tuesday im April 2022 ist ernst zu nehmen!
• Code execution in Wireshark via non-http(s) schemes in URL fields
• Top 10 web hacking techniques of 2020
• WannaCry 2.0 incoming...
• HTB: Scrambled
• Issue 2310: Windows: Kerberos RC4 MD4 Encryption Downgrade EoP
• What I learnt from reading {COUNT}* {TOPIC} bug reports.
• When Athletic Abilities Just Aren't Enough - Scoreboard Hacking
• Kernel Driver Exploit: System Mechanic
• Virtual x86 - Run KolibriOS, Linux or Windows 98 in your browser.
• CVE-2022-2992 - Gitlab Remote Command Execution via Github import
• SSD Advisory – pfSense Post Auth RCE
• Burp Suite - solving E-mail and SMS TAN multi-factor authentication with Hackvertor custom tags
• Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
• Analyse: Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
• Dependency Confusion

blog

• NetNTLM is still a thing?
• Deactivating Cortex XDR via repair function
• Cloud storage - never fails to surprise
• Teams external participant splash screen bypass # 2
• MobilePhish
• A redirect chain
• O365 Phishing infrastructure
• MSIFortune - LPE with MSI Installers
• ZipLink - Combine Zips and Lnk for fun and profit
• Teams external participant splash screen bypass
• Poch, Poch, is this thing on? Bypass AMSI with Divide & Conquer
• Phishing PoC for Entra Rebranding
• Obscurities with MS Teams part 4
• Obscurities with MS Teams part 2
• Obfuscated LSASS dump command
• ZipJar, a little bit unexpected attack chain
• How your messenger used for internal communication might compromise your company
• Spoofing MS Office comments
• Let's Go (VS) Code - Red Team style
• Tampering with Thunderbird attachments under Windows
• Abusing the MS Office protocol scheme