Phishing With Chromium's Application Mode | mr.d0x
https://mrd0x.com/phishing-with-chromium-application-mode/
Vulnerabilidades/proxynotshell_checker.nse at main · CronUp/Vulnerabilidades · GitHub
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse
Cobalt Strike CVE-2022-42948 - YouTube
https://www.youtube.com/watch?v=cjg9FJFoezo
OneListForAll/onelistforallshort.txt at main · six2dez/OneListForAll · GitHub
https://github.com/six2dez/OneListForAll/blob/main/onelistforallshort.txt
Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 - Microsoft Security Blog
https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
GitHub - Greenwolf/ntlm_theft: A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
https://github.com/Greenwolf/ntlm_theft
Will Dormann on Twitter: "Keep an eye on this thread. This new Exchange thing going around appears to be ProxyShell, but for authenticated users. That is, when Microsoft fixed ProxyShell, they only did so for unauthenticated users. A job done!" / Twitter
https://twitter.com/wdormann/status/1575814683910545409
My-Presentation-Slides/2021-The-Proxy-Era-Of-Microsoft-Exchange-Server.pdf at main · orangetw/My-Presentation-Slides · GitHub
https://github.com/orangetw/My-Presentation-Slides/blob/main/data/2021-The-Proxy-Era-Of-Microsoft-Exchange-Server.pdf
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
https://blog.malicious.group/automating-c2-infrastructure-with-terraform-nebula-caddy-and-cobalt-strike/
Scott Galloway on Twitter: "We should change course & require proof of identity on social media. #nomercynomalice https://t.co/o7E0pL1IQ1" / Twitter
https://twitter.com/profgalloway/status/1576186415473303554
mr.d0x on Twitter: "Chromium's application mode can be used to easily build realistic phishing desktop applications. Enjoy. https://t.co/rUolWjd5Ch https://t.co/bRRxPHcVzd" / Twitter
https://twitter.com/mrd0x/status/1576299349578956801
Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security
https://krebsonsecurity.com/2022/09/fake-ciso-profiles-on-linkedin-target-fortune-500s/
Skidaddle Skideldi - I just pwnd your PKI – LuemmelSec – Just an admin on someone else´s computer
https://luemmelsec.github.io/Skidaddle-Skideldi-I-just-pwnd-your-PKI/
Introducing ASNMap: A Golang CLI tool for speedy reconnaissance using ASN data
https://blog.projectdiscovery.io/asnmap/
GitHub - VNCERT-CC/0dayex-checker: Zeroday Microsoft Exchange Server checker (Virtual Patching checker)
https://github.com/VNCERT-CC/0dayex-checker
BlackCat gang claims to have hacked US defense contractor NJVCSecurity Affairs
https://securityaffairs.co/wordpress/136537/cyber-crime/njvc-data-breach.html
Russian Citizens Wage Cyberwar From Within - Kyiv Post - Ukraine's Global Voice
https://www.kyivpost.com/world/russian-citizens-wage-cyberwar-from-within.html
GitHub - smokeme/airstrike
https://github.com/smokeme/airstrike