Office DDEAUTO attacks
New post on willgenovese.com about macro-less Office command execution and how to use different payloads with the attack.
New post on willgenovese.com about macro-less Office command execution and how to use different payloads with the attack.
How to install metasploit inside Win10 WSL and use some python scripts to exploit vulnerable Win2k through 2k16 machines.
willgenovese.com/exploiting-with-eternalromance-using-metapsloit-installed-inside-win10-wsl/
BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker. Check it out @ https://github.com/e-ago/bitcracker or use as a plugin for John The Ripper Jumbo version @ http://openwall.info/wiki/john/OpenCL-BitLocker
Francisco Donoso gave a good talk @Derbycon on Equation Group’s leaked Danderspritz tool
Check out his site danderspritz.com and more docs ::here::
Have fun scanning before DigitialOcean releases their public notice:
1-Click users potentially remotely exploitable unless they have changed the debian-sys-maint password {MySQL, PHPMyAdmin,LAMP, LEMP, WordPress, OwnCloud}
In the MySQL Debian/Ubuntu packaging, there is an additional MySQL user being created: debian-sys-maint.
Any Droplet created fr...
Awesome write-up from @zerosum0x0 & @JennaMagius on how the EternalBlue exploit works and porting the exploit to Win10 https://zerosum0x0.blogspot.com/2017/06/eternalblue-exploit-analysis-and-port.html
Along with the write up about MS17-010/EternalBlue last month on how the exploit works, worawit has posted new details, analysis, POCs, exploits (new one works against win2016). Check out the analysis first.
I’m calling out questionable “facts” on at this presentation titled: “Hacks, Lies, & Nation States” @ AnyCon from today, only because it involves someone from my home state, Mario Dinatale, who claims to be “the State of Connecticut’s #1 Cybersecurity expert”
That unprovable claim, along with a bunch of buzzwords and random tech stories he seems t...
A few weeks ago ShadowBrokers released a dump of NSA/EquationGroup tools used to exploit various machines that they previously tried to auction off unsuccessfully...
It’s been a fun 15 years, nothing’s changed since our inception , the industry still sucks and is full of greedy fucks selling bullshit, 0days still dropping because of shitty code, celebrities still getting exposed, and the government treats still treats hackers like terrorists with obscenely high sentences...