Forwarded from Exploiting Crew (Pr1vAt3)
π¦1)15 vulnerabilities in one public bbp
https://lnkd.in/ggi4T39C
2)How I got access to Credentials easily
https://lnkd.in/gcnNE8hs
3)Bug Bounty Tips Series: 10 Ways To Find HTTP Host Header Injection Vulnerability
https://lnkd.in/gnji_rts
4)π¨ Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability π¨
https://lnkd.in/gNHZMnXY
5)Exploiting and Remediating Access Control Vulnerabilities
https://lnkd.in/gasczeCV
6)20 Bug Bounty CrowdSourced Platforms
https://lnkd.in/g24uCdbQ
7)The Ninja Hacker Academy - A full guide to your graduation
https://lnkd.in/g86dxzSQ
8)Lookup β TryHackMe CTF Writeup {FOR BEGINNERS}
https://lnkd.in/gK9Vd6_i
9)TRYHACKME : Dav
https://lnkd.in/ggpStJn2
10)CTFs Network Section Walkthrough
https://lnkd.in/gC79pVfS
Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
https://lnkd.in/ggi4T39C
2)How I got access to Credentials easily
https://lnkd.in/gcnNE8hs
3)Bug Bounty Tips Series: 10 Ways To Find HTTP Host Header Injection Vulnerability
https://lnkd.in/gnji_rts
4)π¨ Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability π¨
https://lnkd.in/gNHZMnXY
5)Exploiting and Remediating Access Control Vulnerabilities
https://lnkd.in/gasczeCV
6)20 Bug Bounty CrowdSourced Platforms
https://lnkd.in/g24uCdbQ
7)The Ninja Hacker Academy - A full guide to your graduation
https://lnkd.in/g86dxzSQ
8)Lookup β TryHackMe CTF Writeup {FOR BEGINNERS}
https://lnkd.in/gK9Vd6_i
9)TRYHACKME : Dav
https://lnkd.in/ggpStJn2
10)CTFs Network Section Walkthrough
https://lnkd.in/gC79pVfS
Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
lnkd.in
LinkedIn
This link will take you to a page thatβs not on LinkedIn
Forwarded from DailyCVE
π΅ Concrete CMS, Stored XSS in the Search Field, #CVE-2024-3181 (Low)
https://dailycve.com/concrete-cms-stored-xss-in-the-search-field-cve-2024-3181-low/
@DailyCVE
https://dailycve.com/concrete-cms-stored-xss-in-the-search-field-cve-2024-3181-low/
@DailyCVE
DailyCVE
Concrete CMS, Stored XSS in the Search Field, CVE-2024-3181 (Low) - DailyCVE
2024-12-16 : Concrete CMS versions before 9.2.8 and 8.5.16 are vulnerable to a Stored XSS attack. A malicious administrator can [β¦]
Forwarded from DailyCVE
π Concrete CMS, Stored Cross-site Scripting, #CVE-2024-4353 (Medium)
https://dailycve.com/concrete-cms-stored-cross-site-scripting-cve-2024-4353-medium/
@Daily_CVE
https://dailycve.com/concrete-cms-stored-cross-site-scripting-cve-2024-4353-medium/
@Daily_CVE
DailyCVE
Concrete CMS, Stored Cross-site Scripting, CVE-2024-4353 (Medium) - DailyCVE
2024-12-16 Vulnerability : Concrete CMS versions 9.0.0 through 9.3.2 are vulnerable to a stored Cross-site Scripting (XSS) attack. An attacker [β¦]
Forwarded from DailyCVE
π Concrete CMS, Stored XSS, #CVE-2024-3180 (Medium)
https://dailycve.com/concrete-cms-stored-xss-cve-2024-3180-medium/
@Daily_CVE
https://dailycve.com/concrete-cms-stored-xss-cve-2024-3180-medium/
@Daily_CVE
DailyCVE
Concrete CMS, Stored XSS, CVE-2024-3180 (Medium) - DailyCVE
2024-12-16 : Concrete CMS versions below 9.2.8 and 8.5.16 are vulnerable to Stored XSS. An attacker with administrator privileges can [β¦]
Forwarded from DailyCVE
π Mattermost Data Amplification Vulnerability (Moderate)
https://dailycve.com/mattermost-data-amplification-vulnerability-moderate/
@Daily_CVE
https://dailycve.com/mattermost-data-amplification-vulnerability-moderate/
@Daily_CVE
DailyCVE
Mattermost Data Amplification Vulnerability (Moderate) - DailyCVE
2024-12-16 A vulnerability has been discovered in Mattermost versions 10.1.x
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π #Tesla Surges in South Korea's EV Market, Poised to Break Sales Record
https://undercodenews.com/tesla-surges-in-south-koreas-ev-market-poised-to-break-sales-record/
@Undercode_News
https://undercodenews.com/tesla-surges-in-south-koreas-ev-market-poised-to-break-sales-record/
@Undercode_News
UNDERCODE NEWS
Tesla Surges in South Korea's EV Market, Poised to Break Sales Record - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from DailyCVE
π΄ Cosmos SDK: Transaction Decoding Vulnerabilities (ASA-2024-0012 & ASA-2024-0013) - High Severity
https://dailycve.com/cosmos-sdk-transaction-decoding-vulnerabilities-asa-2024-0012-asa-2024-0013-high-severity/
