#Red_Team_Tactics
1. Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
2. Abusing Reddit API to host the C2 traffic
https://github.com/kleiton0x00/RedditC2
3. Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
1. Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
2. Abusing Reddit API to host the C2 traffic
https://github.com/kleiton0x00/RedditC2
3. Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
👻1
COVID-bit.pdf
10.1 MB
#Research
"COVID-bit: Keep a Distance of (at least) 2m From My Air-Gap Computer", Dec. 2022.
"COVID-bit: Keep a Distance of (at least) 2m From My Air-Gap Computer", Dec. 2022.
#tools
#Offensive_security
1. smsgate - open source SMS gateway for pentest projects
https://github.com/pentagridsec/smsgate
]-> https://www.pentagrid.ch/en/blog/open-source-sms-gateway-for-pentest-projects
2. r4ven - Track IP and GPS Location
https://github.com/spyboy-productions/r4ven
#Offensive_security
1. smsgate - open source SMS gateway for pentest projects
https://github.com/pentagridsec/smsgate
]-> https://www.pentagrid.ch/en/blog/open-source-sms-gateway-for-pentest-projects
2. r4ven - Track IP and GPS Location
https://github.com/spyboy-productions/r4ven
GitHub
GitHub - pentagridsec/smsgate: SMSgate is an open source Python-based server for sending and especially receiving SMS using multiple…
SMSgate is an open source Python-based server for sending and especially receiving SMS using multiple GSM modems and SIM cards. - pentagridsec/smsgate
WiPeep.pdf
2.8 MB
#WLAN_Security
"Non-Cooperative Wi-Fi Localization & its Privacy Implications", 2022.
// A new location revealing privacy attack on non-cooperative Wi-Fi devices
"Non-Cooperative Wi-Fi Localization & its Privacy Implications", 2022.
// A new location revealing privacy attack on non-cooperative Wi-Fi devices
👻1
#exploit
1. CVE-2022-23475:
daloRADIUS Vulnerablity
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app
2. Django RCE(DJRCE) exploitation with leaked SECRET_KEY variable
https://github.com/0xuf/DJRCE
3. Exploit collection for some Service DCOM Object LPE vulnerability (by SeImpersonatePrivilege abuse)
https://github.com/zcgonvh/DCOMPotato
1. CVE-2022-23475:
daloRADIUS Vulnerablity
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app
2. Django RCE(DJRCE) exploitation with leaked SECRET_KEY variable
https://github.com/0xuf/DJRCE
3. Exploit collection for some Service DCOM Object LPE vulnerability (by SeImpersonatePrivilege abuse)
https://github.com/zcgonvh/DCOMPotato
Daily CyberSecurity
CVE-2022-23475: Account take over flaw in open source RADIUS web management app
daloRADIUS project addressed a high-security vulnerability (CVE-2022-23475), if successfully exploited, could result in an account takeover.
👻1
Aikido_Turning_EDRs_Malicious_Wipers.pdf
2.6 MB
#Threat_Research
BlackHat Europe 2022:
"Turning EDRs to malicious wipers using 0-day exploits".
]-> https://github.com/SafeBreach-Labs/aikido_wiper
BlackHat Europe 2022:
"Turning EDRs to malicious wipers using 0-day exploits".
