Forwarded from Noise Security Bit (Alex)
кстати, если кто-то хочет поковырять сэмпл этого импланта, то он уже был замечен на VirusTotal
https://www.virustotal.com/gui/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/detection
https://www.virustotal.com/gui/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/detection
Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure.
https://github.com/skydive-project/skydive
https://github.com/skydive-project/skydive
GitHub
GitHub - skydive-project/skydive: An open source real-time network topology and protocols analyzer
An open source real-time network topology and protocols analyzer - skydive-project/skydive
Windows Exploitation Tricks: Spoofing Named Pipe Client PID
https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html
https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html
Blogspot
Windows Exploitation Tricks: Spoofing Named Pipe Client PID
Posted by James Forshaw, Project Zero While researching the Access Mode Mismatch in IO Manager bug class I came across an interesti...
Smoke and Mirrors | Red Teaming with Physical Penetration Testing and Social Engineering
https://threat.tevora.com/smoke-and-mirrors-red-teaming-with-physical-penetration-testing-and-social-engineering/
https://threat.tevora.com/smoke-and-mirrors-red-teaming-with-physical-penetration-testing-and-social-engineering/
Threat Blog
Smoke and Mirrors | Red Teaming with Physical Penetration Testing and Social Engineering
In this post, we will illustrate the roadmap of a physical penetration test and advise how to successfully infiltrate into a corporate environment. This post should be able to clarify areas of focus for a successful physical engagement with an emphasis on…
PEpper
An open source noscript to perform malware static analysis on Portable Executable
https://github.com/Th3Hurrican3/PEpper
An open source noscript to perform malware static analysis on Portable Executable
https://github.com/Th3Hurrican3/PEpper
GitHub
GitHub - 0x0be/PEpper: An open source noscript to perform malware static analysis on Portable Executable
An open source noscript to perform malware static analysis on Portable Executable - GitHub - 0x0be/PEpper: An open source noscript to perform malware static analysis on Portable Executable
Forwarded from Noise Security Bit (Aligner)
Уязвимость в Whatsapp (уязвимость в android-gif-drawable либе) c "exploit'ом" (без обхода ASLR)
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
Home
How a double-free bug in WhatsApp turns to RCE
In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…
Forwarded from r0 Crew (Channel)
[RU] OTUS (Курс по реверсу) #LEAKED
https://cloud.mail.ru/public/4aGL/3EFRUMvq6/
#re #course #Thatskriptkid
https://cloud.mail.ru/public/4aGL/3EFRUMvq6/
#re #course #Thatskriptkid
One XSS cheatsheet to rule them all
https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all
https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all
PortSwigger Research
One XSS cheatsheet to rule them all
PortSwigger are proud to launch our brand new XSS cheatsheet. Our objective was to build the most comprehensive bank of information on bypassing HTML filters and WAFs to achieve XSS, and to present th
Security Advisory: Active Directory Open to More NTLM Attacks
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Vulnerability on a series of D-Link routers allows remote code execution but will not be fixed !!!!
https://www.freetechways.xyz/2019/10/dlink-router-remote-execution.html
https://www.freetechways.xyz/2019/10/dlink-router-remote-execution.html
DrSemu
Malware Detection and Classification Tool Based on Dynamic Behavior [The tool is in the early development stage]
https://github.com/secrary/DrSemu
Malware Detection and Classification Tool Based on Dynamic Behavior [The tool is in the early development stage]
https://github.com/secrary/DrSemu
GitHub
GitHub - secrary/DrSemu: DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior
DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior - secrary/DrSemu
802.11p V2X Hunting
https://harrisonsand.com/802-11p-v2x-hunting/
https://harrisonsand.com/802-11p-v2x-hunting/
Harrisonsand
802.11p V2X hunting
Autonomous vehicles are becoming closer to reality, and the technologies developed to support them have already started hitting the market. I set out to see if I could find any real-world deployments of these systems.
Burpee
A python module that accepts an HTTP request file and returns a dictionary of headers and post data
https://github.com/xscorp/Burpee
A python module that accepts an HTTP request file and returns a dictionary of headers and post data
https://github.com/xscorp/Burpee
GitHub
GitHub - xscorp/Burpee: A python module that accepts an HTTP request file and returns a dictionary of headers and post data
A python module that accepts an HTTP request file and returns a dictionary of headers and post data - xscorp/Burpee
Avira Antivirus 2019 (4 Services) - DLL Preloading and Potential Abuses (CVE-2019-17449)
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449