@Daily_CVE
https://dailycve.com/cosmos-sdk-transaction-decoding-vulnerabilities-asa-2024-0012-asa-2024-0013-high-severity/
@Daily_CVE
DailyCVE
Cosmos SDK: Transaction Decoding Vulnerabilities (ASA-2024-0012 & ASA-2024-0013) - High Severity - DailyCVE
2024-12-16 Vulnerability : Two high-severity vulnerabilities (ASA-2024-0012 & ASA-2024-0013) were discovered in the Cosmos SDK that could lead to network [β¦]
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π€ #iOS 183 Beta Brings HomeKit Support for Robot Vacuums
https://undercodenews.com/ios-183-beta-brings-homekit-support-for-robot-vacuums/
@Undercode_News
https://undercodenews.com/ios-183-beta-brings-homekit-support-for-robot-vacuums/
@Undercode_News
UNDERCODE NEWS
iOS 183 Beta Brings HomeKit Support for Robot Vacuums - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ANDROID PIN CRACKING - Live Video Demonstration
1οΈβ£The attack leverages a physical Rubber Ducky device, which exploits the Human Interface Device (HID) protocol to emulate keyboard input. By employing a brute-force approach, the device systematically attempts PIN combinations from 0000 to 9999, saving the correct PIN upon successful authentication. To mitigate detection mechanisms, the attack is designed to halt after five unsuccessful attempts and a 30-minute timeout. Furthermore, the device's configuration and scripting capabilities can be tailored to specific target devices.
> Beyond PIN cracking, the #RubberDucky can be programmed to enable USB debugging, opening the door to a wider range of potential attacks. This includes reverse shell connections, binding shell sessions, and camera exploitation, ultimately exposing the device to data leakage and other security risks.
βHere is a working Proof of concept of the latest attack discovered by me that exploits Android Smartphones working on the latest version of Android and the latest security patches that can break Android PIN (4-digit PIN and 6-digit PIN) tested on 20 brands including the Google Pixel series and OnePlus devices. The demonstration can crack PIN patterns and also the PIN that is required before the device is turned on. The device is a rubber ducky that uses an HID exploit that can work like a keyboard and use brute force attack i.e. trying PIN from 0000 to 9999 and also saving the PIN once unlocked. The device is configured to work with a timeout of 30 minutes after 5 attempts and the scripts can be configured based on the device we are working on. It can store 5MB of Python Script which is executed after the Arduino firmware is complete. It works on ATMega chipset and allows the user to also enable USB debugging which can further enable other attacks like reverse shell and binding connections exposing users to Camera exploits and even data leaks.
Ref: Priyank Gada
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
This document presents a functional Proof-of-Concept (PoC) for a novel attack vector targeting #Android #smartphones running the latest Android version and #security patches. This attack has been successfully validated on over 20 popular brands, including Google Pixel and OnePlus devices. The PoC demonstrates the ability to compromise both standard 4-digit and 6-digit PINs, as well as pattern locks and PINs required for device boot-up.
1οΈβ£The attack leverages a physical Rubber Ducky device, which exploits the Human Interface Device (HID) protocol to emulate keyboard input. By employing a brute-force approach, the device systematically attempts PIN combinations from 0000 to 9999, saving the correct PIN upon successful authentication. To mitigate detection mechanisms, the attack is designed to halt after five unsuccessful attempts and a 30-minute timeout. Furthermore, the device's configuration and scripting capabilities can be tailored to specific target devices.
> Beyond PIN cracking, the #RubberDucky can be programmed to enable USB debugging, opening the door to a wider range of potential attacks. This includes reverse shell connections, binding shell sessions, and camera exploitation, ultimately exposing the device to data leakage and other security risks.
