Tracr: Compiled Transformers as a Laboratory for Interpretability
git clone https://github.com/deepmind/tracr
cd tracr6
pip3 install .7
https://github.com/deepmind/tracrhttps://arxiv.org/abs/2301.05062v1
GitHub
GitHub - google-deepmind/tracr
Contribute to google-deepmind/tracr development by creating an account on GitHub.
🤩2👍1
👍3
Forwarded from CYBER TRICKS ZONE 🇮🇳🚩 (𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡 𝙉𝙞𝙘𝙠)
Master OAuth 2.0 Vulnerability
#bugbounty #infosec
Difficulty : Any
OAuth 2.0 Resources :👇
• https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf
• https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0
• https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1
• https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/
• https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
• https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
• https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567
• https://hackerone.com/reports/49759
• https://hackerone.com/reports/131202
• https://hackerone.com/reports/6017
• https://hackerone.com/reports/7900
• https://hackerone.com/reports/244958
• https://hackerone.com/reports/405100
• https://ysamm.com/?p=379
• https://amolbaikar.com/facebook-oauth-framework-vulnerability/
•https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9
• https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295
• https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
• https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
• http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html
• http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
• https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure
• https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
• https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Thanks You For Reading this 🙏
Hope You'll like 👍 it
#bugbounty #infosec
Difficulty : Any
OAuth 2.0 Resources :👇
• https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf
• https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0
• https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1
• https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/
• https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
• https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
• https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567
• https://hackerone.com/reports/49759
• https://hackerone.com/reports/131202
• https://hackerone.com/reports/6017
• https://hackerone.com/reports/7900
• https://hackerone.com/reports/244958
• https://hackerone.com/reports/405100
• https://ysamm.com/?p=379
• https://amolbaikar.com/facebook-oauth-framework-vulnerability/
•https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9
• https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295
• https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
• https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
• http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html
• http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
• https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure
• https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
• https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Thanks You For Reading this 🙏
Hope You'll like 👍 it
👍3
https://anubism3333.blogspot.com/2022/06/how-to-stay-motivated.html
https://anubism3333.blogspot.com/2022/06/at-which-time-you-should-feel-that-you.html
https://anubism3333.blogspot.com/2022/06/the-human-way-of-thinking.html
https://anubism3333.blogspot.com/2022/06/being-alone.html
https://anubism3333.blogspot.com/2022/07/the-quotations-that-reveal-reality.html
https://anubism3333.blogspot.com/2022/07/the-definition-of-love.html
https://hacklido.com/blog/271-windows-forensics-the-art-of-investigating-part-1
https://hacklido.com/d/56-windows-file-system-investigation-part-1introduction
https://hacklido.com/d/51-information-about-windows-registry
https://hacklido.com/d/55-windows-registry-investigation-cheatsheet-part-1
https://lonewarriorco.blogspot.com/2022/10/ram-forensics-using-volatility.html
https://hacklido.com/d/66-yara-language
https://hacklido.com/blog/251-securing-your-linux-server-with-host-based-firewall-protection-using-iptables
https://hacklido.com/blog/252-steps-to-set-up-a-firewall-with-ufw
https://hacklido.com/blog/258-honeypots-the-game-of-traps
https://hacklido.com/blog/262-proxy-my-love-part-1
https://www.codelivly.com/osint/
All my Motivational And Infosec Blogs.
