The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
#WINDOWS

The site for people they like to build Network Servers with CentOS, Ubuntu, Fedora, Debian, Windows Server.

My name is Brandon Marshall (aka Marsh) I am currently working as an Offensive Security Researcher. A majority of my time is spent developing internal Red Team tooling, reverse engineering, and exploit creation.

The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios.

Hacker, red teamer, researcher. Likes to write infosec-focussed Python tools. This is my personal blog containing research on topics I find interesting, such as (Azure) Active Directory internals, protocols and vulnerabilities.

Get to know Windows 11, the Windows that brings you closer to what you love.News and features for people who use and are interested in Windows, including announcements from Microsoft and its partners.News and more about hardware products from Microso.

Learn to safeguard your organization's AI with guidance and best practices from the industry leading Microsoft AI Red Team.

Extremely passionate about Windows exploit development, internals, C, Assembly, or anything low-level.

Build skills that open doors. See all you can do with documentation, hands-on training, and certifications to help you get the most from Microsoft products.

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers.

At this site, you can get a lot of free material. Indeed, this site exists primarily to supply you with free samples as a means of encouraging your attention.

MalAPI.io maps Windows APIs to common techniques used by malware.

Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.

Deepen your security knowledge and gain a fundamental understanding of a variety of cybersecurity, identity, and compliance topics and best practices.

This is a cross-reference of the ReactOS source code produced using the excellent Doxygen package. It is refreshed on a daily basis.

Expert coverage on security matters such as zero trust, identity and access management, threat protection, information protection, and security management.

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.

Training services from Alex Ionescu and Yarden Shafir.

These are notes about all things focusing on, but not limited to, red teaming and offensive security.

Combat in the kernel space -Its Pointy and it HURTS!

Living Off The Land Payload Generator.

An advanced, low-level programer's guide to Windows NT Kernel, Native API and drivers.

This project is aimed at providing technical guides on various hacking topics. The most advanced topics are Active Directory and Web services. Other topics will be added. The ultimate goal is centralize all hacking techniques.

This collection of Native API header files has been maintained since 2009 for the Process Hacker project, and is the most up-to-date set of Native API definitions that we know of. We have gathered these definitions from official Microsoft header files and symbol files, as well as a lot of reverse engineering and guessing. See phnt.h for more information.

Take a look into the depths of Windows kernels and reveal more than 60000 undocumented structures.

A tutorial website, we share Microsoft Windows Server, Linux Server, Firewalls, Cloud, Virtualization, and Networking related tutorials.

NEW

Get the latest information, insights, and news from Microsoft.

Think out of the box. This blog talks about computer security. Tutorials about buffer overflow, Active Directory, everything is explained with examples.