Welcome to the wiki where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
Vu ici: https://twitter.com/bluetouff/status/1746971240907055571
Un outil tout frais et bien pratique pour retrouver les exploits associés aux #CVE (pensez à pip install tabulate si vous ne l'avez pas déjà installé)
Exploitation de failles en local
dont la majorité de https://gtfobins.github.io/
(équivalent pour Windows tps://lolbas-project.github.io/# )
This blogpost was created due to a mistake from Microsoft, releasing publicly an advance warning for CVE-2020-0796. CVE-2020-0796, also nicknamed "SMBGhost" or "Coronablue" is a vulnerability impacting SMBv3.1.1 servers and clients and currently has no fix (12/03/2020).
In this post I’ll describe how I found a remote code execution bug in Ubuntu Desktop which affects all default installations >= 12.10 (Quantal). The bug allows for reliable code https://www.cyberciti.biz/faq/ubuntu-linux-install-pi-hole-with-a-openvpn/ …
A blog about security research, web application security, software bugs and exploits.