Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

Endlessh: an SSH Tarpit
–> Endlessh - null program <–

pretty network packets in your terminal
–> pdml2sbud - shift or die <–



Talks & Knowledge

Real-World Attack Scenario: From Blind, Timing-Based SQL Injection To Windows Domain Administrator
–> from SQLi to AD Admin - Depth Security <–

Paper: Leaked authentication secrets rampant across GitHub
–> GitHub Repos with auth infos - SC Magazine <–

Rumble Network Discovery Beta 2
–> Rumble Network Discovery Beta 2 - Critical Research <–



Threats

Multiple vulnerabilities in the web interface of the Cisco IP Phone 7800 and 8800 series [MZ-19-01]
–> CVE-2019-1716 / CVE-2019-1763 / CVE-2019-1766 / CVE-2019-1765 / CVE-2019-1764 - modzero <–

Operation ShadowHammer
–> Operation ShadowHammer - Kaspersky Lab <–

ABUS Secvest Remote Control Denial Of Service
–> CVE-2019-9860 - packet storm Security <–