Pentester

2021-06-02 07:53:55 PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys
https://github.com/0vercl0k/CVE-2021-28476 Open / Comment

2021-06-02 07:45:12 CVE-2021-31440:
An Incorrect Bounds Calculation in the Linux Kernel EBPF Verifier (PoC)
https://www.zerodayinitiative.com/blog/2021/5/26/cve-2021-31440-an-incorrect-bounds-calculation-in-the-linux-kernel-ebpf-verifier Open / Comment

2021-06-02 07:44:39 "A New Attack Model for Hybrid Mobile Applications" Open / Comment

2021-06-02 07:39:10 Attacking Active Directory: 0 to 0.9
https://zer1t0.gitlab.io/posts/attacking_ad Open / Comment

2021-06-02 07:37:49 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server (PoC for CVE-2021-21985/CVE-2021-21986)
https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985

NSE checker for CVE-2021-21985
https://github.com/alt3kx/CVE-2021-21985_PoC Open / Comment

2021-06-01 07:54:40 HTML smuggling explained (2018)
https://outflank.nl/blog/2018/08/14/html-smuggling-explained/ Open / Comment

2021-05-29 21:13:41 SUDO_KILLER
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
https://github.com/TH3xACE/SUDO_KILLER Open / Comment

2021-05-28 08:55:16 Linux Internals: How /proc/self/mem writes to unwritable memory
https://offlinemark.com/2021/05/12/an-obscure-quirk-of-proc/ Open / Comment

2021-05-28 08:54:06 WordPress 5.6-5.7 - Authenticated XXE (CVE-2021-29447)
https://github.com//motikan2010//CVE-2021-29447 Open / Comment

2021-05-28 08:38:35 New sophisticated email-based attack from NOBELIUM
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium Open / Comment