illmob

Tools:
https://github.com/byt3bl33d3r/WitnessMe
https://github.com/NotSoSecure/cloud-service-enum
https://github.com/theMiddleBlue/CVE-2019-11043
https://github.com/cobbr/Covenant
https://github.com/n1xbyte/donutCS
https://sqlectron.github.io/
https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv
https://gitlab.com/initstring/evil-ssdp
https://github.com/nyxgeek/ntlmscan
https://twitter.com/cry__pto/status/1190045825914802176
https://github.com/3gstudent/Homework-of-C-Language/blob/master/Install_.Net_Framework_from_the_command_line.cpp
https://github.com/initstring/uptux
https://github.com/b4rtik/RedPeanut
https://github.com/rvazarkar/SharpHound3
https://github.com/Binject/go-donut
https://github.com/infosecn1nja/MaliciousMacroMSBuild
https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
https://shenaniganslabs.io/2019/11/12/Ghost-Potato.html
https://github.com/0x09AL/RdpThief
https://github.com/Mr-Un1k0d3r/SCShell
https://labs.nettitude.com/blog/introducing-sharpsocks-v2-0/
https://github.com/FuzzySecurity/Sharp-Suite#remoteviewing
https://github.com/liamg/pax
https://github.com/skelsec/jackdaw

Reading:
https://twitter.com/Alra3ees/status/1192246345341513729
https://www.mdsec.co.uk/2019/11/rdpthief-extracting-clear-text-credentials-from-remote-desktop-clients/
C2 Comparisons
https://twitter.com/OSINTtechniques/status/1197102283869376513
http://powerofcommunity.net/poc2019/Qian.pdf
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/
https://medium.com/@c2defense/man-in-the-network-network-devices-are-endpoints-too-d5bd4a279e37
https://leucosite.com/Edge-Local-File-Disclosure-and-EoP/
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6
https://www.embercybersecurity.com/blog/cve-2019-1378-exploiting-an-access-control-privilege-escalation-vulnerability-in-windows-10-update-assistant-wua
http://tpm.fail/
https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/
https://www.bleepingcomputer.com/news/security/magento-urges-users-to-apply-security-update-for-rce-bug/
https://medium.com/@d.bougioukas/red-team-diary-entry-2-stealthily-backdooring-cms-through-redis-memory-space-5813c62f8add
https://medium.com/@two06/amsi-as-a-service-automating-av-evasion-2e2f54397ff9
https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html

Breaches:
https://threatpost.com/hackers-dump-2-2m-gaming-cryptocurrency-passwords-online/150451/
https://headleaks.com/2019/11/21/millions-of-sites-using-jetpack-wordpress-plugin-exposed-by-a-security-vulnerability-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
https://www.helpnetsecurity.com/2019/11/20/confidential-medical-images/
https://gizmodo.com/7-5-million-adobe-accounts-exposed-by-security-blunder-1839364598
https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/
https://pastebin.com/8rXhtqgr

+20 new dumps added to our database