Learn Information Security: 2017

Understanding and Exploiting Web-based LDAP

http://pen-testing.sans.org/blog/2017/11/27/understanding-and-exploiting-web-based-ldap

Rtfdump update

Version 0.0.6 https://blog.didierstevens.com/2017/12/10/update-rtfdump-py-version-0-0-6/

Pdfid update

Version 0.2.3 http://blog.didierstevens.com/2017/11/27/update-pdfid-py-version-0-2-3/

Another S3 leak

Alteryx S3 leak leaves 123m American households exposed | ZDNet http://www.zdnet.com/article/alteryx-s3-leak-leaves-120m-american-households-exposed/

Totally stumbled across this by accident, but it does not look like I ma the first to find this:

http://georgemauer.net/2017/10/07/csv-injection.html

https://www.owasp.org/index.php/CSV_Excel_Macro_Injection

https://pentestmag.com/formula-injection/

https://www.contextis.com/blog/comma-separated-vulnerabilities

https://hackerone.com/reports/72785

More on SEC breach

Here's The Latest About What The SEC Hackers Stole, but not a whole lot really

https://packetstormsecurity.com/news/view/28207/Heres-The-Latest-About-What-The-SEC-Hackers-Stole.html

Some fun lately with custom payloads

Doing some testing on new AV. Been reading a lot about custom payloads. I now many of these are old, but the ideas may still be new to others.
Here are some of the more recent reads ......

http://e-spohn.com/blog/2012/08/02/pe-crypters-hyperion/

https://www.christophertruncer.com/bypass-antivirus-with-meterpreter-as-the-payload-hyperion-fun/

http://www.exploit-monday.com/2011/11/powersyringe-powershell-based-codedll.html

http://colesec.inventedtheinternet.com/obfuscating-meterpreter-payloads-with-veil/

http://colesec.inventedtheinternet.com/hacking-with-powershell-powersploit-and-invoke-shellcode/

https://github.com/rapid7/metasploit-framework/wiki/How-payloads-work

https://www.citadelo.com/en/how-we-bypassed-nod32-and-hacked-a-paranoid-customer-2/

Course Review: Ethical Hacking For Beginners

course:
https://stackskills.com/p/ethical-hacking-for-beginners

Overall verdict: Stay Away.
Better course for the money, adn this is not that expensive, so please let that tell you something.

Basic lectures are wrong in this course. The information presented about traceroute and DNS is just plain wrong in this course. Everything else is not that much different form similar coursework available from other sources. My suggestion is to look elsewhere.

Avanti Markets Breach

http://www.avantimarkets.com/notice-of-data-breach/

Etheream heist

Hacker Uses A Simple Trick to Steal $7 Million Worth of Ethereum Within 3 Minutes http://thehackernews.com/2017/07/ethereum-cryptocurrency-heist.html

Anthem Breach Settlement

Anthem Agrees to Settle 2015 Data Breach for $115 Million https://threatpost.com/anthem-agrees-to-settle-2015-data-breach-for-115-million/126527/

WWE fans exposed

Leaky WWE Database Exposes Personal Data of 3M Wrestling Fans https://threatpost.com/leaky-wwe-database-exposes-personal-data-of-3m-wrestling-fans/126710/

Hospitality breaches

Hard Rock, Loews Hotels Among Sabre Corp Hospitality Breach Victims https://threatpost.com/hard-rock-loews-hotels-among-sabre-corp-hospitality-breach-victims/126715/

Molina Needs some Health

https://krebsonsecurity.com/2017/05/molinahealthcare-com-exposed-patient-records/

KMart Again??????

https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/

Buckle Breach

https://krebsonsecurity.com/2017/06/credit-card-breach-at-buckle-stores/

Canada fires tax worker

http://www.cbc.ca/news/politics/canada-revenue-agency-tax-privacy-breach-dvd-lost-fired-employee-1.4121807

Qatar state news agency hacked

http://www.securityweek.com/qatar-begins-probe-after-state-news-agency-hacked

How was flexispy hacked

https://dl.packetstormsecurity.net/papers/attack/flexispy-hacked.txt

Update:
another DIY guide:
https://dl.packetstormsecurity.net/papers/attack/hackback-a-diy-guide.txt

Hacker steals and shares unreleased TV shows

http://www.bbc.com/news/technology-39769428

Tinder Investigates After 40,000 Profile Pics Snatched

https://packetstormsecurity.com/news/view/27749/Tinder-Investigates-After-40-000-Profile-Pics-Snatched.html

Microsoft Windows 32-bit / 64-bit cmd.exe Shellcode

https://packetstormsecurity.com/files/142572/wincmdexe-shellcode.txt

French election hack

Hackers emit 9GB of stolen Macron 'emails' two days before French presidential election • The Register http://www.theregister.co.uk/2017/05/06/hackers_release_9gb_of_email_from_macron_two_days_before_french_presidential_election/

Hacker Steals Millions of User Account Details from Education Platform Edmodo

https://motherboard.vice.com/en_us/article/hacker-steals-millions-of-user-account-details-from-education-platform-edmodo

