Zer0 to her0

2019-07-03 03:22:43 Hacking Jenkins
By Orange Tsai on HITB2019AMS





@SecTalks Open / Comment

2019-06-27 00:17:29 How-to Guide: Defeating an Android Packer with FRIDA

https://www.fortinet.com/blog/threat-research/defeating-an-android-packer-with-frida.html

@FromZer0toHero Open / Comment

2019-06-23 07:58:27 VIM tutorial: linux terminal tools for bug bounty pentest and redteams





@FromZer0toHero Open / Comment

2019-06-21 19:47:27 Double-Free RCE in VLC. A honggfuzz how-to

https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to

@FromZer0toHero Open / Comment

2019-06-18 19:14:18 Escalating AWS IAM Privileges with an Undocumented CodeStar API

https://rhinosecuritylabs.com/aws/escalating-aws-iam-privileges-undocumented-codestar-api

@FromZer0toHero Open / Comment

2019-06-14 19:15:32 Bypassing IDOR Protection:
How spending our Saturday hacking earned us 20k

https://medium.com/intigriti/how-spending-our-saturday-hacking-earned-us-20k-60990c4678d4

@FromZer0toHero Open / Comment

2019-06-01 04:00:33 A journey on APT34 (OilRig) PoisonFrog C2 Server

Analyzing a possible vulnerability that could allow the compromise/takeover of the c2 server

https://0x09al.github.io/security/apt34/malware/poisonfrog/vulnerability/2019/05/31/apt-34-poisonfrog-vulnerability.html

@BlueTeamLibrary Open / Comment

2019-05-20 05:31:20 Breach: From Recon to penetrating the perimeter, to actions on the target





@SecTalks Open / Comment

2019-05-10 15:47:35 awesome-jenkins-rce-2019

There is no pre-auth RCE in Jenkins since May 2017, but this is the one!

It chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution!

https://github.com/orangetw/awesome-jenkins-rce-2019

@FromZer0toHero Open / Comment

2019-05-06 15:28:15 VMware Fusion 11 - Guest VM RCE - CVE-2019-5514

https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514

@FromZer0toHero Open / Comment