After you have your TikTok account ready, open your selfie on you PC, make a
new video on TikTok and select “Dynamic Photo” filter.
After you selected your filter, point your camera to the selfie that's on you PC and
you will see that the selfie is moving, smiling, rotating their eyes, etc.
Record a small video and upload it to TikTok (Make sure its public)
After its uploaded, go to: https://ssstik.io/en (ticktock video downloader ) and paste your video link to
Download your video without the TikTok tag.
After that its easy, go to OBS, under “Sources” select “Media” and select your
TikTok video that you just downloaded.
My targeted website requires me to verify thru my phone.
This part if you service only serve through Apps
For this, you would need a few tools:
● LDplayer (Android Emulator)
● Logitech capture software
After you downloaded those 2 tools, create a new LDplayer android emulator
window and select 640x640 resolution
Then, open Logitech capture software, open you selfie/docs photo, select
resolution to 1080p and then in “Source 1” select your opened photo title. Then
head to ManyCams, select camera source as “Logi Capture”.
Then, head back to your android emulator, go do your kyc and when emulator ask
if you want to use webcam or screen crop, select webcam and you should see
your uploaded photo right there, go on resize or change position of the photo of
your needs and take the picture.
Thats it! This should be enough to bypass a lot of kyc providers and will allow you
to easily verify your account!
Download links:
OBS: https://obsproject.com/
LDplayer: https://www.ldplayer.net/
Logitech capture: https://www.logitech.com/en-gb/software/capture.htm
new video on TikTok and select “Dynamic Photo” filter.
After you selected your filter, point your camera to the selfie that's on you PC and
you will see that the selfie is moving, smiling, rotating their eyes, etc.
Record a small video and upload it to TikTok (Make sure its public)
After its uploaded, go to: https://ssstik.io/en (ticktock video downloader ) and paste your video link to
Download your video without the TikTok tag.
After that its easy, go to OBS, under “Sources” select “Media” and select your
TikTok video that you just downloaded.
My targeted website requires me to verify thru my phone.
This part if you service only serve through Apps
For this, you would need a few tools:
● LDplayer (Android Emulator)
● Logitech capture software
After you downloaded those 2 tools, create a new LDplayer android emulator
window and select 640x640 resolution
Then, open Logitech capture software, open you selfie/docs photo, select
resolution to 1080p and then in “Source 1” select your opened photo title. Then
head to ManyCams, select camera source as “Logi Capture”.
Then, head back to your android emulator, go do your kyc and when emulator ask
if you want to use webcam or screen crop, select webcam and you should see
your uploaded photo right there, go on resize or change position of the photo of
your needs and take the picture.
Thats it! This should be enough to bypass a lot of kyc providers and will allow you
to easily verify your account!
Download links:
OBS: https://obsproject.com/
LDplayer: https://www.ldplayer.net/
Logitech capture: https://www.logitech.com/en-gb/software/capture.htm
SSSTik.io
TikTok Downloader - Download TikTok Video Without Watermark
Fastest TikTok video downloader! Save TikTok videos in HD with two taps, fast and free. With or without a watermark online – start now for high-quality downloads!
👍1
Forwarded from Deadly malware xp
#tools
#Blue_Team_Techniques
1. MIMEDefang - e-mail filtering tool that works with the Sendmail "Milter" library
https://github.com/The-McGrail-Foundation/MIMEDefang
2. Automated Penetration Testing Reporting System
https://github.com/Anof-cyber/APTRS
#Blue_Team_Techniques
1. MIMEDefang - e-mail filtering tool that works with the Sendmail "Milter" library
https://github.com/The-McGrail-Foundation/MIMEDefang
2. Automated Penetration Testing Reporting System
https://github.com/Anof-cyber/APTRS
GitHub
GitHub - The-McGrail-Foundation/MIMEDefang: MIMEDefang is an e-mail filtering tool that works with the Sendmail “Milter” library.…
MIMEDefang is an e-mail filtering tool that works with the Sendmail “Milter” library. MIMEDefang lets you express your filtering policies in Perl rather than C, making it quick and easy to filter ...
Forwarded from Deadly malware xp
soft_dev_proc (1).pdf
147.4 KB
#Whitepaper
"Everything About the Secure Software Development Process", 12.2022.
"Everything About the Secure Software Development Process", 12.2022.
