-CyberSecurityTechnologies-

2021-03-01 07:05:15 #Research
"Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem", 2021. Open / Comment

2021-03-01 06:00:28 #Threat_Research
1. Serialization and deserialization in Java: Explaining Java deserialize vulnerabilities
https://snyk.io/blog/serialization-and-deserialization-in-java
2. The curious case of CVE-2020-14381
https://blog.frizn.fr/linux-kernel/cve-2020-14381 Open / Comment

2021-03-01 06:00:28 #Tech_book
#SCADA_Security
"Cybersecurity for SCADA Systems. Second Edition", 2020. Open / Comment

2021-03-01 06:00:28 #Red_Team_Tactics
1. Window Privilege Escalation: Automated Script
https://www.hackingarticles.in/window-privilege-escalation-automated-script
2. Killing File Uploads softly
https://manasharsh.medium.com/bragging-rights-killing-file-uploads-softly-fba35a4e485a
3. Exploring a New Detection Evasion Technique on Linux
https://codemuch.tech/2021/02/25/exploring-linux-evasion Open / Comment

2021-03-01 06:00:27 #Analytics
10 most exploited vulnerabilities of the week (feb 22-28)
CVE-2021-3156 - Heap-Based Buffer Overflow in Sudo
https://t.me/cybersecuritytechnologies/2577
CVE-2021-21972 - VMware vCenter RCE
https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477
https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC
https://github.com/NS-Sp4ce/CVE-2021-21972
https://github.com/yaunsky/CVE-2021-21972
CVE-2021-1782 - iOS\iPadOS 14.3 kernel LPE
https://t.me/cybersecuritytechnologies/2694
CVE-2021-3177 - Python3 Buffer Overflow
https://t.me/cybersecuritytechnologies/2740
CVE-2021-21973 - VMware vCenter SSRF
https://mobile.twitter.com/osama_hroot/status/1365586206982082560/photo/1
CVE-2017-0005 - Windows GDI EoP
https://t.me/cybersecuritytechnologies/443
CVE-2021-24093 - Win Graph. Component RCE
https://t.me/cybersecuritytechnologies/2806
CVE-2021-25281/25282 - SaltStack Exploit
https://github.com/Immersive-Labs-Sec/CVE-2021-25281
CVE-2018-19518 - PHP IMAP Vuln.
https://t.me/cybersecuritytechnologies/1649 Open / Comment

2021-03-01 05:59:01 CVE-2021-24093:
Windows Graphics Component RCE Vulnerability (PoC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2123

CVE-2021-26119:
Smarty PHP Template Engine <3.1.39 - Sandbox Escape (PoC)
https://github.com/Udyz/CVE-2021-26119 Open / Comment

2021-02-28 08:07:01 #Research
#5G_Network_Security
"How to Attack and Defend 5G Radio Access Network Slicing with Reinforcement Learning", 2021. Open / Comment

2021-02-28 08:07:01 #Red_Team_Tactics
1. Active Directory Exploitation Cheat Sheet
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
2. PoC which piggybacks off of the Outlook COM interface to execute shellcode on a system
https://github.com/S4R1N/BadOutlook Open / Comment

2021-02-28 08:07:01 CVE-2021-27404:
Askey RTF8115VW Internet Fiber Modem -
Authenticated Host Header Injection (PoC)
https://github.com/bokanrb/CVE-2021-27404

Chaining CVE-2021-25281 and CVE-2021-25282 to exploit a SaltStack (PoC)
https://github.com/Immersive-Labs-Sec/CVE-2021-25281 Open / Comment

2021-02-28 08:07:01 #Tech_book
"Hardware Security:
A Hands-on Learning Approach", 2019. Open / Comment