Weekly Reads

I read a lot of blog posts related to the InfoSec industry because I love learning. I have decided to keep a record of the best blog posts and tools I discover each week.

22 - 28 February 2021

• https://itm4n.github.io/windows-registry-rpceptmapper-exploit/ - A detailed write-up of the previously mentioned Perfusion tool, which includes a neat trick for getting an interactive SYSTEM shell.
• https://blog.joeminicucci.com/2021/who-let-the-arps-out-from-arp-spoof-to-domain-compromise - I always find ARP spoofing a viable method on internal networks, and this blog demonstrates how it lead to Domain Admin.
• https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm/ - This is an amazing toolkit for poisoning file shares with hash leaking canaries. I look forward to testing it on future Red Teams / Internals.

15 - 21 February 2021

• https://www.ambionics.io/blog/symfony-secret-fragment - This got me RCE on a webapp test. Absolutely amazing work, and high-caliber write-up.
• https://alephsecurity.com/2021/02/16/apport-lpe/ - Cool method to get root on all versions of Ubuntu dating back to 12.04. PoC linked at the end.

8 - 14 February 2021

• Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
• Bypassing LastPass’s “Advanced” YubiKey MFA: A MITM Phishing Attack
• System Threads and their elusiveness. ‘Practical Reverse Engineering’ solutions - Part 2
• Relay Attacks via Cobalt Strike Beacons
• Relaying 101
• Perfusion - Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012 privilege escalation. PoC included.