Hack-tualité by G-echo - Security-Hacks - Mois 2019/03

Security-Hacks - Mois 2019/03

Sun, 10 Mar 2019 11:33:30 GMT
PS4 6.20 WebKit Code Execution PoC
Sun, 10 Mar 2019 11:33:30 GMT
Cryptogenic
README.md<p>This repo contains a proof-of-concept (PoC) RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit …
Fri, 15 Mar 2019 08:03:15 GMT
How To: Steal Ubuntu & macOS Sudo Passwords Without Any Cracking
Fri, 15 Mar 2019 08:03:15 GMT
tokyoneon
With a simple social engineering trick, sudo passwords can be captured in seconds without the target's knowledge. The passwords can then be saved to …
Mon, 11 Mar 2019 01:50:35 GMT
MouseJack: From Mouse to Shell - Part 2
Mon, 11 Mar 2019 01:50:35 GMT
This is a continuation of Part 1 which can be found here.<p>New/Fixed Mice<p>Since the last blog post, I’ve done some additional testing and it looks like …
Fri, 08 Mar 2019 22:17:10 GMT
memtriage (previously lmem)
Fri, 08 Mar 2019 22:17:10 GMT
gleeda
README.md<p>Allows you to quickly query a live Windows machine for RAM artifacts<p>This tool utilizes the Winpmem drivers to access physical memory, and …
Thu, 07 Mar 2019 07:28:46 GMT
Windows Process Injection: Print Spooler
Thu, 07 Mar 2019 07:28:46 GMT
odzhan
<b>Introduction</b>Every application running on the windows operating system has a thread pool or a “worker factory” and this internal mechanism allows an …
Sat, 09 Mar 2019 11:32:00 GMT
How To: Inconspicuously Sniff Wi-Fi Data Packets Using an ESP8266
Sat, 09 Mar 2019 11:32:00 GMT
Kody
If you want to get started sniffing Wi-Fi networks, you usually need to start with a wireless network adapter. But thanks to a Wi-Fi sniffing library …
Mon, 11 Mar 2019 06:13:08 GMT
CVE-2019-0192 - Apache Solr RCE 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5
Mon, 11 Mar 2019 06:13:08 GMT
mpgn
<i>This is an early PoC of the Apache Solr RCE</i><p>From https://issues.apache.org/jira/browse/SOLR-13301:<p>ConfigAPI allows to configure Solr's JMX server via …
Wed, 20 Mar 2019 08:14:06 GMT
How To: Use Websploit to Scan Websites for Hidden Directories
Wed, 20 Mar 2019 08:14:06 GMT
drd_
Websites are often misconfigured in ways that allow an attacker to view directories that are not ordinarily meant to be seen. These directories can …
Fri, 08 Mar 2019 03:56:41 GMT
Facebook Messenger server random memory exposure through corrupted GIF image
Fri, 08 Mar 2019 03:56:41 GMT
Dzmitry
Intro<p>Year ago, in February 2018, I was testing Facebook Messenger for Android looking how it works with corrupted GIF images. I was inspired by …
Fri, 08 Mar 2019 03:59:01 GMT
Analyzing a Phishing PDF with /ObjStm
Fri, 08 Mar 2019 03:59:01 GMT
I got hold of a phishing PDF where the /URI is hiding inside a stream object (/ObjStm).<p>First I start the analysis with pdfid.py:<p>There is no /URI …
Mon, 04 Mar 2019 07:29:15 GMT
The Supreme Backdoor Factory
Mon, 04 Mar 2019 07:29:15 GMT
Posted by jj
Recently I was playing with VirusTotal Intelligence and while testing some dynamic behavior queries I stumbled upon this strange PE binary (MD5: …
Thu, 07 Mar 2019 00:45:03 GMT
Android for Hackers: How to Exfiltrate WPA2 Wi-Fi Passwords Using Android & PowerShell
Thu, 07 Mar 2019 00:45:03 GMT
tokyoneon
It's easier than you might think to hack into Wi-Fi routers using just one unrooted Android phone. Brute-forcing isn't needed. And you don't even …
Thu, 14 Mar 2019 07:20:36 GMT
CVE-2019-9580 - StackStorm exploiting CORS null origin to gain RCE < 2.9.3 and 2.10.3
Thu, 14 Mar 2019 07:20:36 GMT
mpgn
Prior to 2.10.3/2.9.3, if the origin of the request was unknown, we would return null. null can result in a successful request from an unknown origin …
Wed, 20 Mar 2019 08:13:14 GMT
AntiVirus Evasion Tool
Wed, 20 Mar 2019 08:13:14 GMT
govolution
README.md<p>AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion …
Sat, 09 Mar 2019 11:35:26 GMT
Bypass User Access Control using Empire
Sat, 09 Mar 2019 11:35:26 GMT
Raj Chandel
This is the fifth article in our empire series, for the basic guide to empire click here. In this article, we will learn to bypass administrator …
Fri, 15 Mar 2019 08:04:37 GMT
