FATF PAKISTAN MEETING WAS BREACHED.

Just Before being out of Grey List.

Pakistani Diplomat Sexual Harassment with Amna Umer Barcelona.

Join https://t.me/sidewinders

Ministry of Foreign Affairs Pakistan

7.5 TB of Internal & Email Data is compromised. Few Samples Attached

@sidewinders

OWASP WrongSecrets | Vulnerable app with examples showing how to not use secrets

https://system32.ink/news-feed/p/234/

0Day Avalanche Blockchain API Dos POC Video

https://system32.ink/news-feed/p/235/

Huge !! ❤️ 🇮🇳

Probably In response of recent MEA mail Server attack APT Group Sidewinders Hackers Have Compromised 7.5 TB of Email and Official Data Of Ministry Of Foreign Affairs Pakistan.

Indian Email Data of Almost 25GB was on darkweb.

Investigation of Indian mail server breach is already in process.

Test for #xss and #SQLi

-"><img src=x>kdskf${{7*7}}

Enter in EVERY parameter

Javascript injection test -""> html tag attribute test

-<img src=x> HTML injection - ${{7*7}} CSTI + SSTI

--"" SQLI

🔥🔥🔥glibc-2.37 - incorrect printf output for integers with thousands separator and width field(CVE-2023-25139, BOF)
sprintf in the GNU C Library (glibc) 2.37 has a BOF (OOB) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.

Consider the following C program:

#include <stdio.h>
#include <locale.h>

int main (void)
{
  if (setlocale (LC_ALL, ""))
    {
      printf ("1234567890123:\n");
      printf ("%0+ -'13ld:\n", 1234567L);
    }
  return 0;
}

and try it with a locale that has a thousands separator, such as "LC_ALL=en_US.utf8".

With glibc up to 2.36, Vincent get as expected:
1234567890123:
+1,234,567 :

Confirmed that this could potentially cause a buffer overflow with sprintf, something like below. This will occur in the corner case where an application computes the size of buffer to be exactly enough to fit the digits in question, but sprintf ends up writing a couple of extra bytes, hence going beyond bounds.

#include <stdio.h>
#include <locale.h>
#include <string.h>

int main (void)
{
  char buf[strlen ("1234567890123:") + 1];
  __builtin_memset (buf, 'x', sizeof (buf));
  if (setlocale (LC_ALL, ""))
    {
      printf ("1234567890123:\n");
      printf ("%0+ -'13ld:\n", 1234567L);
      sprintf (buf, "%0+ -'13ld:", 1234567L);
      for (size_t i = 0; i < strlen ("1234567890123:") + 1; i++)
  {
    printf ("%c", buf[i]);
  }
      printf ("\n");
    }
  return 0;
}

To finish, building with _FORTIFY_SOURCE should catch this problem immediately:

💾$ gcc -D_FORTIFY_SOURCE=1 -O -o sprintf-test sprintf-test.c

And run:
💾$ LOCPATH=$PWD/localedata LC_ALL=en_US.UTF-8 ./elf/ld-linux-x86-64.so.2 --library-path .:./math:./elf:./dlfcn:./nss:./nis:./rt:./resolv:./mathvec:./support:./crypt:./nptl ../sprintf-test
1234567890123:
+1,234,567 :
*** buffer overflow detected ***: terminated
Aborted (core dumped)

🛡Fixed here( github mirror, backport to release/2.37/master ): "Account for grouping in printf width".

📕Ransomware Attacks on Critical
Infrastructure Fund DPRK(Democratic People’s Republic of Korea) Malicious Cyber Activities

#advisory #NSA #FBI #CISA #HHS #ROK #NIS #DSA #CSA #DPRK #security #ransomware #ICS #exploitation #Apache #Log4j #SMA100 #TOS

Resources for Reverse Engineering Online Games

#cybersecurity #infosec #hacking

https://github.com/dsasmblr/game-hacking

BokuLoader | is a Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

Now supports: sleepmask, cleanup, and obfuscate evasion features!

Download: https://system32.ink/news-feed/p/238/

Hey everyone!

Check out our another blog on SQL Injection.

SQL Injection attack | Prevention| Cyber Security Professionals

Let's learn and grow together

https://techofide.com/blogs/sql-injection-attack-sqli-sql-injection-prevention-sql-injection-cheat-sheet-practical-demo/

ExploitLeakedHandle: Identify and exploit leaked handles for local privilege escalation
https://github.com/0x00Check/ExploitLeakedHandle