cKure Red
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability). PoC released for the bug exploited in attacks. https://blog.avast.com/avast-patches-microsoft-vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336 https://www.bโฆ
YouTube
CVE-2023-29336 Exploit Demo on Windows Server 2016
CVE-2023-29336 - Win32k Elevation of Privilege Vulnerability.
Our researcher just developed the exploit and passed testing on Windows Server 2016
Our researcher just developed the exploit and passed testing on Windows Server 2016
Zero-Day: Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away (AirGap).
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
Ars Technica
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.
Chinese hackers use DNS-over-HTTPS for Linux malware communication.
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/
Stairwell
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant โ Stairwell
Exploiting CVE-2023-33476 for remote code execution.
https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
hyprblog
chonked pt.2: exploiting cve-2023-33476 for remote code execution
second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite.
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite
SEC Consult
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.
Google Dork - Valuable Extensions.
site:"target[.]com" ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccessAnother approach of Threadless injection discovered by x.com/_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state.
โ This is untested code and could have unintended consequences.
https://github.com/TheD1rkMtr/D1rkInject
โ This is untested code and could have unintended consequences.
https://github.com/TheD1rkMtr/D1rkInject
X (formerly Twitter)
CCob๐ด๓ ง๓ ข๓ ท๓ ฌ๓ ณ๓ ฟ (@_EthicalChaos_) on X
Ceri Coburn: Hacker | Rฬทuฬทnฬทnฬทeฬทrฬท DIYer| Vizsla Fanboy and a Little Welsh Bull apparently ๐ด๓ ง๓ ข๓ ท๓ ฌ๓ ณ๓ ฟ
Author of poorly coded tools: https://t.co/P6tT2qQksC
Author of poorly coded tools: https://t.co/P6tT2qQksC
Damn Exploitable Android App - Abusing Info Leaks to bypass ASLR.
https://www.mobilehackinglab.com/blog/damn-exploitable-android-app-abusing-info-leaks-to-bypass-aslr
https://www.mobilehackinglab.com/blog/damn-exploitable-android-app-abusing-info-leaks-to-bypass-aslr
Mobilehackinglab
Damn Exploitable Android App - Abusing Info Leaks to bypass ASLR
Dive into our latest blog to learn a clever technique for exploiting format string vulnerabilities to bypass ASLR, revealing key memory addresses and targeting the Damn Exploitable Android App.
Exploiting A Flaw In Bitmap Handling In Windows User-mode Printer Drivers.
https://www.zerodayinitiative.com/blog/2023/8/1/exploiting-a-flaw-in-bitmap-handling-in-windows-user-mode-printer-drivers
https://www.zerodayinitiative.com/blog/2023/8/1/exploiting-a-flaw-in-bitmap-handling-in-windows-user-mode-printer-drivers
Zero Day Initiative
Zero Day Initiative โ Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers
In this guest blog from researcher Marcin Wiฤ
zowski, he details CVE-2023-21822 โ a Use-After-Free (UAF) in win32kfull that could lead to a privilege escalation. The bug was reported through the ZDI program and later patched by Microsoft. Marcin hasโฆ
STUXNET - TACTICS & TECHNIQUES.pdf
3.1 MB
A brief peak onto one of the world's most high profile cases involving nation state actors, millions of dollars and thousands of hours of work involving 5 countries across 3 continents over at least half a decade.
This function combines all the above functions and takes necessary information from the user to change the IP and MAC address, start the responder and tcpdump tools, and run the nbtscan tool.
https://github.com/alperenugurlu/Nac_Bypass_Agent
https://github.com/alperenugurlu/Nac_Bypass_Agent
GitHub
GitHub - alperenugurlu/Nac_Bypass_Agent: This function combines all the above functions and takes necessary information from theโฆ
This function combines all the above functions and takes necessary information from the user to change the IP and MAC address, start the responder and tcpdump tools, and run the nbtscan tool. - alp...
Sites scramble to block ChatGPT web crawler after instructions emerge.
https://arstechnica.com/information-technology/2023/08/openai-details-how-to-keep-chatgpt-from-gobbling-up-website-data/
User agent token: GPTBot
Full user-agent string: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.0; +https://openai.com/gptbot)https://arstechnica.com/information-technology/2023/08/openai-details-how-to-keep-chatgpt-from-gobbling-up-website-data/
Ars Technica
Sites scramble to block ChatGPT web crawler after instructions emerge
Restrictions don't apply to current OpenAI models, but will affect future versions.
Cyber-War by Russia: SandWorm group's latest Operation
Android malware + Tor + Mirai +dropbear = Anonymous attack exploit chain.
https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/SBU%20exposes%20russian%20intelligence%20attempts%20to%20penetrate%20Armed%20Forces'%20planning%20operations%20system.pdf
Android malware + Tor + Mirai +dropbear = Anonymous attack exploit chain.
https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/SBU%20exposes%20russian%20intelligence%20attempts%20to%20penetrate%20Armed%20Forces'%20planning%20operations%20system.pdf
GitHub
APT_REPORT/Sandworm/SBU exposes russian intelligence attempts to penetrate Armed Forces' planning operations system.pdf at masterโฆ
Interesting APT Report Collection And Some Special IOC - blackorbird/APT_REPORT
Sundown: anonfiles.com for sale.
AnonFiles, the anonymous file upload and sharing website, has decided to call it a quits today. When attempting to visit their website you are greeted with a farewell message.
AnonFiles, the anonymous file upload and sharing website, has decided to call it a quits today. When attempting to visit their website you are greeted with a farewell message.
United States: A Warning from the NSA, CISA and NIST on Post-Quantum Cryptography.
https://medium.com/asecuritysite-when-bob-met-alice/a-warning-from-the-nsa-cisa-and-nist-on-post-quantum-cryptography-fc406a5ade71
https://medium.com/asecuritysite-when-bob-met-alice/a-warning-from-the-nsa-cisa-and-nist-on-post-quantum-cryptography-fc406a5ade71
Medium
All Change in Cybersecurity!
A Warning from the NSA, CISA and NIST on Post-Quantum Cryptography