Blog post: Breaking PHP's mt_rand() with 2 values and no bruteforce - ambionics.io/blog/php-mt-rand-
Reading: 9 min
Published: 01/06/2020

Blog post by Trendmicro: First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group - blog.trendmicro.com/trendlabs-
Reading: 5 min
Published: 01/06/2020

Blog post: Bypassing AV via in-memory PE execution - blog.dylan.codes/bypassing-av-
Reading: 8 min
Published: 01/06/2020

Blog post by Pentestlab: Persistence – Change Default File Association - pentestlab.blog/2020/01/06/per
Reading: 3 min
Published: 01/06/2020

Blog post: Multiple Transports in a Meterpreter Payload - ionize.com.au/multiple-transpo
Reading: 3 min
Published: 11/20/2018

Blog post: Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware - microsoft.com/security/blog/20
Reading: 11 min
Published: 09/26/2019

Blog post: AV Evasion Converting PowerEmpire Stage 1 to CSharp - plaintext.do/AV-Evasion-Conver
Reading: 14 min
Published: 07/24/2019

Blog post by Hacking Articles: Windows for Pentester BITSAdmin - hackingarticles.in/windows-for
Reading: 14 min
Published: 01/04/2020

Blog post: From dropbox(updater) to NT AUTHORITY\SYSTEM - decoder.cloud/2019/12/18/from-
Reading: 4 min
Published: 12/18/2019

Tools: WheresMyImplant - Contains the tooling nessessary to gaining and maintain access to target system. It can also be installed as WMI provider for covert long term persistence - github.com/0xbadjuju/WheresMyI

Tools: SharpDomainSpray - password spraying tool written in .NET. It takes a password then finds users in the domain and attempts to authenticate to the domain with that given password - github.com/HunnicCyber/SharpDo

Blog post: Staging over HTTPS and DNS simultaneously with Cobalt Strike and Shellter - blog.hunniccyber.com/staging-o
Reading: 4 min
Published: 12/26/2019

Tools: Just-Metadata - tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset - github.com/FortyNorthSecurity/

Webcast by SANS: SEC642: Killing snakes for fun, Flask SSTIs and RCEs in Python, Monday, January 13th, 2020 at 1:00 PM EST (18:00:00 UTC)
Register: sans.org/webcasts/112860

Tools: SharpStat - C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely - github.com/Raikia/SharpStat

Tools: RemoteRecon - Provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent - github.com/xorrior/RemoteRecon

POC: CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the `toBSON` method - github.com/masahiro331/CVE-201

Tools: IntelOwl - Analyze files, domains, IPs in multiple ways from a single API at scale - github.com/certego/IntelOwl

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.