Interesting Links

3/21

• HALF OF CURL’S VULNERABILITIES ARE C MISTAKES

2/21

• (Very) Basic Intro to Elliptic Curve Cryptography

1/21

• It rather involved being on the other side of this airtight hatchway

• CVE Stuffing

• Privilege Escalation via Python Library Hijacking

• Linux Privilege Escalation Using Capabilities

• Stealing Your Private YouTube Videos, One Frame at a Time

• A Deep Dive Into Hyperjacking

• How I hijacked the top-level domain of a sovereign state

12/20

• Sockets In Your Shell

• Turning the frustration of a mobile game into a reverse engineering training

• Weaknesses in the Key Scheduling Algorithm of RC4

• Removing Exponential Backoff from TCP

• https://readme.localtest.me/

• The Great iPwn : Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit

• Parsing JSON at the CLI: A Practical Introduction to `jq` (and more!)

• Google Dork Techniques

11/20

• SSH Pivoting - Red Team Village CTF Writeup

• .git hacking

• Off-the-Record Communication, or, Why Not To Use PGP

• Exploiting X11 Unauthenticated Access

• Windows Subsystem for Linux: The lost potential

10/20

• Linux and Unix sha1sum command tutorial with examples

• https://github.com/horshark/thm_hacking_encyclopedia/blob/master/THM_hacking_encyclopedia.pdf

• https://blog.cyberhacktics.com/carving-files-from-memory-with-volatility/

• https://blog.cyberhacktics.com/memory-forensics-on-windows-10-with-volatility/

9/20

• Does CSRF prevention also prevent reflected XSS attack

• The 'javascript' resource identifier scheme

• Sources and Sinks - Code Review Basics

• Let’s play a game: what is the deadly bug here?

• https://www.benkuhn.net/autocomplete/

8/20

• Architecture Playbook

• LFI and RFI Attacks

7/20

• A parable about privacy/encryption

• CrackMapExec

• PDF Shadow Attacks

6/20

• Reverse Engineering Snapchat

• SAT solver on top of regex matcher

• What happens when you update your DNS?

• Run Your Own Authoritative DNS Servers

5/20

• PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)

• Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently

• https://emaragkos.gr/resources/

• White hat social engineering: How to become an admin of a system

• STRIDE and Threat Modeling

• Application Security Testing of Thick Client Applications

• BSides SF 2020 CTF: Infrastructure Engineering and Lessons Learned

4/20

• Security 101 Series

• Reverse shell with Netcat: some use cases

• From DnsAdmins to SYSTEM to Domain Compromise

• Microsoft Buys Corp.com So Bad Guys Can’t

• HackTheBox Basic Setup Hosts File