"Docker Container Escape PoC (CVE-2019-5736) in Go."

Would be great if all PoC come with a detailed writeup like this one.

github.com/Frichetten/CVE-2019

"Facebook CSRF protection bypass which leads to Account Takeover."

Great find and writeup. Worth $25,000 by FB

ysamm.com/?p=185

"Pwning WPA/WPA2 Networks With Bettercap and the PMKID Client-Less Attack "

Solid writeup for his tool (bettercap) @evilsocket@twitter.com.
Still need a big cracking ring to be interesting.

evilsocket.net/2019/02/13/Pwni

Gorsair: Gorsair is a tool that hacks its way into remote docker containers that expose their APIs.

github.com/Ullaakut/Gorsair

CloudBunny: CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

github.com/Warflop/CloudBunny

"Privilege Escalation in Ubuntu Linux (dirty_sock exploit)" - January 2019

Good find and complete writeup.

shenaniganslabs.io/2019/02/13/

"How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)"

TL:Dr: Waiting in the 2FA page could allow you to log in without knowing the current password in many major websites.

medium.com/@lukeberner/how-i-a

"Joomla Global Configuration Text Filter settings Stored XSS Vulnerability (CVE-2019-6263 Exploit) "

Impact limited as you need to be logged in as admin in Joomla already.

github.com/praveensutar/CVE-20

ct-exposer : An OSINT tool that discovers sub-domains by searching Certificate Transparency logs

github.com/chris408/ct-exposer

dnstwist : Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

github.com/elceef/dnstwist

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Outch, once again great find from @fs0c131y@twitter.com .
Thankfully limited as attacker need to be on same local network than the victim.

github.com/fs0c131y/ESFileExpl

A look at how LinkedIn spies on its users by scanning their installed browser extensions.
github.com/dandrews/nefarious-

Cat and mouse game continue. Smart trick used by phishers.

"Phishing template uses fake fonts to decode content and evade detection"

proofpoint.com/us/threat-insig

"Kick-start your code obfuscation techniques"

Nice read, too bad cats pictures cover a few slides...

synacktiv.com/ressources/jseci

A response to “We are Google employees, Google must drop DragonFly”.

I’m Chinese, Google’s DragonFly must go on.

github.com/ithinco/i-am-chines

Show more
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!