Blog post: Breaking PHP's mt_rand() with 2 values and no bruteforce -
Reading: 9 min
Published: 01/06/2020

Blog post by Trendmicro: First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group -
Reading: 5 min
Published: 01/06/2020

Blog post: Bypassing AV via in-memory PE execution -
Reading: 8 min
Published: 01/06/2020

Blog post by Pentestlab: Persistence – Change Default File Association -
Reading: 3 min
Published: 01/06/2020

Blog post: Multiple Transports in a Meterpreter Payload -
Reading: 3 min
Published: 11/20/2018

Blog post: Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware -
Reading: 11 min
Published: 09/26/2019

Blog post: AV Evasion Converting PowerEmpire Stage 1 to CSharp -
Reading: 14 min
Published: 07/24/2019

Blog post by Hacking Articles: Windows for Pentester BITSAdmin -
Reading: 14 min
Published: 01/04/2020

Blog post: From dropbox(updater) to NT AUTHORITY\SYSTEM -
Reading: 4 min
Published: 12/18/2019

Tools: WheresMyImplant - Contains the tooling nessessary to gaining and maintain access to target system. It can also be installed as WMI provider for covert long term persistence -

Tools: SharpDomainSpray - password spraying tool written in .NET. It takes a password then finds users in the domain and attempts to authenticate to the domain with that given password -

Blog post: Staging over HTTPS and DNS simultaneously with Cobalt Strike and Shellter -
Reading: 4 min
Published: 12/26/2019

Tools: Just-Metadata - tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset -

Webcast by SANS: SEC642: Killing snakes for fun, Flask SSTIs and RCEs in Python, Monday, January 13th, 2020 at 1:00 PM EST (18:00:00 UTC)

Tools: SharpStat - C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely -

Tools: RemoteRecon - Provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent -

POC: CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the `toBSON` method -

Tools: IntelOwl - Analyze files, domains, IPs in multiple ways from a single API at scale -

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.