InfoSec Write-ups - Medium-- During Bug Hunting, everyone aims for triggering the “1” alert. However, if you want to escalate your impact of XSS, now you can do this easily by using XSScope.What is XSScope?What is XSScope? XSScope is an advanced XSS payload generator platform for Client-Side attacks and also with an aim of increaing the impact … Continue reading Increasing XSS impact using XSScope
Latest Hacking News-- HP Device Manager Backdoor Security researcher Nicky Bloor found a backdoor in HP Device Manager. The product allows IT admins HP Device Manager Backdoor Could Allow Privilege Escalation To Remote Attackers on Latest Hacking News. View original article on Latest Hacking News
Latest Hacking News-- A serious security flaw potentially affected the bug bounty platform HackerOne. Identified as pollution prototype vulnerability, the bug indirectly affected Prototype Pollution Vulnerability Indirectly Affected HackerOne Platform on Latest Hacking News. View original article on Latest Hacking News
KitPloit - PenTest Tools!-- SMB AutoRelay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments. Usage Syntax: ./smbAutoRelay.sh -i <interface> -t <file> [-q] [-d] . Example: ./smbAutoRelay.sh -i eth0 -t ./targets.txt . Notice that the targets file should contain just the IP addresses of each target, one … Continue reading smbAutoRelay – Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments
The Hacker News-- Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their … Continue reading Researchers Fingerprint Exploit Developers Who Help Several Malware Authors
Null Byte « WonderHowTo-- Data makes the world go round. It has gotten to the point that it's considered the most valuable resource, perhaps even more important than oil. Businesses use data to collect critical information about their users and improve their services; governments utilize it to improve things like public transportation; doctors analyze data … Continue reading Explore Data Analysis & Deep Learning with This $40 Training Bundle
KitPloit - PenTest Tools!-- Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections, being one of the most common payloads … Continue reading Powerglot – Encodes Offensive Powershell Scripts Using Polyglots
Null Byte « WonderHowTo-- The moment arrives when you finally pop a shell on the web server you've been working on, only you find yourself in a strange environment with limited functionality. Restricted shells are often used as an additional line of defense and can be frustrating for an attacker to stumble upon. But with … Continue reading How to Escape Restricted Shell Environments on Linux
InfoSec Write-ups - Medium-- IntroductionIn part 1 we compromised an account with multiple permissions, but no Administrator access. We found a potential role that would allow us to escalate privileges, following one of the methods in Rhinosecuritylab’s post. Briefly explained, we’ll try to create an instance and attach to it a privileged role at creation … Continue reading Exploiting AWS IAM permissions for total cloud compromise: a real world example (part 2/2)
Malwarebytes Labs-- When the fledgling concept of the Internet of Things (IoT) was beginning to excite the world almost a decade ago, perhaps no coffee lover at that time would’ve imagined including the coffee machine in the roster of internet-connected devices—even in jest. True, the simple, utilitarian coffee machine may not be as popular now … Continue reading Chaos in a cup: When ransomware creeps into your smart coffee maker
Hacker's Directory 