Forwarded from Deadly malware xp
#exploit
SSRF attack on MySQL Server with password using php-curl
https://github.com/wupco/rwctf2023-ASTLIBRA
SSRF attack on MySQL Server with password using php-curl
https://github.com/wupco/rwctf2023-ASTLIBRA
GitHub
GitHub - wupco/rwctf2023-ASTLIBRA
Contribute to wupco/rwctf2023-ASTLIBRA development by creating an account on GitHub.
Forwarded from Deadly malware xp
PhiAttack.pdf
179 KB
#Red_Team_Tactics
"PhiAttack: Rewriting the Java Card Class Hierarchy", 2021.
"PhiAttack: Rewriting the Java Card Class Hierarchy", 2021.
Forwarded from Deadly malware xp
Java_Card_Security.pdf
1.3 MB
#Threat_Research
"Good, Bad and Ugly Design of Java Card Security" (Master’s Thesis).
// This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well...
"Good, Bad and Ugly Design of Java Card Security" (Master’s Thesis).
// This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well...
Forwarded from Deadly malware xp
Text_to_SQL_Models.pdf
7.4 MB
Forwarded from Deadly malware xp
#tools
#Blue_Team_Techniques
1. Python script that will help in finding Path Traversal/RCE vulnerability in Apache 2.4.50 (CVE-2021-42013)
https://github.com/walnutsecurity/cve-2021-42013
2. Tool to check for dependency confusion vulnerabilities in multiple package management systems
https://github.com/visma-prodsec/confused
#Blue_Team_Techniques
1. Python script that will help in finding Path Traversal/RCE vulnerability in Apache 2.4.50 (CVE-2021-42013)
https://github.com/walnutsecurity/cve-2021-42013
2. Tool to check for dependency confusion vulnerabilities in multiple package management systems
https://github.com/visma-prodsec/confused
GitHub
GitHub - walnutsecurity/cve-2021-42013: cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote…
cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50 - walnutsecurity/cve-2021-42013
Forwarded from Deadly malware xp
Python_for_Cybersecurity.pdf
8.9 MB
#Tech_book
"Python for Cybersecurity: Using Python for Cyber Offense and Defense", 2022.
"Python for Cybersecurity: Using Python for Cyber Offense and Defense", 2022.
Geolocation Spy (GeoSpy) - is an OSINT analysis and research tool that is used to track and execute intelligent social engineering attacks in real time.
▫️https://github.com/askmetoo/geospy
▫️https://github.com/askmetoo/geospy
2023-01-10 02-44-46.mkv
18.7 MB
⚙️ New Update On AlienFox Ultimate 🦊
Forwarded from Hackershop
Программируемая Карточка NFC RFID
4 930 рублей
#Оборудование
Translation: ru-en
Programmable NFC RFID Card
4 930 rubles
http://ali.pub/2zecs8
4 930 рублей
#Оборудование
Translation: ru-en
Programmable NFC RFID Card
4 930 rubles
http://ali.pub/2zecs8
❤1
Forwarded from Alex $tore
Media is too big
VIEW IN TELEGRAM
My old video 5 years back tracing ip address
👍1🍾1
Forwarded from 卩ro 爪Cracker
ImageMagick Security Policy Evaluator
https://ift.tt/QNghDT3
Submitted January 10, 2023 at 04:52PM by nibblesec
via reddit https://ift.tt/zgW85DB
https://ift.tt/QNghDT3
Submitted January 10, 2023 at 04:52PM by nibblesec
via reddit https://ift.tt/zgW85DB
Doyensec
ImageMagick Security Policy Evaluator
During our audits we occasionally stumble across ImageMagick security policy configuration files (policy.xml), useful for limiting the default behavior and the resources consumed by the library. In the wild, these files often contain a plethora of recommendations…
Forwarded from 卩ro 爪Cracker
An electromagnetic-wave side-channel issue on ARMv8 AES instructions
https://ift.tt/IhmuJPT
Submitted January 10, 2023 at 05:21PM by Gallus
via reddit https://ift.tt/KTE31Sx
https://ift.tt/IhmuJPT
Submitted January 10, 2023 at 05:21PM by Gallus
via reddit https://ift.tt/KTE31Sx
Forwarded from 卩ro 爪Cracker
CVE-2022-39073
Proof of concept for the command injection vulnerability affecting the ZTE MF286R router, including an RCE exploit.
https://github.com/v0lp3/CVE-2022-39073
#cve #exploit
Proof of concept for the command injection vulnerability affecting the ZTE MF286R router, including an RCE exploit.
https://github.com/v0lp3/CVE-2022-39073
#cve #exploit
Forwarded from 卩ro 爪Cracker
DarkWeb ChatGPT PoC
A copy of /User-Pain/ from BreachForums' #ChatGPT Based DNM Script.
https://github.com/D4RK-R4BB1T/DarkWeb_ChatGPT_PoC
A copy of /User-Pain/ from BreachForums' #ChatGPT Based DNM Script.
https://github.com/D4RK-R4BB1T/DarkWeb_ChatGPT_PoC
🍾2
Forwarded from 卩ro 爪Cracker
Antivirus Evasion: Tearing AMSI down with 3 bytes only
https://ift.tt/kMY4CuL
Submitted January 11, 2023 at 02:51AM by juliocesarfort
via reddit https://ift.tt/LhRMPQj
https://ift.tt/kMY4CuL
Submitted January 11, 2023 at 02:51AM by juliocesarfort
via reddit https://ift.tt/LhRMPQj
Blaze Information Security
Antivirus Evasion: Tearing AMSI Down With 3 Bytes Only
This post aims on showcasing one of the many possible techniques for bypassing antivirus solutions through in-memory patching of AMSI instructions.
🏆3
Forwarded from 卩ro 爪Cracker
Taking over a Dead IoT Company
https://ift.tt/2GoPbpf
Submitted January 11, 2023 at 02:38AM by phree_radical
via reddit https://ift.tt/L6GMBgS
https://ift.tt/2GoPbpf
Submitted January 11, 2023 at 02:38AM by phree_radical
via reddit https://ift.tt/L6GMBgS
Kevin Chung
Taking over a Dead IoT Company
5 years after NYCTrainSign collapsed, I investigate why the company failed and end up writing an exploit to take over their fleet.
👍2
Forwarded from 卩ro 爪Cracker
Cacti: Unauthenticated Remote Code Execution (CVE-2022-46169)
https://ift.tt/BUxzjQ9
Submitted January 11, 2023 at 05:28AM by monoimpact
via reddit https://ift.tt/hcIzBt2
https://ift.tt/BUxzjQ9
Submitted January 11, 2023 at 05:28AM by monoimpact
via reddit https://ift.tt/hcIzBt2
Sonarsource
Cacti: Unauthenticated Remote Code Execution
Learn how we discovered a critical vulnerability in Cacti with the help of SonarCloud.