TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

Posted in r/netsec by u/lormayna • 630 points and 166 comments

Posted in r/netsec by u/TheSwedishChef24 • 1 point and 0 comments

Exploit for CVE-2021-4034. Contribute to Ayrx/CVE-2021-4034 development by creating an account on GitHub.

Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation - GitHub - ly4k/PwnKit: Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

a file-sharing tool that allows you to find the responsible person in case of a leakage - GitHub - utkusen/wholeaked: a file-sharing tool that allows you to find the responsible person in case of a...

Research and tooling development around the ESC7 attack at Active Directory Certificate Services (AD CS) for Red Team operations

Perfect wordlist for discovering directories and files on target site - GitHub - aels/subdirectories-discover: Perfect wordlist for discovering directories and files on target site

Little Snitch is a host-based firewall for macOS, used for monitoring and restricting egress network traffic.

Varonis has observed the ALPHV (BlackCat) ransomware, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide.

Pwnkit is a vulnerability that uses a bug in polkit to elevate permissions to root. This write-up shows how to reproduce it using Ubuntu and what to do to check whether a system is vulnerable.
What went wrong? Quoting from the original researchers:
This…

With FaPro, you can create a virtual network and simulate several different devices in it with a single command.

$100,500 Apple Bug Bounty for hacking the webcam via a Safari Universal Cross-Site Scripting (UXSS) bug. CVE-2021-30861, CVE-2021-30975

A few years ago, I was asked to define an auditd configuration which would serve as the primary detection technology for a large…

PwnKit: CVE-2021-4034 avoid privilege escalation. CrowdSec developed a scenario to give you insight on whether you have been compromised by this vulnerability.

Contribute to jfrog/polkit-tools development by creating an account on GitHub.

Learn about how we discovered CVE-2022-22583, a vulnerability that allows attackers to bypass macOS SIP and take control of the system.

The story of a phishing and malware campagin, overcomming MFA and taking over accounts.

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud - GitHub - DataDog/stratus-red-team: :cloud: Granular, Actionable Adversary Emulation for the Cloud