Kerberos cheatsheet
https://ift.tt/32ejzcC
Submitted September 11, 2021 at 11:44PM by CuteCancel5438
via reddit https://ift.tt/2YHPchX
https://ift.tt/32ejzcC
Submitted September 11, 2021 at 11:44PM by CuteCancel5438
via reddit https://ift.tt/2YHPchX
Gist
A cheatsheet with commands that can be used to perform kerberos attacks
A cheatsheet with commands that can be used to perform kerberos attacks - kerberos_attacks_cheatsheet.md
Windows & Active Directory Exploitation Cheat Sheet and Command Reference - Cas van Cooten
https://ift.tt/38usbBi
Submitted September 12, 2021 at 11:23AM by CuteCancel5438
via reddit https://ift.tt/3nxqdbs
https://ift.tt/38usbBi
Submitted September 12, 2021 at 11:23AM by CuteCancel5438
via reddit https://ift.tt/3nxqdbs
Casvancooten
Windows & Active Directory Exploitation Cheat Sheet and Command Reference
Last update: November 3rd, 2021
Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz sections. Fixed some whoopsies as well 🙃.
Updated June…
Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz sections. Fixed some whoopsies as well 🙃.
Updated June…
Scaling AppSec programs is hard. Leveraging existing systems/initiatives from the rest of the org can help
https://ift.tt/2XlG9D3
Submitted September 12, 2021 at 03:18PM by jubbaonjeans
via reddit https://ift.tt/38ZjUoC
https://ift.tt/2XlG9D3
Submitted September 12, 2021 at 03:18PM by jubbaonjeans
via reddit https://ift.tt/38ZjUoC
Boring AppSec
Edition 7: Using force multipliers to scale AppSec programs
AppSec programs are hard to scale. What works for a portfolio of 10 applications don't work for 1000 apps. Piggybacking off existing organizational programs can super charge your AppSec journey.
BazarLoader to Conti Ransomware in 32 Hours - In July we witnessed a BazarLoader campaign that deployed Cobalt Strike and ended with domain wide encryption using Conti ransomware.
https://ift.tt/38Z6PMa
Submitted September 13, 2021 at 06:00AM by TheDFIRReport
via reddit https://ift.tt/390v6Bo
https://ift.tt/38Z6PMa
Submitted September 13, 2021 at 06:00AM by TheDFIRReport
via reddit https://ift.tt/390v6Bo
The DFIR Report
BazarLoader to Conti Ransomware in 32 Hours
Intro Conti is a top player in the ransomware ecosystem, being listed as 2nd overall in the Q2 2021 Coveware ransomware report. The groups deploying this RaaS have only grown more prevalent. Despit…
Release dirsearch v0.4.2 - Web Path Scanner
https://ift.tt/3EdJTY7
Submitted September 13, 2021 at 09:55AM by maurosoria
via reddit https://ift.tt/392Skag
https://ift.tt/3EdJTY7
Submitted September 13, 2021 at 09:55AM by maurosoria
via reddit https://ift.tt/392Skag
North Korean Hacker Recently Employed Social Media to Launch a Cyberattack
https://ift.tt/3lhI2sy
Submitted September 13, 2021 at 12:34PM by george-alexander2k
via reddit https://ift.tt/3npyFtx
https://ift.tt/3lhI2sy
Submitted September 13, 2021 at 12:34PM by george-alexander2k
via reddit https://ift.tt/3npyFtx
VaultFuzzer: A state-based approach for Linux kernel
https://ift.tt/3E6XUGZ
Submitted September 13, 2021 at 05:57PM by hardenedvault
via reddit https://ift.tt/3AaMYWh
https://ift.tt/3E6XUGZ
Submitted September 13, 2021 at 05:57PM by hardenedvault
via reddit https://ift.tt/3AaMYWh
Frans Rosen does it again: "Hacking CloudKit - How I accidentally deleted your Apple Shortcuts"
https://ift.tt/3k4IiLV
Submitted September 13, 2021 at 07:47PM by intheclairdelune
via reddit https://ift.tt/38ZPzXj
https://ift.tt/3k4IiLV
Submitted September 13, 2021 at 07:47PM by intheclairdelune
via reddit https://ift.tt/38ZPzXj
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
https://ift.tt/3hoOJYA
Submitted September 13, 2021 at 10:47PM by notemaker
via reddit https://ift.tt/3A7L6xG
https://ift.tt/3hoOJYA
Submitted September 13, 2021 at 10:47PM by notemaker
via reddit https://ift.tt/3A7L6xG
Easily Exploitable Critical Vulnerability in ProfilePress Plugin of WordPress CVE-2021-34621
https://ift.tt/3lnFV6j
Submitted September 13, 2021 at 10:44PM by SL7reach
via reddit https://ift.tt/2XduaHx
https://ift.tt/3lnFV6j
Submitted September 13, 2021 at 10:44PM by SL7reach
via reddit https://ift.tt/2XduaHx
Penetration Testing and CyberSecurity Solution - SecureLayer7
Easily Exploitable Critical Vulnerability in ProfilePress Plugin of WordPress CVE-2021-34621
Understanding the Vulnerability ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites made it possible for an attacker to upload arbitrary files to a vulnerable site and register as an administrator on sites even if user…
Account Persistence – Certificates
https://ift.tt/3C98XO8
Submitted September 14, 2021 at 12:33AM by netbiosX
via reddit https://ift.tt/3919Dsc
https://ift.tt/3C98XO8
