What a Sunday
I was minding my own business and suddenly stumbled upon some weird TG channel and found a link to a library-like SaaS application. I clicked it, it took me to the site, and I saw the book, but it asked for a login. Then I logged in with a temp email, tried to download the file, but ended up needing to pay.
Huh, seriously? Nibba nah, nah
I intercepted the request. I saw the backend is Supabase and the frontend is on Vercel. Then I opened Burp and everything was there, like the download URL and hidden subdomain. I went to that subdomain, but only the devs can log in. But lucky me, I can request any book and download via interception. :)
Not a bad guy after all; I reported it to them ππππ
@AfroSec
I was minding my own business and suddenly stumbled upon some weird TG channel and found a link to a library-like SaaS application. I clicked it, it took me to the site, and I saw the book, but it asked for a login. Then I logged in with a temp email, tried to download the file, but ended up needing to pay.
Huh, seriously? Nibba nah, nah
I intercepted the request. I saw the backend is Supabase and the frontend is on Vercel. Then I opened Burp and everything was there, like the download URL and hidden subdomain. I went to that subdomain, but only the devs can log in. But lucky me, I can request any book and download via interception. :)
Not a bad guy after all; I reported it to them ππππ
@AfroSec
π₯8π2π«‘2β€1π1
Last spam of the day:
so kdm, which 11:30 PM Akababi local time Indeed, I went out with my bro to play PS, then the owner was initiating a kernel exploit to play FIFA 2026. I saw the logs on the screen and asked my bro; he said this is the jailbroken one, so Leza new Mnamn and i was like ufff ππ
i bet the dude dont know what actually happening behind the scene belew
@AfroSec
so kdm, which 11:30 PM Akababi local time Indeed, I went out with my bro to play PS, then the owner was initiating a kernel exploit to play FIFA 2026. I saw the logs on the screen and asked my bro; he said this is the jailbroken one, so Leza new Mnamn and i was like ufff ππ
i bet the dude dont know what actually happening behind the scene belew
@AfroSec
π€£7β€1π1
Forwarded from Mira
swift is kinda cool. been mAkInG this app recently. since tele's network is unbearable, i can't afford multiple processes hogging my network resource and leading it to basically unusable state. the catch with "stats" apps is you can't (or don't let you) execute sudo commands like killing the process directly from an interface.
so i am making mine to track both pure bandwith (apps currently downloading/uploading files) and lag (latency/bufferbloat) to measure packet loss or round-trip time (RTT) per process (discord packets are taking 300ms because steam is hogging the pipe kinda situations so that i can see if the issue is latency). then i can kill any process directly with a click of a button. it has both menu bar app and desktop standalone app
latency scoring β> bad-state connections + buffer saturation + connection count. also turned off app sandboxing so that i can access system-level PIDs and sockets lmao
P.S the attached image is a working app running inside Xcode
so i am making mine to track both pure bandwith (apps currently downloading/uploading files) and lag (latency/bufferbloat) to measure packet loss or round-trip time (RTT) per process (discord packets are taking 300ms because steam is hogging the pipe kinda situations so that i can see if the issue is latency). then i can kill any process directly with a click of a button. it has both menu bar app and desktop standalone app
latency scoring β> bad-state connections + buffer saturation + connection count. also turned off app sandboxing so that i can access system-level PIDs and sockets lmao
P.S the attached image is a working app running inside Xcode
π₯6β‘2
Rants of a deranged squirrel.
MSRC; Tell The Whole Story Please
Every so often, it seems that Microsoft Security Response Center (MSRC) likes to stick their proverbial foot in their mouth on the topic of vulnerability disclosure. The root issue is that collectiβ¦
I am today, yrs old, finding that Microsoft is a CVE Number Authority which has the ability to identify, assign, and publish CVEs. Damn, so the recent zero-days aren't assigned any number which means ...... hmm...π§π§π§
anyways i was reading this blog check it out
[ Blog ]
@AfroSec
anyways i was reading this blog check it out
[ Blog ]
@AfroSec
π₯4
AfroSec
damn, these kinds of weird things exist lol was using their wifi and u know me i love to mess with things and try to find connected users then this happened admin:admin on organizations router portal @AfroSec
Friendly reminder: change your MAC when you join public Wi-Fi in addition to using a VPN ππ
@AfroSec
@AfroSec
π6π―2π€1
LinkedIn
#cybersecuritynews | Gurubaran KS
π‘οΈ HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration | Source: https://lnkd.in/gAuJNiiz
A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurityβ¦
A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurityβ¦
https://www.linkedin.com/posts/gurubaran-cybersecuritynews_cybersecuritynews-share-7468489877790081025-PtW8/?utm_source=social_share_send&utm_medium=android_app&rcm=ACoAAEmsiKABMNf6vI8xWypuZmdaNAdjxziaP0o&utm_campaign=copy_link
@AfroSec
@AfroSec
π4