| Tweetovi |
| Rob proslijedio/la je tweet | ||
|
Dave dwizzzle Weston
@dwizzzleMSFT
|
5. velj |
|
Just posted my talk "Keeping Windows Secure" touching on security assurance process and vuln research in Windows from @BlueHatIL 2019: github.com/dwizzzle/Prese…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Leandro Barragan
@lean0x2f
|
28. sij |
|
[Educational] One of the best blog posts that I ever read about going from 0 to unauth RCE in f**king Mikrotik OS step by step: medium.com/@maxi./finding…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
GitHub Security Lab
@GHSecurityLab
|
28. sij |
|
Check out @Nosoynadiemas ' tips on Fuzzing, to overcome known challenges and maximize results: securitylab.github.com/research/fuzzi…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Marcello
@byt3bl33d3r
|
27. sij |
|
Just pushed a somewhat big update to SILENTTRINITY with a lot of forward compatibility fixes for Python 3.8 and made the PowerShell "stageless" stager public. Plus more modules and bug fixes
github.com/byt3bl33d3r/SI…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
SpecterOps
@SpecterOps
|
22. sij |
|
Here is the link to the SpecterOps Adversary Tactics: PowerShell course material:
github.com/specterops/at-…
Enjoy!
For information about our current training offerings, information can be found here: specterops.io/how-we-help/tr…
(4/4)
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Steven
@0xthirteen
|
22. sij |
|
Revisiting RDP lateral movement posts.specterops.io/revisiting-rem…
and releasing a project that will be part of a bigger tool coming next week
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Responder
@PythonResponder
|
9. sij |
|
Responder 3.0.0.0 is out! Massive upgrade, support for both py3 and py2, many bug fix, enhancements and Q.A++ on all servers, poisoners and tools. Enjoy! ;)
github.com/lgandx/Respond…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Samuel Groß
@5aelo
|
9. sij |
|
I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage: googleprojectzero.blogspot.com/2020/01/remote…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Ryan Cobb
@cobbr_io
|
27. pro |
|
SharpSploit v1.5 is out! Includes amazing work from @_RastaMouse, @checkymander, @001SPARTaN, @FuzzySec, and @TheRealWover. Includes: lateral movement over SCM and PSRemoting, an AMSI bypass, CreateProcessWithToken, and DynamicInvoke improvements. 🔥🔥🔥
github.com/cobbr/SharpSpl…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Andrea Fioraldi
@andreafioraldi
|
24. pro |
|
New XMas release of frida-fuzzer: 1.2 🎉
github.com/andreafioraldi…
A release with Android fuzzing in mind. Moar speed for remote (e.g. with adb) and ARM fuzzing and support to dictionaries.
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
h0mbre
@h0mbre_
|
21. pro |
|
Last project of 2019. I created an image-based C2 channel proof of concept that posts/retrieves stego'd images on Imgur. As a PoC only, I've simulated a proper implant in Python. The Framework is called Dali, after the artist. For fun & to learn! h0mbre.github.io/Image_Based_C2…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Cutter
@r2gui
|
20. pro |
|
Cutter v1.10 now has a DEBUGGER! 🐞🥳
After a lot of work, we are so happy to announce that we finally implemented your most requested feature.
The beta version of the debugger is available NOW on our website >> cutter.re
List of features and what's coming next >> pic.twitter.com/4OOlF0Y0Wk
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Ivan Fratric
@ifsecure
|
16. pro |
|
A nice write-up on WinAFL setup for fuzzing popular image viewers resulting in quite a few bugs. apriorit.com/dev-blog/644-r…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Andrea Fioraldi
@andreafioraldi
|
14. pro |
|
I repropose my notes about x86, Linux and virtualization in a single text file (~2500 lines only) for my fellow students in Sapienza.
gist.githubusercontent.com/andreafioraldi…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Kevin Backhouse
@kevin_backhouse
|
12. pro |
|
First blog post in a short series about some vulnerabilities that I found in Ubuntu's crash reporter earlier this year. I learned a lot from working on the exploits, so I am going to share some of the tips and tricks that I learned. securitylab.github.com/research/ubunt… pic.twitter.com/hqNAm8Bnzn
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Jackson T.
@Jackson_T
|
11. pro |
|
Introducing SysWhispers, a tool that helps with AV/EDR evasion by using direct system calls to bypass user-mode API hooks. It works by generating header/ASM pairs supporting all core syscalls from Windows XP to 10.
Check it out here with examples: github.com/jthuraisamy/Sy…
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
Andrea Fioraldi
@andreafioraldi
|
12. pro |
|
Good news! @fridadotre Stalker is now ready for fuzzing and my frida-fuzzer is ready to fuzz APIs of Android apps.
github.com/andreafioraldi…
With a logic inspired by AFL, it has a libFuzzer-like harness interface.
The project is in his early stage, look at the TODOs to contribute.
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
|
Axel Souchet
@0vercl0k
|
6. pro |
|
Here is an exploit chain I wrote for Firefox that gets RCE via CVE-2019-9810 and escape the sandbox with CVE-2019-11708/CVE-2019-9810. Once compromised, it drops a payload and injects privileged JS code in already/newly created tabs. github.com/0vercl0k/CVE-2… pic.twitter.com/LeAOCgqpMG
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
StalkR
@stalkr_
|
7. pro |
|
The Gomium Browser - Exploits blog.stalkr.net/2019/12/the-go… different approaches including an unexpected Go compiler bug, well done @NetanelBenSimon @hama7230 @dmxcsnsbh & others!
|
||
|
|
||
| Rob proslijedio/la je tweet | ||
|
SensePost
@sensepost
|
29. stu |
|
What @laurendotzip, @rrmostert & @leonjza spent their SenseCon doing - hacking Doom. From dynamic hooking to static patching all with Frida. sensepost.com/blog/2019/hack…
|
||
|
|
||