Zaloguj się aby komentować
konik_polanowyKoneser
0
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.24.md
Linux.Nasty: Assembly x64 ELF virus - https://www.guitmz.com/linux-nasty-elf-virus/
Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge - https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
Dogwalk Proof-of-Conceptfeet - https://github.com/ariary/Dogwalk-rce-poc
iOS 16 - restricted Userclients - https://saaramar.github.io/ios16_restricted_iouserclients/
Ransomware Group Debuts Searchable Victim Data - https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data/
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.22.md
Not all "Internet Connections" are Equal - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/not-all-internet-connections-are-equal/
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit - https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Hands-on: X25519 Key Exchange - https://x25519.ulfheim.net/
The Android kernel mitigations obstacle race - https://github.blog/2022-06-16-the-android-kernel-mitigations-obstacle-race/
A not-so-common and stupid privilege escalation - https://decoder.cloud/2022/04/25/a-not-so-common-and-stupid-privilege-escalation/
Zaloguj się aby komentować
konik_polanowyKoneser
0
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.20.md
Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains - https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html
Android 101 - https://secrary.com/android-reversing/android101/
How to download eBooks from Google Play Store without paying for them - https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79
Unbricking SHIELD TV (2015) with a Bootrom Exploit - https://yifan.lu/2022/06/17/unbricking-shield-tv-2015-with-a-bootrom-exploit/
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection - https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.18.md
Awesome list of secrets in environment variables - https://github.com/Puliczek/awesome-list-of-secrets-in-environment-variables
V8 Heap pwn and /dev/memes - WebOS Root LPE - https://www.da.vidbuchanan.co.uk/blog/webos-wampage.html
MS-FSRVP coercion abuse PoC - https://github.com/ShutdownRepo/ShadowCoerce
Course repository for PowerShell for Pentesters Course - https://github.com/dievus/PowerShellForPentesters
Analysis and reverse-engineering of the original Starlink router - https://olegkutkov.me/2021/12/25/analysis-and-reverse-engineering-of-the-original-starlink-router/
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.16.md
Maintained collection of OSINT related resources - https://github.com/Ph055a/OSINT_Collection
The Race To Zero Defects In Auto ICs - https://semiengineering.com/the-race-to-zero-defects-in-auto-ics/
CVE-2022-26937: Microsoft Windows Network File System NLM Portmap Stack Buffer Overflow - https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
Scan installed EDRs and AVs on Windows - https://github.com/FourCoreLabs/EDRHunt
Reverse engineering the 1988 NeXT keyboard protocol - https://journal.spencerwnelson.com/entries/nextkb.html
Zaloguj się aby komentować
konik_polanowyKoneser
ink on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.14.md
Cracking 22 year old DRM: Pac-Man Adventures in Time - https://openpunk.com/pages/cracking-22-yr-old-drm/
Khepri Post-exploiton tool written in Golang and C++ - https://github.com/geemion/Khepri
CVE-2019-13382: Local Privilege Escalation in SnagIt - https://enigma0x3.net/2019/07/24/cve-2019-13382-privilege-escalation-in-snagit/
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit - https://isc.sans.edu/diary/28728
Pwn2Own 2021 Canon ImageCLASS MF644Cdw writeup - https://doar-e.github.io/blog/2022/06/11/pwn2own-2021-canon-imageclass-mf644cdw-writeup/
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.12.md
A journey into IoT – Unknown Chinese alarm – Part 2 – Firmware dump and analysis - https://security.humanativaspa.it/a-journey-into-iot-unknow-chinese-alarm-part-2-firmware-dump-and-analysis/
Understanding Follina (CVE-2022-30190) - Malware for Fun - https://www.youtube.com/watch?v=G_CFSF4Vh-s
Does a USB drive get heavier as you store more files on it? - https://www.sciencefocus.com/future-technology/does-a-usb-drive-get-heavier-as-you-store-more-files-on-it/
Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847) - https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/
A Story of a Bug Found Fuzzing - https://microsoftedge.github.io/edgevr/posts/a-story-of-a-bug-found-fuzzing/
Zaloguj się aby komentować
konik_polanowyKoneser
0
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.10.md
Subdomain Enumeration & Analysis - https://github.com/Screetsec/Sudomy
x86-64 Assembler based on Zydis - https://github.com/zyantific/zasm
Hardware-accelerated virtual machines on jailbroken iPhone 12 / iOS 14.1 - https://worthdoingbadly.com/hv/
ACTIVE DIRECTORY #00 Creating our Server + Workstation Virtual Environment - https://www.youtube.com/watch?v=pKtDQtsubio
Brute force attacks against Windows Remote Desktop - https://trunc.org/learning/brute-force-attacks-against-windows-remote-desktop
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.08.md
UPnProxyChain: a Tool to Exploit Devices Vulnerable to UPnProxy - https://shufflingbytes.com/posts/upnproxychain-a-tool-to-exploit-devices-vulnerable-to-upnproxy/
How NAT traversal works - https://tailscale.com/blog/how-nat-traversal-works/
Weird Ways to Run Unmanaged Code in .NET - https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
Creating a backdoor in PAM in 5 line of code - https://0x90909090.blogspot.com/2016/06/creating-backdoor-in-pam-in-5-line-of.html
CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations - https://clearbluejar.github.io/posts/mining-google-chrome-cve-data/
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.06.md
SSD Advisory – Rocket.Chat Client-side Remote Code Execution https://ssd-disclosure.com/ssd-advisory-rocket-chat-client-side-remote-code-execution/
Conti RaaS group chat leaked (English translation) https://github.com/hardenedvault/bootkit-samples/blob/master/osint/conti_leaked_chat.md
Arbitrary File Upload Tricks In Java https://pyn3rd.github.io/2022/05/07/Arbitrary-File-Upload-Tricks-In-Java/
Turbo Intruder: Embracing the billion-request attack https://clearbluejar.github.io/posts/mining-google-chrome-cve-data/
Mining Google Chrome CVE data https://clearbluejar.github.io/posts/mining-google-chrome-cve-data/
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.04.md
WELA (Windows Event Log Analyzer - https://github.com/Yamato-Security/WELA
Malware Analysis Report – APT29 C2-Client Dropbox Loader - https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/APT29_C2-Client_Dropbox_Loader/APT29-DropboxLoader_analysis.md
Twitch Internal Security Tools: In-depth Analysis of the Leaked Twitch Security Tools - https://mazinahmed.net/blog/indepth-analysis-twitch-security-tools/
All the Fake Data for All Your Real Needs - https://github.com/ngneat/falso
Advanced SQL Injection Cheatsheet - https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
Zaloguj się aby komentować
konik_polanowyKoneser
0
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.06.02.md
The printer goes brrrrr!!! - https://www.synacktiv.com/en/publications/the-printer-goes-brrrrr.html
npm security update: Attack campaign using stolen OAuth tokens - https://github.blog/2022-05-26-npm-security-update-oauth-tokens/
Hacking Ham Radio: WinAPRS – Part 5 - https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part-5
Laserlock RE Techical Paper - https://www.lucadamico.dev/papers/laserlock/Evolva.pdf
DEF CON 26 - Sean Metcalf - Exploiting Active Directory Administrator Insecurities - https://www.youtube.com/watch?v=ze1UcSLOypw
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.05.31.md
Hacking Ham Radio: WinAPRS – Part 1 - https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
Working with 010 Hex-Editor - https://www.youtube.com/playlist?list=PLCS2zI95IiNwheFCTaUEytA1GT0mNOOdn
CppCon 2017: James McNellis “Everything You Ever Wanted to Know about DLLs” - https://www.youtube.com/watch?v=JPQWQfDhICA
Zyxel firmware extraction and password analysis - https://security.humanativaspa.it/zyxel-firmware-extraction-and-password-analysis/
.ISO Files With Office Maldocs & Protected View in Office 2019 and 2021 - https://blog.didierstevens.com/2022/04/04/iso-files-with-office-maldocs-protected-view-in-office-2019-and-2021/
