» VB.Net: Cmd Exploit
» Tamanho: 248 KB ::.
» Data da Criação: 11/07/2019 [06:28]
from Connect Trojan https://ift.tt/2ZcJTCv
via IFTTT
↳ https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67
Antivirus (AV) is a great target for vulnerability hunting: Large attack surface, complex parsing, and various components executing with high privileges. So a couple of months ago, I decided looked at the latest Comodo Antivirus v12.0.0.6810….
HackTale is a new, innovative approach for teaching and training cyber experts via gamification. HackTale is a platform designed for the creation of cyber-games. Each game simulates a different attack scenario and focuses on different aspects of cyber-defense….
↳ https://ivrodriguez.com/analyzing-ios-stalkerware-apps/
Stalkerware (a.k.a. Spouseware) applications are invasive applications that an individual installs on a target’s device (usually their partner) to spy on them, snooping in as much data as they can….
↳ https://github.com/DBHeise/VM_Setup
Please consider this in its ALPHA stages!…
↳ https://wbenny.github.io/2018/11/04/wow64-internals.html
WoW64 - aka Windows (32-bit) on Windows (64-bit) - is a subsystem that enables 32-bit Windows applications to run on 64-bit Windows. Most people today are familiar with WoW64 on Windows x64, where they can run x86 applications….
↳ https://www.youtube.com/watch?v=bQpPdT7RDqQ
Software obfuscation is a method to make programs more difficult to reverse engineer. There are multiple reasons why this is done such as protecting intellectual property, defense in depth or hiding bugs. No matter the reason, there are multiple ways to go about in making the software more difficult…
↳ http://notes.eatonphil.com/emulator-basics-a-stack-and-register-machine.html
In this post we’ll create a small virtual machine in JavaScript and use it to run a simple C program compiled with GCC for an x86_64 (or AMD64) CPU running Linux. All source code is available on Github….
↳ https://archive.org/details/gamesourcecode
This is a collection of computer game source code. The majority of these titles were originally released as commercial products and the source code was made available to the public at a later time. Developers have released these assets under varying licenses….
↳ https://blog.ropnop.com/docker-for-pentesters/
Over the last few years I have done a complete 180 on Docker (well, containerization in general). One of the very first posts I wrote on this blog was about plundering Docker images, and at the time I was not a fan….
↳ https://trustfoundry.net/basic-rop-techniques-and-tricks/
During assessments, we’ll occasionally run across custom binaries….
Object-oriented programs continue to pose many challenges for reverse engineers and malware analysts. C++ classes tend to result in complex arrangements of assembly instructions and sophisticated data structures that are hard to analyze at the machine code level….
↳ https://www.roguesecurity.in/2018/12/02/a-guide-for-windows-penetration-testing/
Windows penetration testing is one of the grey area where many beginner penetration testers struggles with. It is irony that most of us use windows for our day-to-day tasks but when it comes to penetration testing, we are more comfortable with Linux….
↳ https://medium.com/@markmotig/security-tool-list-from-2-years-on-twitter-f1d2d9c4716
First off, a huge THANK YOU to everyone that shares their tools and experience. This is just my directory listing of security tools I found interesting . Just about every tool here I learned about by following people on Twitter. Here is a sample of how I try to categorize….
↳ https://medium.com/walmartlabs/evasive-vba-advanced-maldoc-techniques-1365e9373f80
Different methods of creating processes in VBA come with benefits and drawbacks. Shell$, Shell, or a variation of CreateObject(“WScript.Shell”).Run will result in the office application being listed as the parent of the created process….
[+]Topic: Code [+]Von: AlcoPaul [+]Return: Code Polymorphic C# Prepender - Theory and Practice alc0paul bangingatbang@land.ru http://alcopaul.co….
↳ https://doar-e.github.io/blog/2018/11/19/introduction-to-spidermonkey-exploitation/
This blogpost covers the development of three exploits targeting SpiderMonkey JavaScript Shell interpreter and Mozilla Firefox on Windows 10 RS5 64-bit from the perspective of somebody that has never written a browser exploit nor looked closely at any JavaScript engine codebase….
↳ https://www.beyondtrust.com/blog/entry/bust-a-kube-kubernetes-hacking-and-hardening-techniques
An ever-increasing number of companies are using Kubernetes to manage and scale applications and services….
↳ https://github.com/W00t3k/Awesome-Cellular-Hacking
Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community’s knowledge….
