Forwarded from 卩ro 爪Cracker
Binary Ninja HashDB Plugin
Binary Ninja plugin for interacting with the OALabs HashDB service.
https://github.com/cxiao/hashdb_bn
Binary Ninja plugin for interacting with the OALabs HashDB service.
https://github.com/cxiao/hashdb_bn
#Sec_code_review
Statistical Analysis to Detect Uncommon Code
https://synthesis.to/2023/01/26/uncommon_instruction_sequences.html
Statistical Analysis to Detect Uncommon Code
https://synthesis.to/2023/01/26/uncommon_instruction_sequences.html
#exploit
1. CVE-2023-23504:
XNU Heap Underwrite in dlil.c
https://adamdoupe.com/blog/2023/01/23/cve-2023-23504-xnu-heap-underwrite-in-dlil-dot-c
2. CVE-2023-24055:
KeePass 2.5x PoC
https://github.com/alt3kx/CVE-2023-24055_PoC
3. CVE-2022-34689:
CryptoAPI spoofing vulnerability
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
1. CVE-2023-23504:
XNU Heap Underwrite in dlil.c
https://adamdoupe.com/blog/2023/01/23/cve-2023-23504-xnu-heap-underwrite-in-dlil-dot-c
2. CVE-2023-24055:
KeePass 2.5x PoC
https://github.com/alt3kx/CVE-2023-24055_PoC
3. CVE-2022-34689:
CryptoAPI spoofing vulnerability
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
#Red_Team_Tactics
1. Proxying DLL Loads For Hiding ETWTI Stack Tracing
https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing
2. Python module for running BOFs
https://github.com/rkbennett/pybof
1. Proxying DLL Loads For Hiding ETWTI Stack Tracing
https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing
2. Python module for running BOFs
https://github.com/rkbennett/pybof
#Threat_Research
Sliver Malware with BYOVD Distributing Due to Sunlogin Vulnerability Attack
https://asec.ahnlab.com/ko/46208
Sliver Malware with BYOVD Distributing Due to Sunlogin Vulnerability Attack
https://asec.ahnlab.com/ko/46208
Bounce_Ticket_SilverIodide.pdf
5.7 MB
#Whitepaper
"Bounce the Ticket and Silver Iodide Attacks on Azure AD Kerberos", 2023.
"Bounce the Ticket and Silver Iodide Attacks on Azure AD Kerberos", 2023.
I Can Help You To Clear & Give the training & exam solutions on the below certifications
1_CEH.
2_CEH Practical.
3_eJPT.
4_eCCPTv2.
5_eWPT.
6_eWPTxv2.
7_CRTP.
8_CRTO.
9_OSCP.
10_OSWE.
11_OSEP.
12_OSWP.
13_CPENT
14_CHFI
15_eCPTxv2
16_PNPT
17_Burpsuite exam
Remote Exam Support possible.
If anyone needs message me.
Lower prices & passing guaranteed!
Follow: https://t.me/alexserviceez
Ping @examsolutionz
We have added new exam of burpsuite solutions
1_CEH.
2_CEH Practical.
3_eJPT.
4_eCCPTv2.
5_eWPT.
6_eWPTxv2.
7_CRTP.
8_CRTO.
9_OSCP.
10_OSWE.
11_OSEP.
12_OSWP.
13_CPENT
14_CHFI
15_eCPTxv2
16_PNPT
17_Burpsuite exam
Remote Exam Support possible.
If anyone needs message me.
Lower prices & passing guaranteed!
Follow: https://t.me/alexserviceez
Ping @examsolutionz
We have added new exam of burpsuite solutions
Telegram
Exam solutions
ALL EXAM SOLUTIONS FROM OFFENSIVE SECURITY , ELEARNSECURITY , PENTESTER ACEDEMY and much more are shared by us.
⚡1👍1
Forwarded from 卩ro 爪Cracker
tripping.NTDC.COM.PK.zip
230.3 MB
Sourcecode & Sensitive Leaks.
NTDC Tripping Server.
NTDC Tripping Server.
😱2
https://t.me/sidewinders join this channel for more updates .........
gg's hacker's ( have a good day —❤️
‼️Here we go again
Get a (.in) Free Domain for 1 Year!
Offer valid from 26-30th January 2023.
condition is youw ill get 1 Domain for Free.
Website
#hacker_bano_chutiya_nhe 🌜👾🌛
‼️Here we go again
Get a (.in) Free Domain for 1 Year!
Offer valid from 26-30th January 2023.
condition is youw ill get 1 Domain for Free.
Website
#hacker_bano_chutiya_nhe 🌜👾🌛
⚡3👍1
sshd_backdoor
About Using ebpf technique, hijacking the process during sshd service getting the ~/.ssh/authorized_keys to authorize user logging and injecting our public key make our login successful.
Main Process in ebpf program:
Hook OpenAt syscall enter: check if the sshd process call this, log the pid of sshd.
Hook OpenAt Syscall exit: check the pid logged. logging the fd of pid, map pidfd.
Hook Read Syscall enter: check the pid logged. logging the user_space_char_buffer of pid.
Hook Read Syscall exit: check the pid logged. find the buffer and change the buffer into our Key. Then delete pid in map to avoid blocking administrators’ keys be read.
Download Link: https://system32.ink/news-feed/p/184/
About Using ebpf technique, hijacking the process during sshd service getting the ~/.ssh/authorized_keys to authorize user logging and injecting our public key make our login successful.
Main Process in ebpf program:
Hook OpenAt syscall enter: check if the sshd process call this, log the pid of sshd.
Hook OpenAt Syscall exit: check the pid logged. logging the fd of pid, map pidfd.
Hook Read Syscall enter: check the pid logged. logging the user_space_char_buffer of pid.
Hook Read Syscall exit: check the pid logged. find the buffer and change the buffer into our Key. Then delete pid in map to avoid blocking administrators’ keys be read.
Download Link: https://system32.ink/news-feed/p/184/
#DDoS Scripts and Methods
L7/L4/L3 & Game METHODS (USE ONLY FOR EDUCATIONAL PURPOSES!!!)
This repo consists of various DDoS scripts, collected from internet. Layer-4 and Layer-7 levels can be targeted using these scripts.
Note: Scripts written in 'C' need to be compiled with GCC compiler, first.
https://system32.ink/news-feed/p/185/
L7/L4/L3 & Game METHODS (USE ONLY FOR EDUCATIONAL PURPOSES!!!)
This repo consists of various DDoS scripts, collected from internet. Layer-4 and Layer-7 levels can be targeted using these scripts.
Note: Scripts written in 'C' need to be compiled with GCC compiler, first.
https://system32.ink/news-feed/p/185/