Merabytes Cybersecurity
@merabytes
Agencia tecnológica especializada en defensa digital e inteligencia de amenazas.
You might like
I've published a very simple tutorial on exploiting this for RCE on the wonderful @iximiuz. You can try it out here: labs.iximiuz.com/tutorials/node…
Created a script that mounts a Cloudflare R2 bucket as a Volume drive on my Mac. Now I can take my files everywhere I go. And on my Mac it just feels like a native drive of the machine. Uses rclone & macFUSE. Gist below for you to use 🧵
smtp-tunnel-proxy: A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls github.com/x011/smtp-tunn…
Malware development basics 0xf00sec.github.io/0x4a TLDR; This blog focus on execution flow hijacking, dynamic API, and stealth execution via low-level OS structures. Core concepts include direct access to the (PEB), evasion through runtime decryption, and shellcode injection.
SSRF - Internet to Internal #CyberSecurity Try to find the internal domains for targets using tools like crt.sh, shodan, censys, etc. Once you have some domains, blast them into any params you suspect may be susceptible. This one allowed total internal network…
⚠️Hacking Kia: Remotely Controlling Cars With Just a License Plate Full disclosure: samcurry.net/hacking-kia
⚠️Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug ⚠️ wired.com/story/kia-web-…
Amateurs obsess over tools, pros over mastery. It's an easy trap to fall into. I'm asked constantly: "what's the best decompiler for X?" "what's the best programming language for Y?" "what IDE do you use?" The truth is, none of it matters. The mental effort it takes to…
You can now fine-tune Llama 3 without writing a single line of code! We are moving at breakneck speed. I recorded a video to show you how to fine-tune any open-source model in a few minutes. I'm using a GPT capable of taking a problem and turning it into a fine-tuned model…
Google Dork - Sensitive Docs 📄 ext:txt | ext:pdf | ext:xml | ext:xls | ext:xlsx | ext:ppt | ext:pptx | ext:doc | ext:docx intext:“confidential” | intext:“Not for Public Release” | intext:”internal use only” | intext:“do not distribute” Discover internal files 👀
.@kaspersky experts detected unusual malicious activity within a system while investigating an incident. Further analysis revealed that #hackers had employed the open-source hypervisor platform #QEMU for network tunneling. Full report 👇 bit.ly/3Tp8666
Telegram hace años que se convirtió en una Dark Net, grupos de: Pornografía Infantil; venta de credenciales robadas; Carding; Extorsiones; Malware; Drogas; Dinero Falso... Pero se insta el bloqueo por difundir contenidos que infringen la Propiedad Intelectual.
How to SAST: 1. Use @semgrep 2. Get extra rules from @0xdea and @trailofbits 3. Output SARIF and use @trailofbits sarif explorer VSCode extension 4. Tune out noise and don’t send your devs 100k untriaged findings
CVE-2022-22978 Spring Security RegexRequestMatcher Authorization Bypass EXP: %0d or %oa github.com/spring-project… nosec.org/m/share/5006.h…
United States Trends
- 1. Harden N/A
- 2. #WWERaw N/A
- 3. Clippers N/A
- 4. Roman N/A
- 5. Darryn Peterson N/A
- 6. Cavs N/A
- 7. Barlow N/A
- 8. Stephanie N/A
- 9. Raquel N/A
- 10. Texas Tech N/A
- 11. Ty Lue N/A
- 12. Goodell N/A
- 13. Kawhi N/A
- 14. #WrestleMania N/A
- 15. #TheRookie N/A
- 16. Kid Rock N/A
- 17. #kubball N/A
- 18. Mobley N/A
- 19. Zubac N/A
- 20. Christian Anderson N/A
Something went wrong.
Something went wrong.