😈 [ LLM Security @llm_sec ]

Remote Code Execution by Server-Side Template Injection in Model Metadata

CVSS 9.7 in llama_cpp_python

found by @retr0reg

🔗 https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829

🐥 [ tweet ]

😈 [ Nicolas Krassas @Dinosn ]

PoC for using MS Windows printers for persistence / command and control via Internet Printing

🔗 https://github.com/Diverto/IPPrintC2

🐥 [ tweet ]

😈 [ CravateRouge @rouge_cravate ]

Performing kerberos cross domain authentication with impacket is not straightforward!
If you want to authenticate on domain A (trusting domain B) with a userB you must ask a ST to domain B for krbtgt/domainA and then use this ST to request new ST to domainA, e.g.:

🐥 [ tweet ]

Б for Баян

😈 [ sinusoid @the_bit_diddler ]

I'm intending to release an open-source Visual Studio Code extension to make writing BOFs easier for the community:

- Complete Nt/Zw function prototypes with tab completion (and correct typecasting for placeholder variables)
- MSDN header searching

PoC:

🔗 https://www.youtube.com/watch?v=oWss4Ac9Pl8

🐥 [ tweet ]

😈 [ Steve S. @0xTriboulet ]

@vxunderground

BSides Talk on Writing malware in Nim w/o the Nim Runtime

🔗 https://github.com/m4ul3r/writing_nimless/blob/main/Writing%20Nimless%20nim.pdf

🐥 [ tweet ]

😈 [ CravateRouge @rouge_cravate ]

Having an AD with trusts you can reach?
bloodyAD can now retrieve the trusts of the trusts where you can connect to and print them as a nice ascii tree

🐥 [ tweet ]

😈 [ Binni Shah @binitamshah ]

Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass : credits @Denis_Skvortcov

🔗 https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html

🐥 [ tweet ]

😈 [ Jonny Johnson @jsecurity101 ]

Without further ado - here is EtwInspector!

This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events.

🔗 https://github.com/jsecurity101/ETWInspector

🐥 [ tweet ][ quote ]

😈 [ eversinc33 🩸🗡️ @eversinc33 ]

If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.

🐥 [ tweet ]

*смешной срач в треде*

😈 [ NCV @nickvourd ]

This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!

🔗 https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/

🐥 [ tweet ]

#для_самых_маленьких

Как скрасить свой вечер: идем в https://x.com/studentofthings, открываем Ответы, читаем треды, рофлируем.

😈 [ VirusTotal @virustotal ]

"YARA is dead, long live YARA-X!" 🎉

After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.

Dive into the details in latest blog post by @plusvic :

🔗 https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html

🐥 [ tweet ]

😈 [ Thomas Rinsma @thomasrinsma ]

Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.

🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

🐥 [ tweet ]

😈 [ Amal Murali @amalmurali47 ]

Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.

🔗 https://amalmurali.me/posts/git-rce/

🐥 [ tweet ][ quote ]

🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT!

Bounty: $28,000 💸

Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/

согласен

😈 [ Lsec @lsecqt ]

I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.

🔗 https://www.youtube.com/watch?v=2agrRX4fD_I

🐥 [ tweet ]

😈 [ Ptrace Security GmbH @ptracesecurity ]

Nmap Dashboard with Grafana:

🔗 https://hackertarget.com/nmap-dashboard-with-grafana/

🐥 [ tweet ]

прикольная идея

😈 [ es3n1n @es3n1n ]

i did a thing

🔗 https://github.com/es3n1n/no-defender

🐥 [ tweet ]

свежак

😈 [ Slowerzs @slowerzs ]

I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.

🔗 https://blog.slowerzs.net/posts/pplsystem/

🐥 [ tweet ]

😈 [ slonser @slonser_ ]

My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.

🔗 https://blog.slonser.info/posts/email-attacks/

🐥 [ tweet ]