βHere is a working Proof of concept of the latest attack discovered by me that exploits Android Smartphones working on the latest version of Android and the latest security patches that can break Android PIN (4-digit PIN and 6-digit PIN) tested on 20 brands including the Google Pixel series and OnePlus devices. The demonstration can crack PIN patterns and also the PIN that is required before the device is turned on. The device is a rubber ducky that uses an HID exploit that can work like a keyboard and use brute force attack i.e. trying PIN from 0000 to 9999 and also saving the PIN once unlocked. The device is configured to work with a timeout of 30 minutes after 5 attempts and the scripts can be configured based on the device we are working on. It can store 5MB of Python Script which is executed after the Arduino firmware is complete. It works on ATMega chipset and allows the user to also enable USB debugging which can further enable other attacks like reverse shell and binding connections exposing users to Camera exploits and even data leaks.
Ref: Priyank Gada
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Microsoft's #Copilot Key: A Hasty Decision with Unintended Consequences
https://undercodenews.com/microsofts-copilot-key-a-hasty-decision-with-unintended-consequences/
@Undercode_News
https://undercodenews.com/microsofts-copilot-key-a-hasty-decision-with-unintended-consequences/
@Undercode_News
UNDERCODE NEWS
Microsoft's Copilot Key: A Hasty Decision with Unintended Consequences - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
8 Ways to Use #Google Home for a Cozy, Festive Holiday
https://undercodenews.com/8-ways-to-use-google-home-for-a-cozy-festive-holiday/
@Undercode_News
https://undercodenews.com/8-ways-to-use-google-home-for-a-cozy-festive-holiday/
@Undercode_News
UNDERCODE NEWS
8 Ways to Use Google Home for a Cozy, Festive Holiday - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
β‘οΈ Threads Takes a Cue from Bluesky: New Curated Collections Feature
https://undercodenews.com/threads-takes-a-cue-from-bluesky-new-curated-collections-feature/
@Undercode_News
https://undercodenews.com/threads-takes-a-cue-from-bluesky-new-curated-collections-feature/
@Undercode_News
UNDERCODE NEWS
Threads Takes a Cue from Bluesky: New Curated Collections Feature - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Zomato Faces Leadership Shakeup as CFO Resigns
https://undercodenews.com/zomato-faces-leadership-shakeup-as-cfo-resigns/
@Undercode_News
https://undercodenews.com/zomato-faces-leadership-shakeup-as-cfo-resigns/
@Undercode_News
UNDERCODE NEWS
Zomato Faces Leadership Shakeup as CFO Resigns - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π The Education Industry: A Target for Cybercriminals
https://undercodenews.com/the-education-industry-a-target-for-cybercriminals/
@Undercode_News
https://undercodenews.com/the-education-industry-a-target-for-cybercriminals/
@Undercode_News
UNDERCODE NEWS
The Education Industry: A Target for Cybercriminals - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π± Lost Luggage? #Apple AirTag Users Can Now Share Location with Airlines
https://undercodenews.com/lost-luggage-apple-airtag-users-can-now-share-location-with-airlines/
@Undercode_News
https://undercodenews.com/lost-luggage-apple-airtag-users-can-now-share-location-with-airlines/
@Undercode_News
UNDERCODE NEWS
Lost Luggage? Apple AirTag Users Can Now Share Location with Airlines - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π‘οΈ Informative Secure Your Family's #Digital Future with pCloud's Holiday Deals
https://undercodenews.com/informative-secure-your-familys-digital-future-with-pclouds-holiday-deals/
@Undercode_News
https://undercodenews.com/informative-secure-your-familys-digital-future-with-pclouds-holiday-deals/
@Undercode_News
UNDERCODE NEWS
Informative Secure Your Family's Digital Future with pCloud's Holiday Deals - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from DailyCVE
π OpenHarmony Insecure Storage Vulnerability (#CVE-2024-21826) - Medium
https://dailycve.com/openharmony-insecure-storage-vulnerability-cve-2024-21826-medium/
@Daily_CVE
https://dailycve.com/openharmony-insecure-storage-vulnerability-cve-2024-21826-medium/
@Daily_CVE
DailyCVE
OpenHarmony Insecure Storage Vulnerability (CVE-2024-21826) - Medium - DailyCVE
2024-12-16 This article describes a vulnerability (CVE-2024-21826) in OpenHarmony versions up to and including v3.2.4. The vulnerability allows local attackers [β¦]
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Lamborghini Shifts Gears: Electric Supercar Delayed Until 2029
https://undercodenews.com/lamborghini-shifts-gears-electric-supercar-delayed-until-2029/
@Undercode_News
https://undercodenews.com/lamborghini-shifts-gears-electric-supercar-delayed-until-2029/
@Undercode_News
UNDERCODE NEWS
Lamborghini Shifts Gears: Electric Supercar Delayed Until 2029 - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