⚠️ Stay away from BTMOB. The tool is a useless RAT scam created by a Brazilian scammer known as Goiano who only sells bullshit. Don't waste your money on paid versions or you'll lose your investment. ⚠️

❗️A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
Statement...

📢Jason RAT (Remote Access Trojan) is a new malware variant observed to be advertised recently via underground forums. The malware has various remote access and control functionalities, including process, file and registry manipulation, remote...

❗️Nighthawk is an advanced toolkit of redteam tooling built with operational security in mind, including an evasive command-and-control framework. The Nighthawk beacon is highly evasive and designed to evade the modern security controls seen in mature, highly monitored environments. Nighthawk’s features are backed by MDSec’s world class research and development team, providing cutting edge capabilities not published or weaponised in the public domain. The framework provides capabilities across the toolchain, from initial access, through persistence, lateral movement and objectives.👻

⚠️ Stealer has the ability to collect the following information:

Passwords (Chrome and Brave) x Cookies (Chrome and Brave) x History (Chrome and Brave) x Google Auth "Service Token" (Chrome and Brave) x File Grabber (must capture files like .pdf, .docx, etc.) x Keychain_db (macOS keychain database file, individually formatted) x User keychain password (user password, usually the same one used to obtain the keychain decryption key)

❗️Safari 1day RCE Exploit, might be patched in iOS 16.5.1/macOS 13.4.1
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.

📌 PDF files are often considered static documents by most people. However, the PDF standard allows for the execution of JavaScript code within the document. This feature offers various attack vectors that can be used for Red Team tests and cybersecurity research. In this article, we will examine how to inject JavaScript into a PDF file to download a file from a specific URL and establish a Command and Control (C2) connection using this method.

🚩 चरितं शिवराजस्य विजयश्रीविराजितम्।
वीराद्भुतरसं पुण्यं रामायणमिवापरम्॥