Hacking macOS: How to Create an Undetectable Payload
Fri, 15 Mar 2019 08:04:37 GMT
tokyoneon
Encrypting payloads and encoding stagers are more effective against macOS than one might think. Plus, it's very easy to evade VirusTotal and macOS …
Wed, 06 Mar 2019 22:18:18 GMT
Drupal RESTful Web Services unserialize() Remote Code Execution
Wed, 06 Mar 2019 22:18:18 GMT
This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST …
Mon, 11 Mar 2019 06:13:46 GMT
Automatically extract KeyStore objects and relative password from Android applications with Frida - Read more: http://ceres-c.it/frida-android-keystore
Mon, 11 Mar 2019 06:13:46 GMT
ceres-c
#!/usr/bin/python3<p>author: ceres-c<p>usage: ./frida-extract-keystore.py<p>Once the keystore(s) have been exported you have to convert them to PKCS12 using …
Mon, 18 Mar 2019 04:22:49 GMT
my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Mon, 18 Mar 2019 04:22:49 GMT
toniblyx
README.md<p><b>Defensive (Hardening, Security Assessment, Inventory)</b><p><b>ScoutSuite</b>: https://github.com/nccgroup/ScoutSuite - Multi-Cloud Security auditing tool …
Wed, 13 Mar 2019 07:58:38 GMT
How To: Gain SSH Access to Servers by Brute-Forcing Credentials
Wed, 13 Mar 2019 07:58:38 GMT
drd_
SSH is one of the most common protocols in use in modern IT infrastructures, and because of this, it can be a valuable attack vector for hackers. One …
Fri, 15 Mar 2019 08:10:52 GMT
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
Fri, 15 Mar 2019 08:10:52 GMT
drd_
Microsoft Office files can be password-protected in order to prevent tampering and ensure data integrity. But password-protected documents from …
Sat, 16 Mar 2019 11:40:06 GMT
How To: Track a Target Using Canary Token Tracking Links
Sat, 16 Mar 2019 11:40:06 GMT
Kody
Canary tokens are customizable tracking links useful for learning about who is clicking on a link and where it's being shared. Thanks to the way many …
Wed, 13 Mar 2019 07:49:56 GMT
AutoMacTC: Automated Mac Forensic Triage Collector
Wed, 13 Mar 2019 07:49:56 GMT
CrowdStrike
Purpose<p>This is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in …
Mon, 18 Mar 2019 18:15:03 GMT
Using HTTP Pipelining to hide requests
Mon, 18 Mar 2019 18:15:03 GMT
Robin Wood - DigiNinja
Mon 18th March 19<p>In this post I'm going to discuss using HTTP pipelining to hide malicious HTTP requests. This is not domain fronting but uses …
Tue, 05 Mar 2019 23:02:13 GMT
APT40: Examining a China-Nexus Espionage Actor « APT40: Examining a China-Nexus Espionage Actor
Tue, 05 Mar 2019 23:02:13 GMT
FireEye is highlighting a cyber espionage operation targeting crucial technologies and traditional intelligence targets from a China-nexus state …
Tue, 05 Mar 2019 22:52:43 GMT
How To: Automate Wi-Fi Hacking with Wifite2
Tue, 05 Mar 2019 22:52:43 GMT
Kody
There are many ways to attack a Wi-Fi network. The type of encryption, manufacturer settings, and the number of clients connected all dictate how …
Mon, 18 Mar 2019 22:44:19 GMT
Apache Nimble Bluetooth Stack
Mon, 18 Mar 2019 22:44:19 GMT
InfoSect
The above code has an off-by-1.<p>There are some strncpy bugs, where strings may be left unterminated.<p>And again,And one more time,The only other use of …
Sat, 02 Mar 2019 09:37:17 GMT
Modern Binary Exploitation Writeups-0x03
Sat, 02 Mar 2019 09:37:17 GMT
inc0gnitoBlockedUnblockFollowFollowing<p>Feb 22<p>This is the 3rd writeup of <b>Tools and Basic Reverse Engineering</b> by RIPSEC, a subpart of <b>Modern Binary</b> …
Mon, 18 Mar 2019 22:44:32 GMT
Multiple Ways to Exploiting OSX using PowerShell Empire
Mon, 18 Mar 2019 22:44:32 GMT
Raj Chandel
In this article, we will learn multiple ways to how to hack OS X using empire. There are various stagers given in empire for the same and we use a …
Thu, 14 Mar 2019 19:23:55 GMT
GlitchPOS: New PoS malware for sale
Thu, 14 Mar 2019 19:23:55 GMT
Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker.<p>Executive summary<p>Point-of-sale malware is popular among …
Wed, 06 Mar 2019 22:11:03 GMT
JAVA-VBS Joint Exercise Delivers RAT
Wed, 06 Mar 2019 22:11:03 GMT
Diwakar Dinkar
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to …