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.05.29.md
New Research Paper: Pre-hijacking Attacks on Web User Accounts - https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
ELF file viewer/editor f or Windows, Linux and MacOS - https://github.com/horsicq/XELFViewer
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins - https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/
Automated Crossword Solving - https://arxiv.org/pdf/2205.09665.pdf
Take domains on stdin and output them on stdout if they get resolved - https://github.com/thelicato/fire
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.05.27.md
mip22 is a advanced phishing tool - https://github.com/makdosx/mip22
Fuzzing ClamAV with real malware samples - https://mmmds.pl/clamav/
S4fuckMe2selfAndUAndU2proxy - A low dive into Kerberos delegations - https://luemmelsec.github.io/S4fuckMe2selfAndUAndU2proxy-A-low-dive-into-Kerberos-delegations/
Programming Attacks Using RISC-V Instruction Trace Data - https://ieeexplore.ieee.org/document/9762913
A fully-modern text-based browser, rendering to TTY and browsers - https://github.com/browsh-org/browsh
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.05.25.md
SigOverinjector - https://github.com/SysSec-KAIST/sigover_injector
Linux.Nasty: Assembly x64 ELF virus - https://www.guitmz.com/linux-nasty-elf-virus/
Exploiting RBCD Using a Normal User Account* - https://www.tiraniddo.dev/2022/05/exploiting-rbcd-using-normal-user.html
Hunting evasive vulnerabilities - https://portswigger.net/research/hunting-evasive-vulnerabilities
SourcePoint is a C2 profile generator for Cobalt Strike command - https://github.com/Tylous/SourcePoint
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.05.23.md
Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups - https://www.advintel.io/post/hydra-with-three-heads-blackbyte-the-future-of-ransomware-subsidiary-groups
Another fast subdomain enumeration tool - https://github.com/duty1g/subcat
Dorks collections list - https://github.com/cipher387/Dorks-collections-list
DNS Tunneling using powershell to download and execute a payload - https://github.com/Octoberfest7/DNS_Tunneling
Awesome RCE techniques - https://github.com/p0dalirius/Awesome-RCE-techniques
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.05.21.md
A tool for automating interactions with Android devices - https://github.com/user1342/AutoDroid
A PoC project for embedding shellcode to Hint/Name Table - https://github.com/frkngksl/HintInject
Windows Feature Hunter (WFH) - https://github.com/ConsciousHacker/WFH
Constrained Delegation Considerations for Lateral Movement - https://sensepost.com/blog/2022/constrained-delegation-considerations-for-lateral-movement/
No-Fix Local Privilege Escalation Using KrbRelay With Shadow Credentials - https://icyguider.github.io/2022/05/19/NoFix-LPE-Using-KrbRelay-With-Shadow-Credentials.html
Zaloguj się aby komentować
konik_polanowyKoneser
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.05.17.md
Three ways to hack an ATM - https://diablohorn.com/2022/05/14/three-ways-to-hack-an-atm/
TikTok Scraper & Downloader - https://github.com/drawrowfly/tiktok-scraper
From Project File to Code Execution - https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execution-exploiting-vulnerabilities-in-xinje-plc-program-tool/
Qiling Advanced Binary Emulation Framework - https://github.com/qilingframework/qiling
Browser In The Browser (BITB) Attack - https://mrd0x.com/browser-in-the-browser-phishing-attack/
Zaloguj się aby komentować
konik_polanowyKoneser
0
Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2022.05.15.md
Awesome cloud enumerator - https://github.com/0xsha/CloudBrute
Multiple bugs chained to takeover Facebook Accounts which uses Gmail - https://ysamm.com/?p=763
iPhone Setup for Reversing and Debugging - https://naehrdine.blogspot.com/2022/05/iphone-setup-for-reversing-and-debugging.html
A machine learning malware analysis framework for Android apps - https://github.com/user1342/DroidDetective
Malicious PDF Generator - https://github.com/jonaslejon/malicious-pdf
Zaloguj się aby komentować