내가 좋아할 만한 콘텐츠
Patching one technique doesn't close the entire attack vector. dMSA abuse is still a problem, and @_logangoins just dropped a reality check with new tooling to prove it. Learn more about the issue & the new BadTakeover BOF. ghst.ly/42POg9L
Seeing new #NetSupport campaigns that use a new PowerShell-based loader that drops/executes NetSupport and deletes RunMRU registry values in order to hide evidence of #ClickFix execution! This one has a licensee named KAKAN, though is likely related to EVALUSION campaigns. C2:…
Malware development Series - COFF injection and in-memory execution TLDR; This blog will explore and try to implement to execute code, a COFF object file loader, which is similar to BOF. 0xpat.github.io/Malware_develo…
🔥 SharkStealer - a Golang infostealer - uses the BNB Smart Chain (BSC) Testnet to resolve its C2 communication channels ("EtherHiding"). vmray.com/analyses/shark… 🔍 In a nutshell: - EtherHiding is a technique where threat actors store part of their infection chain (code or…
Here's my latest research. I decided to dive in to exploring Polymorphic PIC shellcode and walk the reader through the process of creating their own loader via x64 assembly code and Python. Thanks for your support and feedback as always. Enjoy! g3tsyst3m.com/shellcode/pic/…
Inside x64 SEH on Windows - A deep dive into modern Windows structured exception handling #ReverseEngineering #WindowsInternals blog.elmo.sg/posts/structur…
❄️[New Video] - The Most Overlooked Bug in Web Apps: HTTP Request Smuggling (Deep Dive) (P.S. Only Real Wannabe Hackers can Watch it) youtu.be/6Zck1649AP0
![medusa_0xf's tweet image. ❄️[New Video] - The Most Overlooked Bug in Web Apps: HTTP Request Smuggling (Deep Dive)
(P.S. Only Real Wannabe Hackers can Watch it)
youtu.be/6Zck1649AP0](https://pbs.twimg.com/media/G3ZtDsgWIAAdq_U.jpg)
Find hidden Endpoint - by: Sina Yeganeh ✨ -raw.githubusercontent.com/sinaayeganeh/F… #cybersec #infosec #bugbountytips
Fun little IOC in impacket-smbserver's Negotiate Protocol Response 🙃
Exploitation of CVE-2025–9961: authenticated remote code execution via the CWMP binary on TP-Link AX10 and AX1500 blog.byteray.co.uk/exploiting-zer… #infosec
🌐 We Hacked the npm Supply Chain of 36 Million Weekly Installs Blog: landh.tech/blog/20251003-… author: @0xLupin
The X64 Stack offensivecraft.wordpress.com/2023/02/11/the… #x64 #assembly #security #reverseengineering
Exploring Windows Defender Detection History - a file containing key forensic information like the threat file's hash, file path, initiating process, associated users, and detection/remediation timestamps. Team at Orange Defense reverse engineered the file format and internals.…
this was meant to be a simple debugging tool, but ended up being a full barebones, concurrent RFC1928 (SOCKS5) server. unnecessarily fast, very simple. gophers that are interested in learning SOCKS5 protocol may find this useful (hopefully someone does) gist.github.com/yunginnanet/c8…
Rest in Peace to @yunginnanet a/k/a Kayos. I'm at a total loss of words. I have no idea what to say. When vx-underground first started him, and his friends with ThugCrowd, were the first to offer us hosting when no one else would. He helped us before anyone gave a shit about the…
🧩 Chrome Exploitation 101: The Architecture Blog: opzero.ru/en/press/101-c… author: @opzero_en
United States 트렌드
- 1. Wemby 100K posts
- 2. Spurs 56.3K posts
- 3. #QueenRadio 23.3K posts
- 4. Cooper Flagg 14.3K posts
- 5. Mavs 19.7K posts
- 6. Victor Wembanyama 36.4K posts
- 7. Talus Labs 15.6K posts
- 8. Clippers 12K posts
- 9. Anthony Edwards 7,516 posts
- 10. Downstairs 4,816 posts
- 11. Dillon Brooks 1,469 posts
- 12. Anthony Davis 7,989 posts
- 13. Maxey 12.4K posts
- 14. #PorVida 2,734 posts
- 15. Klay 8,397 posts
- 16. Suns 16.8K posts
- 17. #INDvsAUS 33.4K posts
- 18. VJ Edgecombe 28.1K posts
- 19. Jazz 23.6K posts
- 20. Embiid 14.8K posts
Something went wrong.
Something went wrong.