From medium.com: In the Fall of 2019, I joined the Splunk Global Security organization to build Splunk’s internal threat hunting program.

adhosts - The core of PiHole in a single minimal script

From github.com: Minimal composite ad-blocking hosts file generator - cbdevnet/adhosts

Cisco Password Cracking and Decrypting Guide

From www.infosecmatter.com: This guide covers common Cisco password types (0, 4, 5, 7, 8 and 9) and provides instructions on how to decrypt then or crack them using Hashcat or John the Ripper

Password stealer Trojan - Malware analysis

From malwr-analysis.com: Hi, I got this sample of malware shared on VirusBay.

Technical security information from across Microsoft

From docs.microsoft.com: Technical security information from across Microsoft

CVE-2020-8816 – Pi-hole Remote Code Execution – Detailed write-up about the vulnerability and exploitation proof of concept

From natedotred.wordpress.com: Impact Pi-hole is affected by a Remote Code Execution vulnerability.

ScoutSuite 5.8.0 Released - multi-cloud security-auditing tool with AWS, Azure and GCP improvements

From research.nccgroup.com: Quick note to say we’ve released ScoutSuite 5.8.0 on Github with the following features:

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.

From github.com: Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime - m0bilesecurity/RMS-Runtime-Mobile-Security

Hackers are targeting your kids to infect Android and Chromebook devices with malware

From www.laptopmag.com: Researchers found 24 kid-targeted Android apps with malware

Insanely Detailed Crash Course in x86_64 Assembly

From revers.engineering: Part 1 of the x86_64 assembly crash course for people looking to learn how to reverse engineer, read assembly, and understand how exploits work.

Detecting Privacy Badger’s Canvas FP detection

From adtechmadness.wordpress.com: Hello readers!

Zoom iOS app sending data to Facebook even w/o FB account

From 9to5mac.com: The Zoom iOS app is sharing data with Facebook, without declaring it in the privacy policy.

Understanding Kerberoast attack in Active Directory

From en.hackndo.com: This article aims to explain the Kerberoasting attack principle, based on the TGS request and the SPN attributes of Active Directory accounts.

A deep dive into disable_functions bypasses and PHP exploitation (long post with internals, fuzzing & examples)

From www.blackarrow.net: Article about how disable_functions works in PHP and how to find bypasses

Detecting authentication credentials leaked over HTTP

From bento.dev: A check for the Requests library to detect credentials sent over HTTP

Learning Music Theory With Python Programming

From github.com: music theory helper.

Micropatching Unknown 0days in Windows Type 1 Font Parsing

From blog.0patch.com: We can't fix what we don't know, but we can block exploitation in a highly convenient way by Mitja Kolsek, the 0patch Team Three.