Submitted September 14, 2021 at 12:33AM by netbiosX
via reddit https://ift.tt/3919Dsc
Penetration Testing Lab
Account Persistence – Certificates
It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities (users, computers etc.) or utilize it for user authentication. Impleme…
FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab
https://ift.tt/2XdSRDJ
Submitted September 14, 2021 at 01:21AM by kickinitlegit
via reddit https://ift.tt/3nuj9wr
https://ift.tt/2XdSRDJ
Submitted September 14, 2021 at 01:21AM by kickinitlegit
via reddit https://ift.tt/3nuj9wr
The Citizen Lab
FORCEDENTRY
While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against…
The Show Must Go On: Securing Netflix Studios At Scale
https://ift.tt/3z7fzL0
Submitted September 14, 2021 at 03:34AM by WaffleLight
via reddit https://ift.tt/3AcKQxa
https://ift.tt/3z7fzL0
Submitted September 14, 2021 at 03:34AM by WaffleLight
via reddit https://ift.tt/3AcKQxa
Medium
The Show Must Go On: Securing Netflix Studios At Scale
A Journey About Productizing Security
How to Defend Yourself Against NSO Spyware Like Pegasus
https://ift.tt/371p2aY
Submitted September 14, 2021 at 08:03AM by moxofoxo
via reddit https://ift.tt/394tc2R
https://ift.tt/371p2aY
Submitted September 14, 2021 at 08:03AM by moxofoxo
via reddit https://ift.tt/394tc2R
The Intercept
How to Defend Yourself Against the Powerful New NSO Spyware Attacks Discovered Around the World
Even iPhones were vulnerable to the surveillance software, which appears to have been used against activists, journalists, and others.
Silently Unmasking Virgin Media VPN Users in Seconds (CVE-2019-16651)
https://ift.tt/3Cd7sy7
Submitted September 14, 2021 at 03:31PM by kurtisebear
via reddit https://ift.tt/3Cd7t59
https://ift.tt/3Cd7sy7
Submitted September 14, 2021 at 03:31PM by kurtisebear
via reddit https://ift.tt/3Cd7t59
Pardus 21 Linux Distro – Remote Code Execution due to Insecure Tar Extraction
https://ift.tt/3hraHKB
Submitted September 14, 2021 at 05:05PM by wtfse
via reddit https://ift.tt/3z9FVfa
https://ift.tt/3hraHKB
Submitted September 14, 2021 at 05:05PM by wtfse
via reddit https://ift.tt/3z9FVfa
Unauthenticated Remote Code Execution in Motorola Baby Monitors [FIXED]
https://ift.tt/3AeOR4j
Submitted September 14, 2021 at 05:47PM by rwestergren
via reddit https://ift.tt/3EjkaNJ
https://ift.tt/3AeOR4j
Submitted September 14, 2021 at 05:47PM by rwestergren
via reddit https://ift.tt/3EjkaNJ
Randy Westergren
Unauthenticated Remote Code Execution in Motorola Baby Monitors - Randy Westergren
When my wife and I were expecting our first child, a good baby monitor was one of the top items on our shopping list. Most of the available options of course now include Wi-Fi, a mobile app, and cloud integration. When we decided on the Motorola Halo+, I…
Discovering Vulnerabilities in Avaya Aura | Accenture
https://ift.tt/2VEPlBI
Submitted September 14, 2021 at 07:09PM by rkornmeyer
via reddit https://ift.tt/3lphwxu
https://ift.tt/2VEPlBI
Submitted September 14, 2021 at 07:09PM by rkornmeyer
via reddit https://ift.tt/3lphwxu
Patch Tuesday: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
https://ift.tt/3tGaMih
Submitted September 15, 2021 at 12:13AM by sagitz_
via reddit https://ift.tt/3tHDBv1
https://ift.tt/3tGaMih
Submitted September 15, 2021 at 12:13AM by sagitz_
via reddit https://ift.tt/3tHDBv1
Meterpreter spotted via real-time kernel monitoring
https://ift.tt/2X0SbBW
Submitted September 15, 2021 at 12:02AM by 0xDangerous_bit
via reddit https://ift.tt/3kblTNb
https://ift.tt/2X0SbBW
Submitted September 15, 2021 at 12:02AM by 0xDangerous_bit
via reddit https://ift.tt/3kblTNb
CounterCraft
Shellcode Detection Using Real-time Kernel Monitoring
Looking at how to use real time kernel monitoring for shellcode detection. Alonso Candado discusses the challenges faced when trying to detect shellcode at runtime, usin the examples of hooking syscalls via hypervisor EPT feature and detecting shellcodes…
Kali Linux 2021.3 Release
https://ift.tt/3hrG5sr
Submitted September 15, 2021 at 12:48AM by eikendev
via reddit https://ift.tt/3EeVIx3
https://ift.tt/3hrG5sr
Submitted September 15, 2021 at 12:48AM by eikendev
via reddit https://ift.tt/3EeVIx3
Kali Linux
Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch) | Kali Linux Blog
Today we have released the newest version of Kali Linux, 2021.3 (quarter #3), which is now ready for download or updating.
A summary of the changes since the 2021.2 release from June are:
OpenSSL - Wide compatibility by default - Keep reading for what that…
A summary of the changes since the 2021.2 release from June are:
OpenSSL - Wide compatibility by default - Keep reading for what that…