Hack The Planet

2021-10-30 16:45:12 https://borncity.com/win/2021/10/29/local-privilege-escalation-schwachstelle-0-day-in-allen-windows-versionen/ Open / Comment

2021-10-30 10:36:32 Core member of ransomware gang identified

https://www.scyllaforums.com/Thread/core-member-of-ransomware-gang-identified.79/ Open / Comment

2021-10-30 10:01:56 https://github.com/ruped24/toriptables3 Open / Comment

2021-10-29 23:40:35 All Windows versions impacted by new LPE zero-day vulnerability.

A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions.

https://www.bleepingcomputer.com/news/security/all-windows-versions-impacted-by-new-lpe-zero-day-vulnerability/

@hackthespace Open / Comment

2021-10-29 10:53:38 Infographics
SQL Injection Cheat Sheet 2021

@hackthespace Open / Comment

2021-10-28 21:08:53 Exploit
CVE-2021-32789:
WooCommerce exploit
https://github.com/andnorack/CVE-2021-32789

Red Team Tactics
1. Weaponizing a NFC reader for basic timing attacks
https://ceres-c.it/2021/10/24/weaponizing-NFC-reader
2. Advanced request smuggling
https://portswigger.net/web-security/request-smuggling/advanced

Offensive security
Full-featured C2 framework which silently persists
on webserver with a single-line PHP backdoor
https://github.com/nil0x42/phpsploit

Malware analysis
1. Outlook Web Access Phishing
https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974
2. Wslink: Unique and undocumented malicious loader that runs as a server
https://www.welivesecurity.com/2021/10/27/wslink-unique-undocumented-malicious-loader-runs-server
3. PinkBot Botnet Uses DoH
https://blog.netlab.360.com/pinkbot

Analytics
Threat Research
APT Trends Report Q3 2021
https://securelist.com/apt-trends-report-q3-2021/104708

@hackthespace Open / Comment

2021-10-28 19:33:44 245k United Kingdom Combolist

Link :

https://anonfiles.com/d1ubq8Qduc/245k_txt

@hackthespace Open / Comment

2021-10-28 06:39:32 https://github.com/vysecurity/ps1-toolkit Open / Comment

2021-10-27 18:36:27 ALTBalaji

StatusMail:PasswordCaptureDateLIVE tarunpal786.tp@gmail.com:Tarun@78 6 Plan: ALTBalaji Yearly (IN) | Currency: INR | Payment Type: Google in-app purchase | Payment Method: voucher | Expiry: 16-07-2021 | Renew: true17/06/2021, 23:29:28LIVE parunarthi@gmail.com:ar27un11 Plan: ALTBalaji Quarterly (IN) | Currency: INR | Payment Type: UPI | Payment Method: razorpay | Expiry: 06-07-2021 | Renew: true17/06/2021, 23:29:40LIVE luv141186@yahoo.co.in:9909103420 Plan: ALTBalaji Yearly (IN) | Currency: INR | Payment Type: iTunes | Payment Method: iTunes | Expiry: 01-06-2022 | Renew: true17/06/2021, 23:34:40 Open / Comment