India's Zomato Says Data From 17 Million Users Stolen

Https://packetstormsecurity.com/news/view/27822/Indias-Zomato-Says-Data-From-17-Million-Users-Stolen.html

Bell Canada Hack Hits 1.9 Million Customers

Https://packetstormsecurity.com/news/view/27812/Bell-Canada-Hack-Hits-1.9-Million-Customers.html

New card for you

IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels https://threatpost.com/ihg-confirms-second-credit-card-breach-impacting-1000-plus-hotels/125033/

Reset your passwords

Atlassian Resets HipChat Passwords Following Breach https://threatpost.com/atlassian-resets-hipchat-passwords-following-breach/125210/

Holiday Inn breach

Holiday Inn Hotels Hit By Card Payment System Hack https://packetstormsecurity.com/news/view/27692/Holiday-Inn-Hotels-Hit-By-Card-Payment-System-Hack.html

RaaS

Russian Hacker Creates Starter Pack Ransomware Service https://packetstormsecurity.com/news/view/27685/Russian-Hacker-Creates-Starter-Pack-Ransomware-Service.html

Small Linux shellcode

Linux x86_64 execve("/bin/sh") Shellcode https://packetstormsecurity.com/files/142135/31linuxx8664binsh-shellcode.txt

GameStop breach

GameStop Confirms Possible Breach Of Customer Credit Card Info https://packetstormsecurity.com/news/view/27657/GameStop-Confirms-Possible-Breach-Of-Customer-Credit-Card-Info.html

Analyze Embedded PDF file

https://blog.didierstevens.com/2017/04/20/malicious-documents-the-matryoshka-edition/

Shoney's announces breach

http://www.ibtimes.co.uk/shoneys-restaurants-hit-pos-malware-customers-card-details-compromised-months-1617409

Hotel chain breach bigger

InterContinental Hotel Chain Breach Expands https://krebsonsecurity.com/2017/04/intercontinental-hotel-chain-breach-expands/

Citadel owner pleads guilty

Russian mastermind of $500m bank-raiding Citadel coughs to crimes

http://www.theregister.co.uk/2017/03/22/russian_citadel_malware_pleads_guilty/

ABTA Website Hacked

43,000 People Affected By Breach

https://packetstormsecurity.com/news/view/27609/ABTA-Website-Hacked-43-000-People-Affected-By-Breach.html

Pwn2Own2017

Chrome Remains the Winner in Browser Security

https://securityzap.com/pwn2own-2017-chrome-remains-winner-browser-security/

Will stay unpatched

http://www.isssource.com/microsoft-zero-day-to-stay-unpatched/

Pentesting whiteboards

https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-one-line-web-client

https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-get-firewall-rules

https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-built-in-port-scanner

https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-add-a-firewall-rule

https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-bash-find-juicy-stuff-in-the-file-system

https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-bash-sudo-make-me-a-sandwich

https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-cmd-exe-c-wmic-process

https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-cmd-exe-c-netsh-interface

https://pen-testing.sans.org/blog/2017/03/06/pen-test-poster-white-board-powershell-ping-sweeper

https://pen-testing.sans.org/blog/2017/03/03/got-meterpreter-pivotpowpy

https://pen-testing.sans.org/blog/2017/02/28/pen-test-poster-white-board-bash-make-output-easier-to-read

https://pen-testing.sans.org/blog/2017/02/21/pen-test-poster-white-board-bash-check-service-every-second

Rootkit Tricks

a few links:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682489(v=vs.85).aspx
http://stackoverflow.com/questions/4021307/enumprocesses-vs-createtoolhelp32snapshot
https://books.google.com/books?id=ifQPC86G66sC&pg=PA437&lpg=PA437&dq=CreateToolhelp32Snapshot()
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682631(v=vs.85).aspx

A few other windows things:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724947(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms646293(v=vs.85).aspx

Hide console shellcode

Windows x86 Hide Console Window Shellcode https://packetstormsecurity.com/files/141586/winx86hide-shellcode.txt

Linux file read

Linux/x86 File Reader Shellcode https://packetstormsecurity.com/files/141698/linuxx86filereader-shellcode.txt

Create File Shellcode

CreateFile Shellcode https://packetstormsecurity.com/files/141707/createfile-shellcode.c

Directory search shellcode

Windows x86 Executable Directory Search Shellcode

https://packetstormsecurity.com/files/141333/win86execdirsearch-shellcode.txt

Random Linux Shellcode

Linux x86_64 Random Listener Shellcode https://packetstormsecurity.com/files/141332/linuxrandom-shellcode.txt

Explain 'getsystem'

https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/

https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/

http://carnal0wnage.attackresearch.com/2010/01/metasploit-getsystem-command.html?m=1

http://www.khromozome.com/windows-privilege-escalation-bypassuac/

https://www.redspin.com/it-security-blog/2010/02/getsystem-privilege-escalation-via-metasploit/

Pages

Pages

CTF Levels