-CyberSecurityTechnologies-

2021-04-27 06:02:30 TapJacking Attacks, a thorough guide
Part 1: https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-2cd6486d0fc9
Part 2: https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-part-2-3b0390602a81
Part 3: https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-last-part-3-f19614314b7 Open / Comment

2021-04-27 06:02:30 Advanced IRC bot/botnet PoC
https://github.com/trackmastersteve/HackServ Open / Comment

2021-04-27 06:02:30 #exploit
macOS/iOS FontParser Exploits

CVE-2021-1758:
macOS 10.15 /iOS CoreText Out-Of-Bounds Read (PoC)
https://starlabs.sg/advisories/21-1758

CVE-2021-1790:
macOS 10.15/iOS CoreText libhvf Out-Of-Bounds Read (PoC)
https://starlabs.sg/advisories/21-1790 Open / Comment

2021-04-27 06:02:29 #Red_Team_Tactics
1. XXE
// Exploiting XXE to perform SSRF attacks, Blind XXE vulnerabilities, XInclude attacks, XXE attacks via file upload
https://newrouge.medium.com/xxe-from-zero-to-hero-b38118750556
2. Hacking GraphQL
Part 1: https://infosecwriteups.com/hacking-graphql-for-fun-and-profit-part-1-understanding-graphql-basics-72bb3dd22efa
Part 2: https://infosecwriteups.com/hacking-graphql-for-fun-and-profit-part-2-methodology-and-examples-5992093bcc24 Open / Comment

2021-04-27 06:02:29 #Research
"Understanding and Detecting Disordered Error Handling with Precise Function Pairing", 2020. Open / Comment

2021-04-27 05:59:01 Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop
]-> Windows Privilege Escalation from User to Domain Admin 1-day PoC:
https://github.com/antonioCoco/RemotePotato0 Open / Comment

2021-04-26 06:02:21 #Offensive_security
Browser Exploitation on Windows -
Understanding Use-After-Free Vulnerabilities
https://connormcgarr.github.io/browser1 Open / Comment

2021-04-26 06:02:21 #Threat_Research
1. RCE via unsafe inline Kramdown options when rendering certain Wiki pages
https://hackerone.com/reports/1125425
2. PoC code about the Microsoft Diaghub case sensitivity EoP vulnerability (CVE-2021-28321, CVE-2021-28322, CVE-2021-28313)
https://github.com/irsl/microsoft-diaghub-case-sensitivity-eop-cve
3. The peculiar case of HTML Injection
https://infosecwriteups.com/the-peculiar-case-of-html-injection-d14db8440e3 Open / Comment

2021-04-26 06:02:21 #Analytics
10 most exploited vulnerabilities of the week (April 19-25)
CVE-2021-3156 Heap-Based Buffer Overflow in Sudo
https://t.me/cybersecuritytechnologies/2577
CVE-2021-1732 Win kernel 0-day
https://t.me/cybersecuritytechnologies/2679
CVE-2021-22893 Pulse SecureVPN RCE
https://t.me/cybersecuritytechnologies/3185
CVE-2021-22204 Improper neutralization of user data in DjVu
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
CVE-2021-26415 Win Installer EoP
https://t.me/cybersecuritytechnologies/3186
CVE-2021-3493 OverlayFS PE
https://t.me/cybersecuritytechnologies/3164
CVE-2021-26413 Win Installer Spoofing
https://t.me/cybersecuritytechnologies/3176
CVE-2016-7836 SKYSEA Client View Arbitrary Code Exec
https://www.virusbulletin.com/virusbulletin/2020/05/vb2019-paper-apt-cases-exploiting-vulnerabilities-regionspecific-software
CVE-2021-27905 Apache Solr SSRF
https://t.me/cybersecuritytechnologies/3213 Open / Comment

2021-04-26 06:02:21 #exploit
Sample ARM64 PoC for CVE-2021-21224 Open / Comment