Hack-tualité by G-echo - Security-Hacks - Semaine 2019/06

Security-Hacks - Semaine 2019/06

X Forwarded for SQL injection
Sat, 09 Feb 2019 16:38:03 GMT
Last year, on May, I was assigned a Web Application test of a regular customer. As the test was blackbox one of the few entry points - if not the …
Bypass Application Whitelisting using Weak Path Rule
Wed, 06 Feb 2019 06:31:52 GMT
Raj Chandel
Finding loopholes is very important when you are the part of a pen-testing team. Because such loopholes are the source of hacking as the attacker …
Full Disclosure: Content Injection in Amazon's FireOS [CVE-2019-7399]
Fri, 08 Feb 2019 21:46:17 GMT
Nightwatch Cybersecurity Research
<b>Content Injection in Amazon's FireOS [CVE-2019-7399]</b><p><i>From</i>: Nightwatch Cybersecurity Research <research () nightwatchcybersecurity com> <i><br>Date</i>: Thu, 7 Feb …
Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
Mon, 04 Feb 2019 08:13:41 GMT
I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious ODT file and moves …
Android for Hackers: How to Scan Websites for Vulnerabilities Using an Android Phone Without Root
Sat, 09 Feb 2019 08:51:40 GMT
Auditing websites and discovering vulnerabilities can be a challenge. With RapidScan and UserLAnd combined, anyone with an unrooted Android phone can …
Red Teaming Made Easy with Exchange Privilege Escalation and PowerPriv
Mon, 04 Feb 2019 20:16:57 GMT
TL;DR: A new take on the recently released Exchange privilege escalation attack allowing for remote usage without needing to drop files to disk, …
Evil Twin Attack [The Definitive Guide] (Updated 2019)
Sun, 10 Feb 2019 09:31:50 GMT
by Hardeep Singh
Last updated Feb. 9, 2019<p>In this article I’ll show you how an attacker can retrieve cleartext WPA2 passphrase on automation using an Evil Twin Access …
Mon, 04 Feb 2019 20:18:25 GMT
README.md<p>Written by: Dave Kennedy (@HackingDave) Website: https://www.trustedsec.com<p>Magic Unicorn is a simple tool for using a PowerShell downgrade …
By G-echo