Week 12 In Review – 2017

Events Related

  • BSidesSF 2017 – www.youtube.com
    Security BSides San Francisco is a two-day information security conference. It is a conference by the community for the community.

 

Tools

  • XSSJacking – github.com
    This is an attack that can trigger Self-XSS if the page in question is also vulnerable to Clickjacking.
  • UAC Bypass
    A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning. The technique revolves around the notion of “auto-elevation,” which is a state that Microsoft assigns to various trusted binaries.

Techniques

  • GitHub Enterprise Remote Code Execution – exablue.de
    Everyone uses GitHub. If you have huge amount of green paper or you are very paranoid about your code, you can run your own GitHub. For $2,500 USD per 10 user years you get GitHub Enterprise: A virtual machine containing a fully-featured GitHub instance. Despite a few edge cases that are handled with an occasional GitHub.enterprise? invocation, it runs the same code base as the original.