Forwarded from Deadly malware xp
#exploit
1. CVE-2023-0179:
Linux kernel stack buffer overflow in nftables
https://seclists.org/oss-sec/2023/q1/20
2. Security Audit of Git:
CVE-2022-23521:
Truncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes
CVE-2022-41903:
Out of Bounds Memory Write in Log Formatting
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif
1. CVE-2023-0179:
Linux kernel stack buffer overflow in nftables
https://seclists.org/oss-sec/2023/q1/20
2. Security Audit of Git:
CVE-2022-23521:
Truncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes
CVE-2022-41903:
Out of Bounds Memory Write in Log Formatting
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif
seclists.org
oss-sec: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
Forwarded from Deadly malware xp
ML-FEED.pdf
841.5 KB
#Research
"ML-FEED: Machine Learning Framework for Efficient Exploit Detection", 2023.
"ML-FEED: Machine Learning Framework for Efficient Exploit Detection", 2023.
Forwarded from Deadly malware xp
#Cloud_Security
1. Azure AD Pass-Through Authentication Flaws
https://www.secureworks.com/research/azure-active-directory-pass-through-authentication-flaws
]-> PTAAgentDump tool: https://github.com/secureworks/PTAAgentDump
2. Red Teaming Microsoft Azure
https://improsec.com/tech-blog/read2own
1. Azure AD Pass-Through Authentication Flaws
https://www.secureworks.com/research/azure-active-directory-pass-through-authentication-flaws
]-> PTAAgentDump tool: https://github.com/secureworks/PTAAgentDump
2. Red Teaming Microsoft Azure
https://improsec.com/tech-blog/read2own
Sophos
Azure Active Directory Pass-Through Authentication Flaws
In May 2022, Sophos® Counter Threat Unit™ (CTU) researchers analyzed how the protocols used by Pass-Through Authentication could be exploited.
Forwarded from Deadly malware xp
#Threat_Research
1. SSH Key Injection Vulnerability in Google Cloud Compute Engine
https://blog.stazot.com/ssh-key-injection-google-cloud
2. Network Security Trends: August-October 2022
https://unit42.paloaltonetworks.com/network-security-trends-aug-oct-2022
3. Learn EVM Attacks: A collection of Foundry tests reproducing exploits, bug bounty reports, and theoretical vulnerabilities on EVM chains
https://github.com/coinspect/learn-evm-attacks
1. SSH Key Injection Vulnerability in Google Cloud Compute Engine
https://blog.stazot.com/ssh-key-injection-google-cloud
2. Network Security Trends: August-October 2022
https://unit42.paloaltonetworks.com/network-security-trends-aug-oct-2022
3. Learn EVM Attacks: A collection of Foundry tests reproducing exploits, bug bounty reports, and theoretical vulnerabilities on EVM chains
https://github.com/coinspect/learn-evm-attacks
Stazot
Sivanesh Ashok
Blog about bug bounty and infosec research
Forwarded from Deadly malware xp
#Offensive_security
1. Exploiting Distroless Images
https://www.form3.tech/engineering/content/exploiting-distroless-images
2. Exploiting CVE-2021-3490 for Container Escapes
https://www.crowdstrike.com/blog/exploiting-cve-2021-3490-for-container-escapes
1. Exploiting Distroless Images
https://www.form3.tech/engineering/content/exploiting-distroless-images
2. Exploiting CVE-2021-3490 for Container Escapes
https://www.crowdstrike.com/blog/exploiting-cve-2021-3490-for-container-escapes
www.form3.tech
Exploiting Distroless Images
An abuse of functionality in the OpenSSL binary, installed in the official Google Container Tools Distroless Base container image, allows for command execution and arbitrary file read and write on distroless containers. By abusing the enc functionality in…
Forwarded from Deadly malware xp
#Threat_Research
1. Java XML security issues and how to address them
https://semgrep.dev/blog/2022/xml-security-in-java
2. QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml
1. Java XML security issues and how to address them
https://semgrep.dev/blog/2022/xml-security-in-java
2. QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml
Forwarded from Deadly malware xp
#Cloud_Security
AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass
AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass
Datadoghq
AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
Public disclosure of a method to bypass CloudTrail for specific IAM actions.
Forwarded from Deadly malware xp
#Malware_analysis
StrongPity espionage campaign
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users
StrongPity espionage campaign
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users
WeLiveSecurity
StrongPity espionage campaign targeting Android users
ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.
Forwarded from Deadly malware xp
Ultraverse.pdf
10.3 MB
#Research
"Ultraverse: Efficient Retroactive Operation for Attack Recovery in Database Systems and Web Frameworks", 2023.
"Ultraverse: Efficient Retroactive Operation for Attack Recovery in Database Systems and Web Frameworks", 2023.