Windows Tasks Scheduler https://www.winitor.com/pdf/Windows-Task-Scheduler.pdf
Running BOFs with our 'bof-launcher' library https://blog.z-labs.eu/2024/02/08/bof-launcher.html
Overview: Evidence Collection of Ivanti Connected Secure Appliances https://medium.com/@DCSO_CyTec/overview-evidence-collection-of-ivanti-connected-secure-appliances-ce91b5eb4b18
Medium
Overview: Evidence Collection of Ivanti Connected Secure Appliances
This article summarizes methods that can be used to gather forensic evidence from Ivanti appliances.
The Art of Exploiting UAF by Ret2bpf in
Android Kernel https://i.blackhat.com/EU-21/Wednesday/EU-21-Jin-The-Art-of-Exploiting-UAF-by-Ret2bpf-in-Android-Kernel-wp.pdf
Android Kernel https://i.blackhat.com/EU-21/Wednesday/EU-21-Jin-The-Art-of-Exploiting-UAF-by-Ret2bpf-in-Android-Kernel-wp.pdf
Unicode XSS via Combining Characters https://gist.github.com/paj28/86c7b8f37371d89c9a36ed0280fcf450
Gist
index.md
GitHub Gist: instantly share code, notes, and snippets.
Quick check for WP sites https://twitter.com/_4ft3rd4rk/status/1732989992409112827?s=20
X (formerly Twitter)
Lavesh Verma (@_4ft3rd4rk) on X
Whenever I see a wordpress site -
1. Run wpscan
2. /wp-json/wp/v2/users /wp-json/?rest_route=/wp/v2/users[/n] /?author=n and try common passwords.
3. /wp-admin/install.php
4. /wp-config.php.zip /wp-config.php.bak
5. /wp-content/debug.log
6. SSRF /wp-jso…
1. Run wpscan
2. /wp-json/wp/v2/users /wp-json/?rest_route=/wp/v2/users[/n] /?author=n and try common passwords.
3. /wp-admin/install.php
4. /wp-config.php.zip /wp-config.php.bak
5. /wp-content/debug.log
6. SSRF /wp-jso…
CVE-2024-0517 (Out of Bounds Write in V8) https://cwresearchlab.co.kr/entry/CVE-2024-0517-Out-of-Bounds-Write-in-V8
CW Research
CVE-2024-0517 (Out of Bounds Write in V8)
Introduction CVE-2024-0517은 Maglev가 derived constructor를 컴파일하는 과정에서 allocation folding을 처리할 때 발생하는 버그로, out of bounds write를 이용하여 arbitrary code execution이 가능한 취약점입니다. Environment Setting # install depot_tools cd ~ git clone https://chromium.googlesource…
Stranger Strings: An exploitable flaw in SQLite https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
Trail of Bits Blog
Stranger Strings: An exploitable flaw in SQLite
By Andreas Kellas Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released o…
JSON Smuggling: A far-fetched intrusion detection evasion technique https://grimminck.medium.com/json-smuggling-a-far-fetched-intrusion-detection-evasion-technique-51ed8f5ee05f
Medium
JSON Smuggling: A far-fetched intrusion detection evasion technique
TL:DR Insignificant whitespaces in the JSON standard can be used to encode data without breaking the format. This could aid malicious…
TinyTurla Next Generation - Turla APT spies on Polish NGOs https://blog.talosintelligence.com/tinyturla-next-generation/
Cisco Talos Blog
TinyTurla Next Generation - Turla APT spies on Polish NGOs
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
How to protect Evilginx using Cloudflare and HTML Obfuscation https://www.jackphilipbutton.com/post/how-to-protect-evilginx-using-cloudflare-and-html-obfuscation
Jack Button
How to protect Evilginx using Cloudflare and HTML Obfuscation
Using a combination of Cloudflare and HTML Obfuscation, it is possible to protect your Evilginx server from being flagged as deceptive and so increase your chances of success on Red Team and Social Engineering engagements. Anyone who has tried to run a Social…
Load-time relocation of shared libraries https://eli.thegreenplace.net/2011/08/25/load-time-relocation-of-shared-libraries/
JavaScript Debugging with Maglev Compiler https://vxrl.medium.com/javascript-debugging-with-maglev-compiler-6b2a26cb1a3a
Medium
JavaScript Debugging with Maglev Compiler
Twitter: @Darkfloyd1014
Unveiling Crypto Miner’s Stealthy Tactics: The Rise of Indirect Syscalls for Evasion https://labs.k7computing.com/index.php/unveiling-crypto-miners-stealthy-tactics-the-rise-of-indirect-syscalls-for-evasion/
K7 Labs
Unveiling Crypto Miner’s Stealthy Tactics: The Rise of Indirect Syscalls for Evasion
Recently we got our hands on a set of samples which had a big data section with high entropy and […]
Position Independent Code (PIC) in shared libraries https://eli.thegreenplace.net/2011/11/03/position-independent-code-pic-in-shared-libraries/
The Attackers Guide to Azure AD Conditional Access https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
Daniel Chronlund Cloud Security Blog
The Attackers Guide to Azure AD Conditional Access
Conditional Access is one of Microsoft’s most powerful security features and the central engine for their zero trust architecture. It’s no secret that I love working with Conditional Ac…
Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
Aqua
The Hidden Dangers Within Ubuntu's Package Suggestion System
Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu's command-not-found package and the snap package repository.