Tools: GCPBucketBrute - A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated - github.com/RhinoSecurityLabs/G

Blog post: Home Network Design - Part 1 by BHIS - blackhillsinfosec.com/home-net
Reading: 11 min
Published: 11/22/2017

Blog post: Aggressive MSBuild – Bypass Detection by Fortynorthsecurity - fortynorthsecurity.com/aggress
Reading: 3 min
Published: 06/24/2019

Blog post: Raspberry Pi 4 on sale now from $35
Highlights: 1.5GHz quad-core 64-bit ARM Cortex-A72 CPU; 1GB, 2GB, or 4GB of LPDDR4 SDRAM; Gigabit Ethernet; Dual-band 802.11ac; Bluetooth 5.0; Two USB 3.0 and two USB 2.0 ports; Dual monitor support and more - raspberrypi.org/blog/raspberry
Reading: 11 min
Published: 06/24/2019

Blog post: Extracting SSH Private Keys from Windows 10 ssh-agent - blog.ropnop.com/extracting-ssh
Reading: 6 min
Published: 05/20/2018

Blog post: How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code - movaxbx.ru/2019/06/04/how-red-
Reading: 10 min
Published: 06/04/2019

Tools: New release of Recon-ng v5 - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources now hosted on Github, upgraded to Python 3, a module marketplace, updated docs, new command interface - github.com/lanmaster53/recon-n

Tools: One-Lin3r - Simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated - github.com/D4Vinci/One-Lin3r

POC: CVE-2019-12874 - Double Free RCE in VLC by Pentestpartners - pentestpartners.com/security-b
Reading: 22 min
Published: 06/22/2019

Blog post: Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708 - medium.com/@alt3kx/build-an-ea
Reading: 5 min
Published: 06/04/2019

Blog post: Stealthy & Targeted Implant Loaders by Attactics - attactics.org/2019/06/21/steal
Reading: 5 min
Published: 06/21/2019

Tools: Survey - MSF Script that can use with all meterpreter callbacks. It runs situational awareness commands storing the output in files nested under folders named after the hostnames of the targets - github.com/jedimammoth/Metaspl

Blog post: Apple TV and Apple Watch Forensics 01: Acquisition by Elcomsoft - blog.elcomsoft.com/2019/06/app
Reading: 5 min
Published: 06/19/2019

Blog post: Hacking around HTA files - blog.sevagas.com/?Hacking-arou by Sevagas
Reading: 10 min
Published: 02/07/2018

Blog post: In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass - securingtomorrow.mcafee.com/ot by Mcafee Lab
Reading: 13 min
Published: 06/19/2019

Blog post: Kali Linux Roadmap (2019/2020) - kali.org/news/kali-linux-roadm
Reading: 5 min
Published: 06/19/2019

Tools: Slackor - A Golang implant that uses Slack as a command and control server - github.com/Coalfire-Research/S

Blog post: Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel by Coalfire - coalfire.com/The-Coalfire-Blog
Reading: 6 min
Published: 06/19/2019

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.