CVE-2018-1149 & CVE-2018-1150 NUUO DVR firmware exploits


Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability and a backdoor that allows an attacker remote code execution. Tenable issued the advisory today, the bugs are rated critical and tied to firmware possibly used in one of 100 different cameras that run the affected NVRMini2 webserver so...

Read More

Spookflare


SpookFlare gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages...

Read More

Bypassing UAC with access tokens

@tiraniddo released slides, demo videos, and some source code from his Zero Nights 2017 talk: Abusing Access Tokens for UAC Bypasses. Get it on his Github.
Summary:
“UAC, specifically Admin-Approval mode, has been known to be broken ever since it was first released in Windows Vista...

Read More