]-> https://github.com/SafeBreach-Labs/aikido_wiper
Forwarded from 卩ro 爪Cracker
DCOMPotato-master.zip
70.2 KB
#Exploit collection for some Service #DCOM Object local privalege escalation vulnerability(by SeImpersonatePrivilege abuse)
https://github.com/zcgonvh/DCOMPotato
https://github.com/zcgonvh/DCOMPotato
Forwarded from 卩ro 爪Cracker
Hacking the Furbo Dog Camera: Part III
https://ift.tt/Lt4OqH7
Submitted December 09, 2022 at 02:29AM by somersetrecon
via reddit https://ift.tt/1RVGUd7
https://ift.tt/Lt4OqH7
Submitted December 09, 2022 at 02:29AM by somersetrecon
via reddit https://ift.tt/1RVGUd7
Somerset Recon
Hacking the Furbo Dog Camera: Part III Fun with Firmware — Somerset Recon
We’re back with another entry in our Furbo hacking escapade! In our last post we mentioned we were taking a look at the then recently released Furbo Mini device and we are finally getting around to writing about what we found. Background Some time in the…
Forwarded from 卩ro 爪Cracker
Using ChatGPT to Generate Phishing Campaigns
https://ift.tt/jg86Dzk
Submitted December 09, 2022 at 08:32AM by rickyrockslide
via reddit https://ift.tt/cNmWALR
https://ift.tt/jg86Dzk
Submitted December 09, 2022 at 08:32AM by rickyrockslide
via reddit https://ift.tt/cNmWALR
Richardosgood
Using OpenAI Chat to Generate Phishing Campaigns
Generating phishing campaigns with OpenAI Chat and GPT-3
Forwarded from 卩ro 爪Cracker
Testing a mobile app using a device you don’t have
https://ift.tt/pJE7iLC
Submitted December 09, 2022 at 08:43PM by Necessary-Reality-80
via reddit https://ift.tt/lT8Pn6A
https://ift.tt/pJE7iLC
Submitted December 09, 2022 at 08:43PM by Necessary-Reality-80
via reddit https://ift.tt/lT8Pn6A
SIGTRAN - SS7 Over IP from Beginner to Expert level
Become Expert in SIGTRAN - Signaling Transport over IP Networks
SIGTRAN is the name of a group of telecommunications protocols designed to interoperate between traditional telephony and VoIP. The name is formed from the words signaling and transport and was given by the Internet Engineering Task Force (IETF), which develops specifications for a family of protocols that provide reliable datagram services and user level adaptation for Shared Channel System No. 7 (SS7) and ISDN. SIGTRAN protocols are an extension of the SS7 family of protocols. They support the same applications and call control paradigms as SS7, but use the Internet Protocol (IP) for addressing and are transmitted over SCTP. The working group in the IETF closed in March 2009 as having served its purpose.
What you'll learn
Sigtran Signaling Networks
Sigtran Network Protocols
Signaling messages
Sigtran Protocol Stack
◽️ SIGTRAN Introduction & Giving a reminder about SS7 Networks.
◽️ A Brief about TCP & UDP Protocols.
◽️ SIGTRAN Network Architecture
◽️ SIGTRAN vs SS7 Stack
◽️ IP Layer
◽️ SCTP Layer
◽️ Adaptation Layer (SUA , M3UA , M2PA , M2UA )
◽️ SIGTRAN newly introduced protocols identifying their messages.
Become Expert in SIGTRAN - Signaling Transport over IP Networks
SIGTRAN is the name of a group of telecommunications protocols designed to interoperate between traditional telephony and VoIP. The name is formed from the words signaling and transport and was given by the Internet Engineering Task Force (IETF), which develops specifications for a family of protocols that provide reliable datagram services and user level adaptation for Shared Channel System No. 7 (SS7) and ISDN. SIGTRAN protocols are an extension of the SS7 family of protocols. They support the same applications and call control paradigms as SS7, but use the Internet Protocol (IP) for addressing and are transmitted over SCTP. The working group in the IETF closed in March 2009 as having served its purpose.
What you'll learn
Sigtran Signaling Networks
Sigtran Network Protocols
Signaling messages
Sigtran Protocol Stack
◽️ SIGTRAN Introduction & Giving a reminder about SS7 Networks.
◽️ A Brief about TCP & UDP Protocols.
◽️ SIGTRAN Network Architecture
◽️ SIGTRAN vs SS7 Stack
◽️ IP Layer
◽️ SCTP Layer
◽️ Adaptation Layer (SUA , M3UA , M2PA , M2UA )
◽️ SIGTRAN newly introduced protocols identifying their messages.
Media is too big
VIEW IN TELEGRAM
2. SS7 Signaling System No.7 Revise
This media is not supported in your browser
VIEW IN TELEGRAM
3. TCP & UDP Protocols