1640 - ghostscript: multiple critical vulnerabilities, including remote command execution - project-zero - Project Zero - Monorail
December 3, 2019 at 12:15:57 PM UTC * - permalink -

- https://bugs.chromium.org/p/project-zero/issues/detail?id=1640

Upgrade from LFI to RCE via PHP Sessions - RCE Security
December 2, 2019 at 3:30:37 PM UTC - permalink -

- https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/

A thread written by @OsintStash: "(1/5) One-time Mobile ☎️ Numbers Thread: http://receive-sms-online.com http://receive-sms-now.com [...]"
December 2, 2019 at 2:45:16 PM UTC - permalink -

- https://threader.app/thread/1199785692274077696

Exploiting prototype pollution - RCE in Kibana (CVE-2019-7609) - research.securitum.com
November 27, 2019 at 10:06:40 AM UTC - permalink -

- https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/

Getting started with Radio Communication hacking for IoT– Part 1 – Radio Frequency Basics and Theory – Nitesh Malviya
November 22, 2019 at 5:02:31 PM UTC - permalink -

- https://www.peerlyst.com/posts/getting-started-with-radio-communication-hacking-for-iot-part-1-radio-frequency-basics-and-theory-nitesh-malviya?trk=search_suggestion_query

us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
November 21, 2019 at 11:23:39 AM UTC * - permalink -

- https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf

GitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-Security
November 20, 2019 at 11:02:50 AM UTC * - permalink -

- https://github.com/S3cur3Th1sSh1t/WinPwn

HTTP Request Smuggling (CL.TE) | memN0ps
November 19, 2019 at 3:14:54 PM UTC - permalink -

- https://memn0ps.github.io/2019/11/02/HTTP-Request-Smuggling-CL-TE.html

Encoding Web Shells in PNG IDAT chunks | Application Security
November 15, 2019 at 2:38:28 PM UTC - permalink -

- https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/

GitHub - rootm0s/WinPwnage: UAC bypass, Elevate, Persistence and Execution methods
November 14, 2019 at 8:03:17 PM UTC * - permalink -

- https://github.com/rootm0s/WinPwnage

Subdomains Enumeration Cheat Sheet · Pentester Land
November 13, 2019 at 1:09:14 PM UTC - permalink -

- https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html

“Relaying” Kerberos - Having fun with unconstrained delegation - dirkjanm.io
November 12, 2019 at 10:00:36 AM UTC * - permalink -

- https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/

Windows Privilege Escalation via Unquoted Service Paths – root@Hausec
November 12, 2019 at 9:52:54 AM UTC * - permalink -

- https://hausec.com/2018/10/05/windows-privilege-escalation-via-unquoted-service-paths/

Kerberos Attack: Silver Ticket Edition
November 12, 2019 at 9:52:33 AM UTC - permalink -

- https://www.varonis.com/blog/kerberos-attack-silver-ticket/

CRITIFENCE®
November 11, 2019 at 9:40:16 PM UTC - permalink -

- http://www.critifence.com/default-password-database/

5 ways Attackers Exploit Account Operators
November 11, 2019 at 9:04:41 PM UTC - permalink -

- https://www.secframe.com/blog/account-operators

A Penetration Tester's Guide to IPMI and BMCs
October 30, 2019 at 10:35:36 AM UTC - permalink -

- https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/

Pentesting QNX Neutrino RTOS | Optiv
October 29, 2019 at 5:05:49 PM UTC - permalink -

- https://www.optiv.com/blog/pentesting-qnx-neutrino-rtos

Hacking QNX
October 29, 2019 at 4:31:20 PM UTC - permalink -

- https://www.slideshare.net/ricardomcm/hacking-qnx

Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes) // byt3bl33d3r // /dev/random > blog.py
October 29, 2019 at 3:50:31 PM UTC - permalink -

- https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html