https://anubism3333.blogspot.com/2022/06/at-which-time-you-should-feel-that-you.html
https://anubism3333.blogspot.com/2022/06/the-human-way-of-thinking.html
https://anubism3333.blogspot.com/2022/06/being-alone.html
https://anubism3333.blogspot.com/2022/07/the-quotations-that-reveal-reality.html
https://anubism3333.blogspot.com/2022/07/the-definition-of-love.html
https://hacklido.com/blog/271-windows-forensics-the-art-of-investigating-part-1
https://hacklido.com/d/56-windows-file-system-investigation-part-1introduction
https://hacklido.com/d/51-information-about-windows-registry
https://hacklido.com/d/55-windows-registry-investigation-cheatsheet-part-1
https://lonewarriorco.blogspot.com/2022/10/ram-forensics-using-volatility.html
https://hacklido.com/d/66-yara-language
https://hacklido.com/blog/251-securing-your-linux-server-with-host-based-firewall-protection-using-iptables
https://hacklido.com/blog/252-steps-to-set-up-a-firewall-with-ufw
https://hacklido.com/blog/258-honeypots-the-game-of-traps
https://hacklido.com/blog/262-proxy-my-love-part-1
https://www.codelivly.com/osint/
All my Motivational And Infosec Blogs.
🔥3
📲Enzyme is an jailbreak-free iOS modding framework that allows you to statically patch and hook iOS apps.
This repository contains an example using Enzyme. For modifying this, check out the CMakeLists.txt file, the patcher/main.py file, the patcher/bootstrap.asm file, and the src folder.
Download:- https://system32.ink/news-feed/p/213/
This repository contains an example using Enzyme. For modifying this, check out the CMakeLists.txt file, the patcher/main.py file, the patcher/bootstrap.asm file, and the src folder.
Download:- https://system32.ink/news-feed/p/213/
RedTeam-Tools-main.zip
40.1 KB
#RedTeam #hack #tools
Collection of 100+ tools and resources that can be useful for red teaming activities.
https://github.com/A-poc/RedTeam-Tools
Collection of 100+ tools and resources that can be useful for red teaming activities.
https://github.com/A-poc/RedTeam-Tools
👍1
Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6
download: https://system32.ink/news-feed/p/209/
download: https://system32.ink/news-feed/p/209/
🏆3
🔥Brave browser 1 day exploit.
This is a remote crash that triggers in brave browser due to how the rss XML parsing happens by reading an item's title that contains the < (less than) character.
Download: https://system32.ink/news-feed/p/211/
This is a remote crash that triggers in brave browser due to how the rss XML parsing happens by reading an item's title that contains the < (less than) character.
Download: https://system32.ink/news-feed/p/211/
👍1
Forwarded from 卩ro 爪Cracker
🔥Chrome heap buffer overflow in validating command decoder(CVE-2022-4135)
Heap BoF/OOB access in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a SBX via a crafted HTML page.
🛡Patch CL
Exploit strategy:
The vulnerability immediately provides an attacker with an extremely powerful exploitation primitive -- a non-linear BoF with a controlled offset.
Exploit flow:
The exploit abuses the command buffer and GLES2 APIs for memory manipulation. A corrupted memory bucket is used to first leak data from the GPU process and break ASLR, and then, when the ROP chain is ready, hijack the control flow.
reproduce:
Heap BoF/OOB access in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a SBX via a crafted HTML page.
🛡Patch CL
Exploit strategy:
The vulnerability immediately provides an attacker with an extremely powerful exploitation primitive -- a non-linear BoF with a controlled offset.
Exploit flow:
The exploit abuses the command buffer and GLES2 APIs for memory manipulation. A corrupted memory bucket is used to first leak data from the GPU process and break ASLR, and then, when the ROP chain is ready, hijack the control flow.
reproduce:
<script>⚠️Part of an exploit chain: CVE-2022-4135 + CVE-2022-3723
canvas = document.createElement("canvas");
document.documentElement.appendChild(canvas);
context = canvas.getContext("webgl2");
context.blendColor(0, 0, 0, 0);
</script>
🔥🔥🔥Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit(CVE-2023-21608)
Download: https://system32.ink/news-feed/p/212/
Download: https://system32.ink/news-feed/p/212/
💥Cobalt Strike BOF that bypasses AMSI in a remote process with code injection.
Download:- https://system32.ink/news-feed/p/214/
Download:- https://system32.ink/news-feed/p/214/
👍2