내가 좋아할 만한 콘텐츠
🚨 If you haven’t tested your Microsoft 365 environment like an APT, the time is now! Introducing msInvader, an adversary simulation tool designed to emulate attack techniques within M365 and Azure environments. 🔑 Key Features: •Versatile Authentication Simulation: 🔄 Supports…
At #Pwn2Own Ireland, our team successfully exploited vulnerabilities in the Lorex 2K Indoor WiFi Camera. Check out our blog for the full technical breakdown: blog.infosectcbr.com.au/2024/12/exploi…
Today James Forshaw (@tiraniddo) did a quick assessment on the new Windows 11 Sudo.exe. Despite his quick assessment, the blog post is wonderful. It is an excellent read. We recommend it:) tl;dr fancier ShellExecute 😭 tiraniddo.dev/2024/02/sudo-o…
Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👇
🚨 Beware, Mac users! MetaStealer, a new info-stealer #malware, is targeting #macOS. Learn how it's posing as prospective clients to trick victims into launching malicious payloads. Learn more: thehackernews.com/2023/09/beware… #cybersecurity #hacking
Zero-click iOS exploits (@citizenlab), in-the-wild Chrome 0day, physical/mobile RE writeup (@elttam), Linux LPE (@SidewayRE), and more! blog.badsectorlabs.com/last-week-in-s…
blog.badsectorlabs.com
Last Week in Security (LWiS) - 2023-09-11
Zero-click iOS exploits (@citizenlab), in-the-wild Chrome 0day, physical/mobile RE writeup (@elttam), Linux LPE (@SidewayRE), Protected Process Dumper (@tastypepperoni), and more!
In our latest post, @breakfix details how we were able to publish a malicious VSCode extension to the marketplace and leverage it for initial access during a red team mdsec.co.uk/2023/08/levera… vimeo.com/853281700?shar…
vimeo.com
Vimeo
Phishing with Visual Studio Code
Here is my #exploit and blog post for the VMWare Aria Operations for Networks which has CVSS 9.8 and targets all the versions from 6.0 to 6.10 (CVE-2023-34039) Apparently VMware forgot to regenerate their SSH keys 🔐 summoning.team/blog/vmware-vr…
Forget vulnerable drivers - Admin is all you need Article 👉 elastic.co/security-labs/… 👇 Demo - enable sound 🔊
Here is PoC for LPE in Windows Error Reporting Service CVE-2023-36874 github.com/Wh04m1001/CVE-…
If you need to get information on a GitHub account, You can try GitSint, which allows you to retrieve information on #github through username, email, and organization. github.com/N0rz3/GitSint @norze15 #OSINT #cli #tool #intelligence #infosec #CTI #ThreatIntel #cybersecurity
Big news! Someone finally noticed that if you hold down CTRL, the process list in Task Manager conveniently freezes so you can select rows without them jumping around. I did this so you could sort by CPU and other dynamic columns but then still be able to click stuff...
Really cool lists for hash cracking I just stumbled upon: github.com/kaonashi-passw…
Asking Android Developers About Security youtube.com/watch?v=-X03UK…
youtube.com
YouTube
Asking Android Developers About Security at Droidcon Berlin
Phishing emails making use of the "search-ms" URI protocol handler to download malicious payload. trellix.com/en-us/about/ne… ClickOnce APT Group also use these technology. <script> window.location.href = 'search-ms:query=Review&crumb=location: \\\\domain@SSL\…
Good new everyone! MinecraftLauncher.exe is susceptible to DLL sideloading. And YES, it is digitally signed by Mojang. EDRs have no idea what's coming for them😌
🚨 Alert! A new #malware strain called AVrecon has quietly targeted over 70,000 small office/home office (SOHO) routers worldwide, forming a massive botnet of 40,000 nodes across 20 countries. Read: thehackernews.com/2023/07/new-so… #cybersecurity #infosec #informationsecurity
🚀Evil QR - Phishing With QR Codes 🪝🐟 Just released some fun research on how to perform phishing with QR codes. Enjoy the blog post and a demo video! I've also published Evil QR toolkit on GH, which you can use to see how the attack works in practice breakdev.org/evilqr-phishin…
Just published a new blog post covering how to hide Beacon during BOF execution. If your BOF triggers a memory scan then EDR is likely to find Beacon and kill your process, but we can mask it using a simple technique. securityintelligence.com/posts/how-to-h…
Today I'm releasing AtlasReaper, a .NET tool designed for red teamers to interact with Confluence and Jira via C2 agents. Discover secrets and launch targeted attacks. Check out the blogpost for more details: medium.com/@werdhaihai/7a… Github Repo: github.com/werdhaihai/Atl…
United States 트렌드
- 1. #SmackDown 35.9K posts
- 2. Louisville 11.1K posts
- 3. George Santos 54.4K posts
- 4. Geno 8,547 posts
- 5. Carson Beck 2,329 posts
- 6. Ilja 15.7K posts
- 7. Cal Raleigh 4,963 posts
- 8. #SeizeTheMoment 7,742 posts
- 9. Chris Bell N/A
- 10. Ohtani 24.6K posts
- 11. Miami 77.9K posts
- 12. Grand Slam 7,348 posts
- 13. Springer 9,129 posts
- 14. #OPLive 1,369 posts
- 15. Sami 23.5K posts
- 16. Raiola 1,529 posts
- 17. #ALCS 5,721 posts
- 18. Big Dumper 2,607 posts
- 19. #DaytimeEmmys 4,164 posts
- 20. Malachi Toney 1,268 posts
내가 좋아할 만한 콘텐츠
-
Daniel
@VirtualAllocEx -
Matt Hand
@matterpreter -
Lee Chagolla-Christensen
@tifkin_ -
Bad Sector Labs
@badsectorlabs -
Charlie Clark
@exploitph -
Bobby Cooke
@0xBoku -
SkelSec
@SkelSec -
Charlie Bromberg « Shutdown »
@_nwodtuhs -
Matt Eidelberg
@Tyl0us -
Outflank
@OutflankNL -
LuemmelSec
@theluemmel -
Andrea P
@decoder_it -
Emeric Nasi
@EmericNasi -
Scott Sutherland
@_nullbind -
CCob🏴
@_EthicalChaos_
Something went wrong.
Something went wrong.