↳ https://www.youtube.com/watch?v=WnN6dbos5u8
GitHub repo (for homework): https://github.com/hmaverickadams/Beg…Timestamps:0:00 - Course Introduction/whoami6:12 - Part 1: Introduction, Notekeeping, and Introductory Linux1:43:45 - Part 2: Python 1013:10:05 - Part 3: Python 102 (Building a Terrible Port Scanner)4:23:14 - Part 4: Passive OSINT5…
↳ https://techsviewer.com/install-android-in-virtual-machine-vmware-and-virtualbox/
When you want to install Android 8.1 Oreo on any virtualization software, you have two options. These are the Android 8.1 ISO and the Android 8.1 virtual disk image. You can use either and get good results but they are not the same thing….
↳ https://8192.one/post/ssh_login_notification_withtelegram/
A simple shell script that executes automatically once a ssh user logs into a server with SSH. The script sends a telegram message to a user of your choice. It also has features to identify the user who has just logged in….
A new Android malware strain has been discovered that can infect devices and replace legitimate apps with clones that show a deluge of ads for a criminal group’s profits….
↳ https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/
In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component….
But the way layer 2 is decoded also depends on layer 1: the precise time/frequency slot where the packet is received will attribute a physical channel and a transport channel (here, the “BCH”) to it….
↳ https://blog.zimperium.com/not-fathers-endpoint-four-ways-bad-guys-attack-mobile-devices/
In our second blog, I discussed why a mobile device needs to be protected. Exactly what are we talking about here? What are the ways an attacker can hack a mobile device to get what they need? …
↳ https://github.com/Naategh/PyCk
This is a simple project that implements some usefull scripts. This project can be used for learning scripting with Python and creating simple pentesting tools, too. And I should also point out that The reason for using different and large libraries in this project It is for educational use….
As far as I can tell this vulnerability also impacts Ringcentral. Ringcentral for their web conference system is a white labeled Zoom system. This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission….
↳ https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/
Approximately 900 customers of 7-Eleven Japan have lost a collective of ¥55 million ($510,000) after hackers hijacked their 7pay app accounts and made illegal charges in their names….
Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don’t want a flashlight app to be able to read through your call logs, you should be able to deny that access….
↳ https://blackmarble.sh/zipato-smart-hub/
During the 0DAYALLDAY Research Event three vulnerabilities were discovered in the ZipaMicro Z-Wave Controller Model #: ZM.ZWUS and the Zipabox Z-Wave Controller Model #: 2AAU7-ZBZWUS….
↳ https://hackersonlineclub.com/mobile-security-penetration-testing/
Mobile Security Penetration Testing List for All-in-one Mobile Security Frameworks including Android and iOS Application Penetration Testing….
↳ https://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-1-ab2a9b87c162
First, we need to set up a few environmental variables. Go to the folder that contains the android-cross-compiler, presumably it’s called aarch64-linux-android-4.9, and run the following:…
↳ https://github.com/ipasimulator/ipasim
This repository contains source code of ipasim, an iOS emulator for Windows. More detailed documentation is available. We use Git Submodules (recursively), so make sure you clone with –recurse-submodules. We also use Git LFS, so make sure you have that installed if you want to get all files….
↳ https://github.com/DiogoMRSilva/websitesVulnerableToSSTI
This project has very simple websites to learn how to exploit Server Side Template Injections(SSTI). It might also be used to test automated vulnerability scanning tools.Some of the Servers aren’t working…
Seamless circuit design for your project. circuito.io is an online tool for designing electronic circuits. Select your component combination and instantly get a detailed list of parts, a step-by-step wiring guide and custom test code for your circuit….
↳ https://0xsp.com/offensive/red-teaming-toolkit-collection
spoofcheck a program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. https://github.com/BishopFox/spoofcheck…
577 members Mobile news about - security, privacy, malware on Google Play, bugs, vulnerabilities, data leaks, bug bounty hunting, security tips & tutorials, tools, hacks, ethical hacking, penetration testing……
↳ https://www.youtube.com/watch?v=ONHxcGMdkM0
Hey guys! in this video I will be showing you how ADB on Android works and how to exploit it with PhonSploit. Android Debug Bridge (adb) is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions, such as installing and debugging…
↳ https://honoki.net/2019/06/21/how-to-burp-and-openvpn/
When performing security tests, you will often be required to send all of your traffic through a VPN. If you don’t want to send all of your local traffic over the same VPN, configuring an easy-to-use setup can sometimes be a pain….