Hack-tualité by G-echo - Security : hacks, exploits, protection, tools - Semaine 2018/51

Security : hacks, exploits, protection, tools - Semaine 2018/51

Next Reality » Augmented & Mixed Reality News, Rumors & Dev Guides
Sat, 22 Dec 2018 11:15:28 GMT
In a world where augmented reality is becoming the hero of the movie marketing, Universal Studios has decided to use the technology to reinvent the …
Windows Driver Signing Enforcement bypass
Fri, 21 Dec 2018 13:23:03 GMT
I uploaded all of the materials and files to my latest DSE bypass workshop, which I held at Defcon, hack.lu and Hacktivity to my Github …
Morphisec Uncovers New Attack Vector Named CIGslip That Bypasses Microsoft Code Integrity Guard (CIG)
Fri, 21 Dec 2018 13:22:36 GMT
Michael Gorelik
A new bypass of Microsoft’s Code Integrity Guard (CIG) has been discovered by Morphisec researchers Michael Gorelik and Andrey Diment. The method, …
Cyber Security Hardware Tools
Fri, 21 Dec 2018 09:11:22 GMT
When learning about modern cybersecurity tools and techniques there is often an emphasis placed on software tools and programs used to gather …
How To: Locate & Exploit Devices Vulnerable to the Libssh Security Flaw
Wed, 19 Dec 2018 17:32:01 GMT
Kody
Computers all over the world rely on a program called "libssh" to use the SSH communications protocol, which allows trusted users to log in and …
pe_to_shellcode
Sun, 16 Dec 2018 16:26:58 GMT
hasherezade
Converts PE so that it can be then injected just like a normal shellcode. <b><br>Supports both 32 and 64 bit PEs</b><p>Clone:<p>Use recursive clone to get the repo …
TUTORIAL – UNIVERSAL ANDROID SSL PINNING IN 10 MINUTES WITH FRIDA
Sun, 16 Dec 2018 02:48:59 GMT
Written by omespino
Hi everyone It’s been a while from my last post but I’m back , now I want to show you that you can start hacking android apps with frida without …
USBNinja
Sat, 15 Dec 2018 21:41:33 GMT
USBNinja is an information security and penetration testing tool that looks and behaves just like a regular USB cable (both power and data) until a …
NFCKill (Professional Version)
Fri, 14 Dec 2018 21:20:32 GMT
High Frequency (13.56MHz)<p>Tags: All known tags (MIFARE Family, HID iCLASS, Calypso, Contactless Payment, etc)<br>• Hardware: Most reader and writer …
Free Hotel Wifi over and over indefinitely with Python and Selenium
Fri, 14 Dec 2018 10:13:53 GMT
~ Anko
In some situations you need to fake / change / spoof a MAC address of your network interface. macchanger Linux command does this job in no time. With …
Knock v.4.1.1 - Subdomain Scan
Mon, 10 Dec 2018 21:26:35 GMT
<b>Knockpy</b> is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for <b>DNS zone transfer</b> and to …
Fuzzing proprietary protocols with Scapy, radamsa and a handful of PCAPs
Mon, 10 Dec 2018 09:18:53 GMT
Introduction<p>As security consultants, we act as hired guns by our clients to perform black-box security testing of applications. Oftentimes we have to …
RCE in PHP or how to bypass disable_functions in PHP installations
Sun, 09 Dec 2018 09:01:49 GMT
WallarmBlockedUnblockFollowFollowing<p>Dec 6<p>Today we will explore an exciting method to remotely execute code even if an administrator set …
Web Application Penetration Testing Notes
Sun, 09 Dec 2018 08:51:17 GMT
Once you've intercepted the POST to the vulnerable page, see if you can get the system to do what it would normally, but with entities:<p>Next, see if …
Tcpreplay - Pcap Editing And Replay Tools For *NIX And Windows
Sat, 08 Dec 2018 23:02:03 GMT
Lydecker Black
Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which …
How to use responder tool to perform exploitation in windows environment by stealing NTLMv2 hashes.
Sat, 08 Dec 2018 07:29:00 GMT
incredibleindishell
Download link for responder is: - https://github.com/lgandx/Responder<p>This tool is capable of poisoning LLMNR and NBT-NS requests.<p>Let's assume, we are …
linikatz
Thu, 06 Dec 2018 05:16:31 GMT
portcullislabs
README.md<p>This repository contains all of the scripts and source code for "Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX".<p>Foe any queries …
HPE iMC — Hunting the Hunted
Tue, 04 Dec 2018 07:53:27 GMT
Chris LyneBlockedUnblockFollowFollowing<p>Oct 9<p>Author: Chris Lyne<p>SUMMARY<p>Tenable Research has discovered several security vulnerabilities in the HPE …
Remotely Hijacking Zoom Clients
Tue, 04 Dec 2018 07:42:34 GMT
David WellsBlockedUnblockFollowFollowing<p>Dec 3<p>Hello Everyone,<p>I would like to walkthrough a severe logic flaw vulnerability found in Zoom’s Desktop …
Triton - Dynamic Binary Analysis (DBA) Framework
Mon, 03 Dec 2018 14:10:49 GMT
<b>Triton</b> is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, …
WSSiP: A WebSocket Manipulation Proxy
Sun, 02 Dec 2018 22:53:32 GMT
nccgroup
Short for "WebSocket/Socket.io Proxy", this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view …
BeRoot For Windows
Sat, 01 Dec 2018 09:43:23 GMT
AlessandroZ
BeRoot(s) is a post exploitation tool to check common Windows misconfigurations to find a way to escalate our privilege.<br>A compiled version is …
Injecting Code into Windows Protected Processes using COM - Part 2
Sat, 01 Dec 2018 09:42:41 GMT
Posted by James Forshaw, Project Zero<p>In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft …
Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you're visiting
Sun, 25 Nov 2018 13:18:12 GMT
By Thomas Claburn in San Francisco 21 Nov 2018 at 07:04
<b>Special report</b> Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and …
ChipWhisperer
Sun, 25 Nov 2018 06:57:09 GMT
newaetech
Wiki | Knowledge Base | Forum | Store | NewAE<p>ChipWhisperer is an open source toolchain dedicated to hardware security research. This toolchain …
Exploit-Challenges: collection of vulnerable ARM binaries for practicing exploit development
Fri, 23 Nov 2018 05:49:39 GMT
by do son · Published · Updated November 23, 2018
<b>Exploit-Challenges</b><p>Here are a collection of vulnerable ARM binaries designed for beginner vulnerability researchers & exploit developers to play …
By G-echo

Pour aller plus loin

Ressources