This repository is a curated list of cool netsec articles from the last couple of years. PRs are welcome.
- analysis
- android
- aws
- azure
- blue-team
- code-review
- cracking
- crypto
- embedded
- exploit
- google-cloud
- ios
- iot
- linux
- netpen
- red-team
- reversing
- web
- wireless
China Chopper Still Active 9 Years Later
State of Industrial Control Systems in Switzerland and Poland
CNAME Cloaking 3rd Party Trackers
Causing a Crash with Instagram Ghost Users
Command Injection with USB Peripherals
Modern Android Password Managers and FLAG_SECURE Misuse
Abusing VPC Traffic Mirroring in AWS
Gaining Persistency on Vulnerable Lambdas
The Technical Side of the Capital One AWS Security Breach
Escalating AWS IAM Privileges with an Undocumented CodeStar API
Subdomain Takeover: Azure Services
Azure Privilege Escalation via Cloud Shell
If You're Not Using SSH Certificates
Kubernetes Pod Escape Using Log Mounts
Container Platform Security at Cruise
Kubernetes Pod Security Best Practices
DNS Spoofing on Kubernetes Clusters
Reverse RDP Attack: Code Execution on Clients
Unauthenticated RCE in YouPHPTube
XML: XXE to RCE in XML Plugins
Bitbucket Path Traversal to RCE
Cryptographic Attacks: A Guide for the Perplexed
Breaking PHP's mt_rand() With Two Values
Firmware Dumping ARM Cortex-M0 SoC
Writing Shellcode for Windows x64
Vulnerabilities in Contactless Payments
Exploiting the WiFi Stack on the Tesla Model S
Exploiting A Palo Alto Firewall Device
Fully Undetectable PE File Backdoor
Basic ROP Techniques and Tricks
Technical analysis of the checkm8 exploit
Analyzing Android's CVE-2019-2215
Privilege Escalation and Post Exploitation in GCP
Journey Over Unsecured IoT Devices with Kamerka
Say Cheese: Ransomwaring a DSLR Camera
Reverse Engineering of a Not-so-secure IoT Device
Blink Camera Command Injection Flaws
dirty_sock Privilege Escalation
Pillaging the Jenkins Treasure Chest
Abusing Slack's TURN Servers to Gain Access to Internal Services
Bypassing Authentication on SSH Bastions
Trick for Executing Unsigned Binaries
Internal Domain Name Collision
I was 7 Words Away from Being Phished
Phishing Users wiht MFA on AWS
Nuget/Squirrel Uncontrolled Endpoints
Red Teamer's Guide to Pulse Secure SSL VPN
Stealthier Persistence Using Services Vulnerable to Path Interception
Building a Basic Physical Red Team Skill Set
Public SSH Keys can Leak Private Infrastructure
19 Year Old Code Execution in Winrar
COModo: From Sandbox to SYSTEM
Reversing an Oppo ozip Encryption key from Encrypted Firmware
Select code_execution FROM * USING SQLite
Rooting RouterOS with a USB Drive
Using LIEF and Katai Against an Encrypted Protocol
Deanonymization via Clickjacking
Stealing Private Keys from a Secure File Sharing Service
Compromising Lastpass Users Using Reverse Proxies
GOTCHA: Why X-FRAME-OPTIONS Matter on API Endpoints
Abusing PHP Query String for Bypassing Purposes
How I Could Have Hacked Any Instagram Account
Wordpress Privilege Escalation
Creative Attack Chain to Compromise a Web Application
Webmin 0day RCE Using Command Injection
NVIDIA GeForce Experience OS Command Injection
1 Click RCE with Skype Web Plugin and Qt Apps
A Questionable Journey from XSS to RCE
Abusing Webapp Filesystem Function to Steal NTLMv2
OK Google, Bypass the Authentication
The Bug that Exposed Your Paypal Password
Account Takeover Via HTTP Request Smuggling
How to Create an Evil LTE Twin
Windows Error Reporting Manager Privilege Escalation
OEM Software Puts Multiple Laptops at Risk
Local Privilege Escalation on Dell Machines
Kernel Write-What-Where in Qualcomm Driver
Steam Windows Client Local Privilege Escalation 0day
Reverse RDP Attack: The Hyper-V Connection
One More Steam Windows Client Local Privilege Escalation 0day
Trend Micro Local Privilege Escalation
Another Trend Micro Privilege Escalation
Elevation to SYSTEM via the UPnP Host Service