#secadmin2022 ✔️

🔥🔥🔥 Introducing #WebHackingPlayground! A web hacking environment with real-life vulnerabilities. Practice detecting and exploiting them and learn new skills. Check it out on GitHub: github.com/takito1812/web…

Here is a free course on Offensive Software Exploitation. Content looks very decent and hands on. 👇 github.com/ashemery/explo…

«El problema de la humanidad es que los estúpidos están seguros de todo y los inteligentes están llenos de dudas». Bertrand Russell

Bypass endpoint restrictions : #infosec #cybersec #bugbountytips

I have just obtained a new Certified Red Team Professional (CRTP) certification from Altered Security

Malware Analysis Series has exactly 450 pages so far: MAS_1: exploitreversing.com/2021/12/03/mal… MAS_2: exploitreversing.com/2022/02/03/mal… MAS_3: exploitreversing.com/2022/05/05/mal… MAS_4: exploitreversing.com/2022/05/12/mal… MAS_5: exploitreversing.com/2022/09/14/mal… MAS_6: exploitreversing.com/2022/11/24/mal… MAS_7: exploitreversing.com/2023/01/05/mal…

I'm sure i'm late to the party, but MSFT put a user-writable folder in $path (%HOMEPATH%\Appdata\Local\Microsoft\ WindowsApps)??? OneDrive tries to load a non-existant DLL (Microsoft.UI.Xaml.XamlTypeInfo.dll) making for an easy user-level hijack #malware #redteam #cybersecurity

patching amsiscanbuffer function to bypass amsi. nek0x.github.io/papers/amsi_by… #infosec #redteam

Chaos-Rootkit is a x64 kernel-mode rootkit that can hide processes or elevate their privileges, work on the latest Windows versions . github.com/ZeroMemoryEx/C… #Pentesting #redteam #CyberSecurity #infosec

Después de un mini parón, vuelven los artiQLAZOS En este caso, @neekoox nos enseña como bypasear el AMSI a través de la función AmsiScanBuffer. Spoiler: esta es la forma en la que Evil-WinRM lo hace 😳 Enjoy it! deephacking.tech/parcheando-ams…

Hi guys, these past weeks I have been understanding how serialization and data type comparisons works in PHP and how to exploit these vulnerabilities. Here is the first post followed by one or two more to come! medium.com/@josewice7/und…

HelloUuuUuUuUUu, nuevo artiQLAZOoOoOoO En este caso, el compañero @Txhaka_ nos trae su review de la certificación de Burp Suite, el BSCP. Enjoy it! deephacking.tech/burp-suite-cer…

part 2 of my latest blog post covering the heap overflow I found in MiniDLNA (CVE-2023-33476) is up! this one focuses on the exploit dev process used to get remote code execution and pop a shell. exploits included :D blog.coffinsec.com/0day/2023/06/1…

The Havoc Framework 0.6 Hierophant Green - stack duplication - refactored/rewrote indirect syscalls - proxy library loading - random order module loading. - x86 demon implants. - cross process arch injection - AMSI/ETW patching using Hardware breakpoints github.com/HavocFramework…

Learning the basics of Linux kernel exploitation Excellent series by I write about security stuff Debugging with QEMU: blog.k3170makan.com/2020/11/linux-… Stack Overflows: blog.k3170makan.com/2020/11/linux-… RIP control: blog.k3170makan.com/2021/01/linux-… #cybersecurity #infosec #Linux #kernel

A bit late, but here's my cheap PoC for CVE-2023-4911 (Looney Tunables). I hope you like it 💪 github.com/Diego-AltF4/CV…

this is how modern day security researchers look like

¡Queremos dar la enhorabuena a nuestro compañero nkx por obtener la certificación "Burp Suite Certified Practicioner" otorgada por PortSwigger! --- We would like to congratulate our teammate nkx for obtaining the BSCP certification awarded by PortSwigger!