cKure

■■■■■ #CPR #CheckPoint #News #Research #Android

This is an example of persistent #ZeroDay which cannot be removed even by the patch. As the libraries derived from open source code (having zeroday) remains vulnerable. Read article for details.

https://research.checkpoint.com/2019/long-known-vulnerabilities-in-high-profile-android-applications/

Check Point Research

Long-known Vulnerabilities in High-Profile Android Applications - Check Point Research

Research by: Slava Makkaveev Introduction Most mobile users understandably worry about known vulnerabilities in the core operating system of their devices, which can give an attacker complete control over their mobile phones, and about zero-day vulnerabilities…

889 viewsedited 19:03

cKure

cKure pinned «■■■■■ #GoodRead Creating #malware with #AV or #VM / #SandBox evasion https://www.cyberbit.com/blog/endpoint-security/anti-vm-and-anti-sandbox-explained/»

19:03

cKure

■■■■□ #GoodRead #Google #ProjectZero

https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html

projectzero.google

Bad Binder: Android In-The-Wild Exploit

Posted by Maddie Stone, Project ZeroIntroductionOn October 3, 2019, we disclosed issue 1942 (CVE-...

880 views09:34

cKure

■■■■■ #Breaking | #Tool release | #CloudFlare's network vulnerability scanner with user friendly interface.

Supports #docker, cloud implementation.

Supports very large networks.

#Nmap + #Vulners = #FlanScan
Accurate but slower than many scanners. Generates actionable report.

Good for #compliance scans as well.

https://blog.cloudflare.com/introducing-flan-scan/amp/

1.51K views11:28

cKure

■■□□□ #DataBreach

https://www.hackread.com/hackers-access-customer-data-t-mobile-data-breach/

Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News

Hackers access customer data in latest T-Mobile data breach

Like us on Facebook @ /HackRead

1.05K views13:04

cKure

We have migrated from rotten.co.in to cKure.xyz and added SSL STRIP feature.

If your tool integrations do not support encrypted communications, use plain HTTP.

Want a feature to be added, drop your queries to telegram ID @AamerShah.

This is a free project and you can contribute as well.

933 views10:24

cKure

■□□□□ #UAE #AbuDhabi police arrest 25 Asians for bank fraud using social engineering.

https://gulfnews.com/uae/29-arrested-for-bank-frauds-across-uae-1.68029836

Gulf News

29 arrested for bank fraud across UAE

Abu Dhabi Police along with Dubai, Ajman police bust four gangs

947 views13:14

cKure

■■■■□ #XXE #payloads

https://www.peerlyst.com/posts/xml-external-entity-xxe-injection-payload-list-ismail-tasdelen

988 views18:58

cKure

■■■■□ #PDF analysers

https://zeltser.com/online-tools-for-malicious-pdf-analysis/

Zeltser

4 Free Online Tools for Examining Suspicious PDFs

In an earlier post I outlined 6 free local tools for examining PDF files. There are also several handy web-based tools you can use for analyzing suspicious PDFs without having to install any tools. Th

1.1K views06:16

cKure

■■■□□ #GoodRead #OSINT

https://medium.com/@micallst/osint-resources-for-2019-b15d55187c3f

Medium

OSINT Resources for 2019

Let’s take a look at some essential OSINT resources plus recent developments in the areas of data, tooling, content and community.

1.16K views14:00

cKure

■■■■■ #GoodRead #Windows #Credential theft

https://amp.kitploit.com/2019/11/rdpthief-extracting-clear-text.html

KitPloit - PenTest & Hacking Tools

RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking

979 views14:05

cKure

■■■■■ #Browser #XSS filter bypass.

#CheatSheet

https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet

GitHub

Browser's XSS Filter Bypass Cheat Sheet

Browser's XSS Filter Bypass Cheat Sheet. Contribute to masatokinugawa/filterbypass development by creating an account on GitHub.

909 views04:14

cKure

■■□□□ #DataBreach of #OnePlus (1+) store yet again.

Leaked data: email, phone number and address.

https://www.livemint.com/technology/tech-news/hackers-hit-oneplus-online-store-again-data-leaked/amp-11574504589382.html

mint

Hackers hit OnePlus' online store again, data leaked

OnePlus did not disclose how many users in which parts of the world were affected by the data breach on its website.Users who were hit by the breach may receive spam and phishing emails as a result of this incident

928 views04:17

cKure

■■■□□ #DataBreach

https://www.wired.com/story/billion-records-exposed-online/

Potential Source: https://www.bbc.com/news/technology-28654613

WIRED

1.2 Billion Records Found Exposed Online in a Single Server

Here's the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

1.01K views04:46

cKure

■□□□□ #Tool update #MimiKatz

https://github.com/gentilkiwi/mimikatz/releases

GitHub

Releases · gentilkiwi/mimikatz

A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.

1.07K views18:41

cKure

■■■■□ #IPv4 exhausted

https://www.zdnet.com/google-amp/article/europe-just-ran-out-of-new-ipv4-addresses/

1.09K views04:05

cKure

■■□□□ #Twitter #TelCo

Twitter will not consider SMS based OTP as mandatory trusted input for 2FA.

Software based OTP replaces GSM based communication.

937 views08:47

cKure