Blog post: Weaponizing and Gamifying AI for WiFi Hacking: Presenting Pwnagotchi 1.0.0 - evilsocket.net/2019/10/19/Weap
Reading: 16 min
Published: 10/19/2019

Blog post: Analysis of Two Newly Patched Kubernetes Vulnerabilities - blog.paloaltonetworks.com/2019
Reading: 5 min
Published: 10/16/2019

Black Hat Webcast Series - Leveraging Red for Defense,
Tue, Oct 15, 2019 2:00 PM - 3:00 PM EDT
Register: register.gotowebinar.com/regis

Tools: PenTesters Framework (PTF) v2.3.4 released by TrustedSec PTF i a best way for modular support for up-to-date pentest tools - github.com/TrustedSec/PTF

Blog post: Remote NTLM relaying through meterpreter on Windows port 445 - diablohorn.com/2018/08/25/remo
Reading: 7 min
Published: 08/25/2018

Blog post: Bypass McAfee with McAfee - dmaasland.github.io/posts/mcaf
Reading: 9 min
Published: 10/12/2019

Blog post: Iran-Linked ‘Charming Kitten’ Touts New Spearphishing Tactics - threatpost.com/iran-linked-cha
Reading: 2 min
Published: 10/11/2019

Tools: New Release of Evilginx2 2.3.2 Quality-of-Life - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication - github.com/kgretzky/evilginx2

Blog post by Notsosecure: Out of Band Exploitation (OOB) CheatSheet - notsosecure.com/oob-exploitati
Reading: 9 min
Published: 18/30/2019

Blog post: Drop The MIC 2 (CVE 2019-1166)
& Exploiting LMv2 Clients (CVE-2019-1338) - preempt.com/blog/drop-the-mic-
Reading: 7 min
Published: 10/08/2019

Blog post: Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques - fireeye.com/blog/threat-resear
Reading: 8 min
Published: 10/10/2019

Blog post by Nettitude: How to Exfiltrate AWS EC2 Data - labs.nettitude.com/blog/how-to
Reading: 5 min
Published: 09/10/2019

Webcast by BHIS: How to Play Backdoors & Breaches, an Incident Response Card Game, Wed, Oct 16, 2019 3:00pm EDT
Register: register.gotowebinar.com/regis

Tools: FATT fingerprintAllTheThings - Pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic - github.com/0x4D31/fatt

Blog post by TrustedSec:
Buying Internal Domain Access Again - trustedsec.com/2019/10/buying-
Reading: 4 min
Published: 10/03/2019

Webcast by BHIS: How to Prepare Before the Compromise
Wed, Oct 9, 2019 2:00 PM - 3:00 PM EDT
Register: register.gotowebinar.com/regis

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.