A new evasion technique known as "EDR-Freeze" has emerged, changing the way attackers neutralize endpoint security. Unlike traditional methods that attempt to crash or terminate security software (which often triggers alerts), EDR-Freeze suspends the security process entirely,…
The flaw allows attackers to gain SYSTEM privileges on Windows Server 2025 via a new NTLM relay attack that bypasses LDAP Channel Binding. PoC available! #WindowsServer #InfoSec #CVE #NTLM #CyberSecurity securityonline.info/poc-exploit-re…
Bypassing PPL in Userland TLDR: bypass the latest mitigation implemented by Microsoft and develop a new Userland exploit for injecting arbitrary code in a PPL with the highest signer type. itm4n.github.io/bypassing-ppl-…
🔥 ZoomEye Black Friday – LIFETIME Deals 🔥 ⏰ Nov 27, 10:00 HKT – Limited Stock 💥 Lifetime Plans - One payment, access forever! 1. Membership — $149 Access to all standard features. Perfect for Pentesters & Researchers. 2. Membership Pro — $999 Includes everything in…
Administrator Protection in Windows 25H2 Changes Everything With update KB5067036, Windows quietly introduced Administrator Protection, and it changes how Windows handles admin rights. Until now, being a local admin meant living like Clark Kent: doing normal tasks in plain…
Google Dork - Code Leaks 🔑 site:pastebin. com "example. com" site:jsfiddle. net "example. com" site:codebeautify. org "example. com" site:codepen. io "example. com" Check for code snippets, secrets, configs 👀
You got access to vsphere and want to compromise the Windows hosts running on that ESX? 💡 1) Create a clone into a new template of the target VM 2) Download the VMDK file of the template from the storage 3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY (1/3)
Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳
Google Dork - XSS Prone Parameters 🔥 site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& Test for XSS in param value: '"><img src=x onerror=alert()> Credit: @TakSec #infosec #bugbounty #bugbountytips
![viehgroup's tweet image. Google Dork - XSS Prone Parameters 🔥
site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&amp;
Test for XSS in param value:
'"&gt;&lt;img src=x onerror=alert()&gt;
Credit: @TakSec
#infosec #bugbounty #bugbountytips](https://pbs.twimg.com/media/G1TO7a7WEAAiLBH.png)
Google Dork - APIs Endpoints ⚙️ site:example[.]com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3 Find hidden APIs, try techniques 👨💻
![TakSec's tweet image. Google Dork - APIs Endpoints ⚙️
site:example[.]com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3
Find hidden APIs, try techniques 👨💻](https://pbs.twimg.com/media/G1Drt7hbUAAZkAv.png)
WOW!!! temp43487580.github.io/intune/bypass-… @TEMP43487580 such a good post!!! it is so well written, interesting research and great results! Thank you! 🤩
#malware "clipup.exe" in System32 is very powerful. It can destroy the executable file of the EDR service 😉. Experimenting with overwriting the MsMpEng.exe file github: /2x7EQ13/CreateProcessAsPPL #redteam #BlueTeam
"Localhost tracking" - How Meta bypassed Android sandboxing to track users browsing other websites with Meta's embedded pixel. Fun fact: 22% of the most visited websites across the world embed Meta's pixel. zeropartydata.es/p/localhost-tr…
#malware If you use a directory symlink path to create a process, Process Explorer will interpret the Path and Command Line of this process as the path containing the symlink, rather than the location of the executable file 🤔 #redteam #code
Attackers exploit Google Translate to hide their assets from security vendors. securelist.com/new-phishing-a…
United States 趨勢
- 1. Spotify 1.29M posts
- 2. #WhyIChime N/A
- 3. Chris Paul 40.2K posts
- 4. Clippers 55.1K posts
- 5. Ty Lue 5,181 posts
- 6. Hartline 13.9K posts
- 7. Giannis 25.9K posts
- 8. Apple Music 234K posts
- 9. Henry Cuellar 11K posts
- 10. SNAP 168K posts
- 11. ethan hawke 6,685 posts
- 12. #HappyBirthdayJin 119K posts
- 13. David Corenswet 10.6K posts
- 14. Lawrence Frank 3,972 posts
- 15. Jonathan Bailey 11.5K posts
- 16. Duncan 8,187 posts
- 17. Jack Smith 22.9K posts
- 18. Chris Henry Jr 3,044 posts
- 19. Courtois 7,062 posts
- 20. Garcelle N/A
Something went wrong.
Something went wrong.